{ "Event": { "analysis": "1", "date": "2026-03-05", "extends_uuid": "", "info": "[Threat Intel] South American telecommunication providers targeted with three new malware implants", "protected": false, "publish_timestamp": "1773274392", "published": true, "threat_level_id": "2", "timestamp": "1773274392", "uuid": "d55314d1-e591-464b-bb55-f3c000ba9228", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#7c6ad9", "local": false, "name": "misp-galaxy:producer=\"Cisco Talos Intelligence Group\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#aad818", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SSH - T1021.004\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"005 - South America\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"GhostEmperor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772852412", "to_ids": false, "type": "link", "uuid": "83cce44b-b02d-4437-a360-9953911a4927", "value": "https://blog.talosintelligence.com/uat-9244/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772852412", "to_ids": false, "type": "text", "uuid": "1be67e5b-df5c-460b-9d9f-41f346efbafa", "value": "UAT-9244, a China-nexus advanced persistent threat actor, has been targeting critical telecommunications infrastructure in South America since 2024. The group employs three new malware implants: TernDoor, a Windows-based backdoor variant of CrowDoor; PeerTime, an ELF-based backdoor using BitTorrent protocol; and BruteEntry, a brute force scanner for SSH, Postgres, and Tomcat servers. UAT-9244 uses dynamic-link library side-loading, scheduled tasks, and registry modifications for persistence. The group is closely associated with FamousSparrow and Tropic Trooper, sharing similar tooling and tactics. Their infrastructure includes multiple command and control servers and operational relay boxes for scanning and brute-forcing activities." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772852412", "to_ids": false, "type": "text", "uuid": "461889e3-a0fd-4b64-8826-ef53ffa7224e", "value": "Name: South American telecommunication providers targeted with three new malware implants\nAuthor: AlienVault\nAdversary: UAT-9244\nTags: [\"crowdoor\", \"telecommunications\", \"apt\", \"bittorrent\", \"china-nexus\", \"terndoor\", \"south america\", \"peertime\", \"bruteentry\"]\nTgtd countries: []\nMlwr families: [\"TernDoor\", \"PeerTime\", \"BruteEntry\", \"CrowDoor\"]\nAttack_ids: [\"T1053.005\", \"T1033\", \"T1021.004\", \"T1082\", \"T1140\", \"T1055\", \"T1112\", \"T1016\", \"T1083\", \"T1036.004\", \"T1057\", \"T1110\", \"T1571\", \"T1027\", \"T1573.002\", \"T1059.003\", \"T1070.004\", \"T1518\", \"T1574.002\"]\nIndustries: [\"Telecommunications\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1772852412", "to_ids": false, "type": "threat-actor", "uuid": "4b04d3bc-b087-480e-9ca7-4ee8e64c8d14", "value": "UAT-9244" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022158", "to_ids": true, "type": "ip-dst", "uuid": "edfec6fc-bd6f-4515-9b18-d63f98c99d2d", "value": "154.205.154.194", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022179", "to_ids": true, "type": "ip-dst", "uuid": "55866326-6377-40bb-aba9-c23f325861db", "value": "154.205.154.65", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022200", "to_ids": true, "type": "ip-dst", "uuid": "5005cb1c-6845-44e1-a69b-dff649485da7", "value": "154.205.154.70", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022221", "to_ids": true, "type": "ip-dst", "uuid": "d333f48d-5576-4012-9292-79bd7bf0a7a6", "value": "154.205.154.82", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022242", "to_ids": true, "type": "ip-dst", "uuid": "106623da-e3e2-4b07-b979-aeb06d9f99e7", "value": "154.223.21.130", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022263", "to_ids": true, "type": "ip-dst", "uuid": "baa9ea49-cdd5-4c16-84aa-d474b454e336", "value": "154.223.21.194", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022285", "to_ids": true, "type": "ip-dst", "uuid": "0056a650-9e35-486e-a2f0-733bd5ef0f08", "value": "185.196.10.247", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022307", "to_ids": true, "type": "ip-dst", "uuid": "1ca9f634-3d1a-4151-89da-5b339c05f8bc", "value": "185.196.10.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022328", "to_ids": true, "type": "ip-dst", "uuid": "d4b7d03a-4521-4bd9-8137-09652383addd", "value": "212.11.64.105", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022349", "to_ids": true, "type": "ip-dst", "uuid": "1c22fce7-244e-4c41-a0d4-aa5ba7584606", "value": "38.54.125.134", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022370", "to_ids": true, "type": "ip-dst", "uuid": "8396afd1-d9f3-442a-9886-cffbe9d2b3bc", "value": "38.60.199.34", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022391", "to_ids": true, "type": "ip-dst", "uuid": "4c2449bf-44f7-4c59-9a5b-e9adaea2c219", "value": "64.190.113.170", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022412", "to_ids": true, "type": "ip-dst", "uuid": "87c043e4-c815-424e-998f-f15539ef71ed", "value": "64.95.10.253", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022434", "to_ids": true, "type": "domain", "uuid": "9b11c71a-24a0-44fa-8256-8aa25a0e807b", "value": "bloopencil.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022455", "to_ids": true, "type": "domain", "uuid": "a8da2fa3-d929-48ca-9701-91cf325c2251", "value": "xcit76.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773022476", "to_ids": true, "type": "domain", "uuid": "bfd616b3-74f4-4f31-a1aa-8ec2cfa4f9cf", "value": "xtibh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "UAT-9244 C2 IPs used by TernDoor", "deleted": false, "disable_correlation": false, "timestamp": "1773011031", "to_ids": true, "type": "ip-dst|port", "uuid": "b962f14b-a84b-4bf8-9899-99a79f6ff605", "value": "154.205.154.82|443" }, { "category": "Network activity", "comment": "UAT-9244 C2 IPs used by TernDoor", "deleted": false, "disable_correlation": false, "timestamp": "1773011031", "to_ids": true, "type": "ip-dst|port", "uuid": "eda59b86-a332-41b9-adcc-71e5861a07dd", "value": "207.148.121.95|443" }, { "category": "Network activity", "comment": "UAT-9244 C2 IPs used by TernDoor", "deleted": false, "disable_correlation": false, "timestamp": "1773011031", "to_ids": true, "type": "ip-dst|port", "uuid": "e21b5396-b5ae-4656-8ac8-5777848c8ed0", "value": "207.148.120.52|443" }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022497", "to_ids": true, "type": "ip-dst", "uuid": "3d2ad281-175d-4678-95d3-e7c04b160853", "value": "149.28.25.33", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022518", "to_ids": true, "type": "ip-dst", "uuid": "1cff26d3-bd7f-4634-aecf-0efc86fbedc2", "value": "158.247.238.240", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022539", "to_ids": true, "type": "ip-dst", "uuid": "38bb3435-84b2-45e9-8870-d747b768a2db", "value": "216.238.112.222", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022561", "to_ids": true, "type": "ip-dst", "uuid": "8670df8d-68dd-41cb-80e9-6947b02a42d9", "value": "216.238.123.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022582", "to_ids": true, "type": "ip-dst", "uuid": "5fa61acc-2482-4fb1-8662-06a5cc59c9d8", "value": "216.238.94.37", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022603", "to_ids": true, "type": "ip-dst", "uuid": "c4c59045-62b4-4a84-8d01-c39a2646c430", "value": "45.32.106.94", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022625", "to_ids": true, "type": "ip-dst", "uuid": "ce8f699a-15f3-478e-abd5-f8650062b3c8", "value": "45.77.34.194", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022646", "to_ids": true, "type": "ip-dst", "uuid": "5e6824b6-dbed-4965-884a-a38215279825", "value": "45.77.41.141", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspected UAT-9244 IPs", "deleted": false, "disable_correlation": false, "timestamp": "1773022667", "to_ids": true, "type": "ip-dst", "uuid": "2033ba68-895c-4183-91bc-b5a29045ce0c", "value": "47.76.100.159", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021550", "to_ids": true, "type": "sha256", "uuid": "2fa8d2f9-7fe9-40cd-b50d-881f4eb58b2f", "value": "1cedf01dd4b7e50181d0e781825c66957b862941395d77c8bd7705114f319c80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021550", "to_ids": true, "type": "sha256", "uuid": "5190c5ab-c29f-4570-b593-0eee8d792660", "value": "f3e899789b56429f483e5096e1f473335024f1f763e2d428132338e30352b89e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021551", "to_ids": true, "type": "sha256", "uuid": "69d5ee41-fdea-42a7-93d5-7acf610f2a23", "value": "6ec070457d1f6f239cb02c5e1576a3660cca98f3a07eec6e4e107f698d7fe555", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021552", "to_ids": true, "type": "sha256", "uuid": "13b218d7-acde-4b97-ad41-e6dfaeef1dab", "value": "15d937803f90c2b9e277ff94d3e98ff30015ecc7f4623a158e3c98861e5cb278", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021554", "to_ids": true, "type": "sha256", "uuid": "f6818c7c-f054-482d-8864-c20b7a9689a9", "value": "7b70cd956f082b1029d02b4cb7608893f2de7fa9c500d7d7febdd0f745ac3cb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021555", "to_ids": true, "type": "sha256", "uuid": "dd19a0d8-9e3b-45c5-b10b-0ff7634f3eb5", "value": "d78b3c6df8f3756a7e310cf7435fdba201dd03ec9f97420a0db683489a01a7c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021556", "to_ids": true, "type": "sha256", "uuid": "c9da379e-6950-4386-8e7e-3b66e69653f4", "value": "3fcadde4b414a18b2fed56c1ec59d97977123615fbbf411a1c78425445a6e71c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021557", "to_ids": true, "type": "sha256", "uuid": "0042f596-6d36-4bac-ac79-b37a4a204a03", "value": "3d9fbfc2c056eac857ba54e5ed134aa45a4b8322ee9f9353ba32e5b2ca71b0e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022689", "uuid": "1e101ec1-ecd9-41eb-af69-7085ae2d0920", "Attribute": [ { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022689", "to_ids": true, "type": "md5", "uuid": "a1d6775d-6622-4218-b531-1991a375e0d5", "value": "e81e06a98494d3a207a9406b87ebcf7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021510", "to_ids": true, "type": "sha1", "uuid": "6864d4e5-cbf1-49f0-b5a7-f7de7cf04da3", "value": "8d4fea00c24eaefdaa77781648bafda7b9eceafc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021511", "to_ids": true, "type": "sha256", "uuid": "934ffd02-1c35-4345-a1cb-d7b763433761", "value": "711d9427ee43bc2186b9124f31cba2db5f54ec9a0d56dc2948e1a4377bada289", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020431", "to_ids": true, "type": "ssdeep", "uuid": "96ac1095-1b42-432f-b357-028a4a83ad64", "value": "1536:7jKZINBMC1qdzcSzxFtNbpElP6JLFXsW7SId09dl01YUN:HKZIPv1IzcaZNbp8P6lFtLMu1Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020431", "to_ids": false, "type": "size-in-bytes", "uuid": "9599d5ee-03af-40f0-95df-b0bd832625a7", "value": "93184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020431", "to_ids": true, "type": "vhash", "uuid": "9df7aab5-f114-4ce5-a349-4d44114b3c5f", "value": "194076655d155515155az42!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020431", "to_ids": true, "type": "filename", "uuid": "6549f511-a264-4c96-9f1c-4c9243552dab", "value": "711d9427ee43bc2186b9124f31cba2db5f54ec9a0d56dc2948e1a4377bada289.exe" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020431", "to_ids": false, "type": "text", "uuid": "33ebe68e-4545-4afd-b1a2-0e8ff9c03d58", "value": "TernDoor Loader DLL\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:31/72\nFirst Submission:2025-01-09T00:52:01.000000+00:00\nLast Submission:2026-03-08T22:43:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022710", "uuid": "da8da371-2041-4021-846f-237a09b2eea0", "Attribute": [ { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022710", "to_ids": true, "type": "md5", "uuid": "2d4cdf5e-0d43-49de-b067-2ef2cc8f0ca1", "value": "12ad67761f785db7405de3c0ea76ff09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021512", "to_ids": true, "type": "sha1", "uuid": "5085cb02-e53c-461a-91a6-0fb3b0eae98e", "value": "fb49fa003a94a176d0f16b66a40691fb3215d732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021512", "to_ids": true, "type": "sha256", "uuid": "d1f1aff2-ded6-4aff-8283-47fde1db0cbd", "value": "3c098a687947938e36ab34b9f09a11ebd82d50089cbfe6e237d810faa729f8ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020452", "to_ids": true, "type": "ssdeep", "uuid": "a291e884-b34b-4070-a754-dd9900a350a1", "value": "1536:p9q9ax5bfVDsJtJVSBhcGgP7ixgK+GJ92zsWOrId09dl3ABC8bvbj:pEcx5bRsJDVI6G+ixgKfL202M1ABjP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020452", "to_ids": false, "type": "size-in-bytes", "uuid": "092cc407-3d87-4d05-ba68-41da092846a9", "value": "93184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020452", "to_ids": true, "type": "vhash", "uuid": "400a1ff9-e52a-41e4-a804-ace2b6c4c268", "value": "194076655d155515155az43!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020452", "to_ids": true, "type": "filename", "uuid": "3b637a8d-c04f-489e-9df8-8dcf593c1b42", "value": "BugSplatRc64.dll" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020452", "to_ids": false, "type": "text", "uuid": "4b154f89-0060-4655-85f0-27109c135c86", "value": "TernDoor Loader DLL\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/CobaltStrike.IV!MTB\nVT Total Detection:38/72\nFirst Submission:2024-12-24T02:26:51.000000+00:00\nLast Submission:2025-07-29T15:02:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022731", "uuid": "3480bfe0-3dc9-456e-8870-1b9c6e0b764f", "Attribute": [ { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022731", "to_ids": true, "type": "md5", "uuid": "b89cf0e5-22d2-41e5-a109-5b2f3a9cda70", "value": "64994512c3ae8b69f9f65a549c16081d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021513", "to_ids": true, "type": "sha1", "uuid": "4640d60d-37bf-4c07-abf0-ce7eea3108c3", "value": "e901acd568a19b4b08c40284f04a7a3ecfd1ad91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TernDoor Loader DLL", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021513", "to_ids": true, "type": "sha256", "uuid": "7a1c281f-f494-451e-ab32-d36e45f9a957", "value": "f36913607356a32ea106103387105c635fa923f8ed98ad0194b66ec79e379a02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020474", "to_ids": true, "type": "ssdeep", "uuid": "d4c633e2-b9e8-4e4a-a69f-749a5e0bd358", "value": "24576:DLkz+4j1vh3vN1TMO8nYZCXXRE+6OF7luTZbRdC:Ez+m1aO8nYZkV6OqT1y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020474", "to_ids": false, "type": "size-in-bytes", "uuid": "cdf34131-6042-4721-8cb0-f9f5f424578e", "value": "961402" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020474", "to_ids": true, "type": "vhash", "uuid": "81c043b1-a680-4033-9e95-b8b4a7973cca", "value": "b0bd9b5b27e484dafd8d829d4ab3ed7e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020474", "to_ids": true, "type": "filename", "uuid": "b49327cd-97c2-419d-bb72-2a85a4d01e70", "value": "rar.zip" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 08/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020474", "to_ids": false, "type": "text", "uuid": "e6bf732b-6615-48bd-9b3b-7417a6ec2abf", "value": "TernDoor Loader DLL\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:33/68\nFirst Submission:2024-12-24T02:19:47.000000+00:00\nLast Submission:2024-12-24T02:19:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022752", "uuid": "eba16401-18df-4241-a5bf-e02e4367156c", "Attribute": [ { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022752", "to_ids": true, "type": "md5", "uuid": "2e0c8055-328d-408d-bc38-3ba545252494", "value": "9713344fdd4c611ed00a0aae98a733b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021514", "to_ids": true, "type": "sha1", "uuid": "64edccff-a8e0-4cbb-aed0-e00b5bc5aa2f", "value": "10806b428a803f2e4b7e1e8a2a0b42797e59fc3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021514", "to_ids": true, "type": "sha256", "uuid": "fb09d31f-e862-462b-b77a-251f8a8241f1", "value": "a5e413456ce9fc60bb44d442b72546e9e4118a61894fbe4b5c56e4dfad6055e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020496", "to_ids": true, "type": "ssdeep", "uuid": "93e3bf41-71b1-495e-ac8d-409d4f2392a4", "value": "12288:qHhbE5EPnvoaSiHMfAJzgiJtzI/Ox8nMWBjAeqC3BXsETyj:okEPnvhflN1zIy8nMfCxXsE+j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020496", "to_ids": false, "type": "size-in-bytes", "uuid": "f747bff3-b4ea-4958-99d7-5cff8745fcaf", "value": "654119" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020496", "to_ids": true, "type": "filename", "uuid": "f10a5e1d-c17e-4a19-9133-de1a54d31fb1", "value": "WSPrint.dll" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 07/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020496", "to_ids": false, "type": "text", "uuid": "7f0ee60f-43bc-4565-85f0-b9f502389768", "value": "Encoded TernDoor payload\r\nType Description: unknown\nMicrosoft: None\nVT Total Detection:5/62\nFirst Submission:2024-12-24T03:27:03.000000+00:00\nLast Submission:2025-01-14T05:33:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022775", "uuid": "b7c80044-c4d8-4fa4-8d11-38ca9085c643", "Attribute": [ { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022775", "to_ids": true, "type": "md5", "uuid": "743de9c3-b90b-423f-b653-7ae15538df67", "value": "82b319c234cdbe657cc392483c33ea47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021515", "to_ids": true, "type": "sha1", "uuid": "5e442e81-083e-4a40-9198-903ab8d4322d", "value": "35ebde7a35047f2b92c1b49468a6c28f6391d904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021515", "to_ids": true, "type": "sha256", "uuid": "b8f79b66-3a73-4730-969a-7f294ab3699b", "value": "075b20a21ea6a0d2201a12a049f332ecc61348fc0ad3cfee038c6ad6aa44e744", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020517", "to_ids": true, "type": "ssdeep", "uuid": "f93837b8-23a8-4b41-ac5f-3f3b9bc0b9ba", "value": "12288:OSeX5Kk98SDHU9tjhgVfnbSy/Txw2Z96xZpLI3kCHJ1XL1gQFAxN0t:Deb98xr8vbSyLxw26x8DHJ1XL1exut" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020517", "to_ids": false, "type": "size-in-bytes", "uuid": "dfa35a3a-1118-4822-9a9d-381a51bfdc54", "value": "654119" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020517", "to_ids": true, "type": "filename", "uuid": "f8d7bc81-8dad-44c0-9220-6abd4b398a92", "value": "WSPrint.dll" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020517", "to_ids": false, "type": "text", "uuid": "e4a4dd42-654c-4a07-a796-bde1e344b70f", "value": "Encoded TernDoor payload\r\nType Description: unknown\nMicrosoft: None\nVT Total Detection:13/62\nFirst Submission:2025-04-28T08:38:56.000000+00:00\nLast Submission:2025-04-28T08:38:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022796", "uuid": "d44fe1d6-9c43-41fb-818f-d51a93e42aba", "Attribute": [ { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022796", "to_ids": true, "type": "md5", "uuid": "c137dce5-2dfc-4319-90d7-de844c15d88b", "value": "835368e61007a64538880bd61fa23778", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021516", "to_ids": true, "type": "sha1", "uuid": "85f42799-1396-4542-a5ce-11d1c31ba622", "value": "1dda8e3e7dd9ea609571e1d8ffa7a72bb35cfe0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encoded TernDoor payload", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021516", "to_ids": true, "type": "sha256", "uuid": "3512f40f-8f74-422d-9700-b5b5fd33af54", "value": "1f5635a512a923e98a90cdc1b2fb988a2da78706e07e419dae9e1a54dd4d682b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020539", "to_ids": true, "type": "ssdeep", "uuid": "80bf32f0-df33-460c-8c71-fb7315fd70de", "value": "12288:LiYHUQWZgbtEpVPxmn+SN9dBQQNp3BS9FGNtCum:LvHUrZghySNppRSqK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020539", "to_ids": false, "type": "size-in-bytes", "uuid": "2e275946-66b0-44e7-be95-130433662739", "value": "653965" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020539", "to_ids": true, "type": "filename", "uuid": "3e3ab2f8-fc42-48d7-925f-cd82ad429ddd", "value": "WSPrint.dll" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 07/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020539", "to_ids": false, "type": "text", "uuid": "b075d9fd-c265-46a6-a21e-679cc301069d", "value": "Encoded TernDoor payload\r\nType Description: unknown\nMicrosoft: None\nVT Total Detection:1/64\nFirst Submission:2025-01-09T00:52:53.000000+00:00\nLast Submission:2025-01-09T00:52:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022818", "uuid": "3d48936a-9182-482f-81bf-cea8ff65823f", "Attribute": [ { "category": "Payload delivery", "comment": "Windows driver", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022818", "to_ids": true, "type": "md5", "uuid": "58afee53-fab2-44f7-af45-afccc5dd2c07", "value": "7db7d6e1db435ef7ecf8aab23ab861dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Windows driver", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021518", "to_ids": true, "type": "sha1", "uuid": "8a2cc40a-0daf-4264-a1f4-9326d43b2ab9", "value": "932de74fe1781867a95e5ff7df93d8770533ce9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Windows driver", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021518", "to_ids": true, "type": "sha256", "uuid": "af9b4412-d03d-49de-a8ed-cdd7bf237a35", "value": "2d2ca7d21310b14f5f5641bbf4a9ff4c3e566b1fbbd370034c6844cedc8f0538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020561", "to_ids": true, "type": "ssdeep", "uuid": "3ccb1bed-4826-4a17-8dda-01e12d6b5962", "value": "384:2gniVI+S0lHnzaM4POd3CY0HNWsOFWmjqvp0UKLVeMDvJ:JnISWaj2d3CYC7Auc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020561", "to_ids": false, "type": "size-in-bytes", "uuid": "ed4abfa4-91c5-468f-afa3-5deb7064e179", "value": "26720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020561", "to_ids": true, "type": "vhash", "uuid": "75044da4-aae6-4f8d-9839-f55837057205", "value": "024056651d151e5iz3exz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020561", "to_ids": true, "type": "filename", "uuid": "370905e7-4cb1-4261-84e3-04154a1254dd", "value": "WSPrint.sys" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020561", "to_ids": false, "type": "text", "uuid": "49ceb12d-cbc7-474a-84a9-238ce8ccda89", "value": "Windows driver\r\nType Description: Win32 EXE\nMicrosoft: PUA:Win32/Kuping\nVT Total Detection:38/72\nFirst Submission:2025-11-20T17:43:53.000000+00:00\nLast Submission:2025-11-20T17:43:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022839", "uuid": "a12f8eae-4dfc-4d34-b243-79aaf45e8b56", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022839", "to_ids": true, "type": "md5", "uuid": "5ae303cc-1cda-4d96-9808-312a16f134d7", "value": "34bdc917c6292f4eaad7d905053880bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021519", "to_ids": true, "type": "sha1", "uuid": "3dad9f51-59d8-4350-9eab-b0a8a913f63f", "value": "1baee2a0bd79ac54a70a7c18f307db1b6d7a8a02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021519", "to_ids": true, "type": "sha256", "uuid": "9dcc3ba4-b649-4917-af35-9c6a20bb5970", "value": "ebcb2691b7c92cdf2b2ff5e2d753abeea8cb325c16596cd839e6bd147f80e38a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020583", "to_ids": true, "type": "ssdeep", "uuid": "2b9304f7-73bb-4d70-aa71-314b04dd75d1", "value": "3:3JyKFKuVfNGgUm0tdsCLIKFKuV5/zRM5GKj6jdQBidFLKCF:3JZFZX4mCL3FZ5/zRAGKe2u+CF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020583", "to_ids": false, "type": "size-in-bytes", "uuid": "16367347-05f8-479b-a071-c0a86fc607fa", "value": "147" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020583", "to_ids": true, "type": "filename", "uuid": "5236d9c0-66f1-4d8f-b9ae-000beb4a9af0", "value": "b.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 08/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020583", "to_ids": false, "type": "text", "uuid": "f3d35daa-6bce-4ac8-a018-ec1bdbeb984c", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:6/62\nFirst Submission:2025-06-17T22:07:13.000000+00:00\nLast Submission:2025-06-17T22:07:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022860", "uuid": "7a4a0d94-04ff-4495-894e-0e7cd1671496", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022860", "to_ids": true, "type": "md5", "uuid": "139aae7b-d1b6-49a9-b8c9-eac15647c7a3", "value": "95181364e81577490a1a2facb7aa7baf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021520", "to_ids": true, "type": "sha1", "uuid": "e0b452cf-d3fd-4456-803e-e2a3d1dde16b", "value": "fc84bd41ce5359992d126a4978ed15d302d93e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021521", "to_ids": true, "type": "sha256", "uuid": "0818c94a-4ddf-4acd-b877-364df747aa5b", "value": "00735a8a50d2856c11150ef1e29c05acebce7ad3edad00e37c7f043aacb46330", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020605", "to_ids": true, "type": "ssdeep", "uuid": "f123a450-7502-4ffb-afdc-70dff6a04efb", "value": "24:ZGZ5sjQ5srU5sct5sDXK95sBA5sPS5s1seY5swsgXrEKUHVevrvrY5F:el5RbjHh/vzY7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020605", "to_ids": false, "type": "size-in-bytes", "uuid": "7bbd9aeb-6582-4854-9a0d-179deec5064b", "value": "3935" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020605", "to_ids": true, "type": "filename", "uuid": "54e65d11-70d9-459f-b89d-1e066723a5d2", "value": "gs1.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020605", "to_ids": false, "type": "text", "uuid": "a5461cde-a7f7-47f1-a397-3f6831dfead1", "value": "PeerTime installation script\r\nType Description: MAKEFILE\nMicrosoft: None\nVT Total Detection:9/62\nFirst Submission:2025-06-17T22:02:37.000000+00:00\nLast Submission:2025-06-17T22:02:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022881", "uuid": "52310311-0400-48e6-a422-f1db41c97cfa", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022881", "to_ids": true, "type": "md5", "uuid": "7fb11fe3-dcf2-4555-bab5-cf691bdd1cbc", "value": "c79d0f04393f7f682c378986be5e48c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021522", "to_ids": true, "type": "sha1", "uuid": "451498af-d270-474c-8555-46db29899b2d", "value": "3015096f178b7978a156f32bbadab7e964c6a57b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021522", "to_ids": true, "type": "sha256", "uuid": "10ee78dd-0e0d-4705-80ea-45e9159f6eec", "value": "74fbc8360d4c95d64d7acaa4d18943dce2d41f91d080b0b5e435d8bce52861a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020627", "to_ids": true, "type": "ssdeep", "uuid": "5121ddc5-e5c8-4454-951d-d9a3ae3fb6af", "value": "24:Lr4Uz57LL57vxge57vkgH57Qpipp957Bv57X157w7FY57N7m1PiMi5rpjLhnaSaP:NdhGeh1HCqj/TDfTpV9tYr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020627", "to_ids": false, "type": "size-in-bytes", "uuid": "5b1bdab6-84b8-41fc-b9fb-a2be8ee93b82", "value": "3908" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020627", "to_ids": true, "type": "filename", "uuid": "0ca776ef-a5de-4046-ab47-f2f2f0658765", "value": "unbound_all.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 08/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020627", "to_ids": false, "type": "text", "uuid": "5cf0cc44-26a7-4172-a075-7d00936fd79c", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:13/62\nFirst Submission:2025-05-26T10:05:25.000000+00:00\nLast Submission:2025-05-27T18:31:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022902", "uuid": "c1b4ff29-0c67-44f4-97bb-c5e0de8790de", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022902", "to_ids": true, "type": "md5", "uuid": "74bbf37b-d5fc-4aa8-befe-e5fd5d447546", "value": "8b3a167a870064245f9786e090e8cf82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021523", "to_ids": true, "type": "sha1", "uuid": "602e1165-6c48-4314-adad-dc8384de3d21", "value": "384059919f0212f435c20df2dd44852e6ddb054a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021523", "to_ids": true, "type": "sha256", "uuid": "091ee993-588e-4100-87e8-a7ab123da5c4", "value": "babc81fc9c998e9dc4ab545f0e112e34d2641e1333bc81aaa131abd061a5b604", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020649", "to_ids": true, "type": "ssdeep", "uuid": "fd565756-5fe5-49aa-a4db-634b66927285", "value": "24:L9fOrfzjY9Rr8jY9rPrrejY9ryrrHjY94Ur49jY9rrKjY9trIjY90dr0YjY9xdrx:pKzj5jZjVjRjJjZjXjknYj0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020649", "to_ids": false, "type": "size-in-bytes", "uuid": "7de1f3d2-506d-4128-b4ea-321a56052ed5", "value": "1770" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020649", "to_ids": true, "type": "filename", "uuid": "dd0b7ed4-2373-4866-b024-429604d0331b", "value": "EER6Es" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 07/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020649", "to_ids": false, "type": "text", "uuid": "f2946aa2-f323-4299-b137-12545e8513a3", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:20/62\nFirst Submission:2025-05-31T04:04:06.000000+00:00\nLast Submission:2025-06-06T05:58:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022923", "uuid": "c9e9b0e0-cad1-460c-a9b5-735a9155641a", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022923", "to_ids": true, "type": "md5", "uuid": "c594943e-1e7b-4d9a-bbef-dd9343a5a066", "value": "4296316cc05c09ecbc5e58ec136b597c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021524", "to_ids": true, "type": "sha1", "uuid": "561db875-fb39-4a9e-b710-3d000e5f3712", "value": "8cbc0fd70adef4ba2e64f23128ca2b1754732276", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021525", "to_ids": true, "type": "sha256", "uuid": "112befe5-896a-4796-bebd-e4470d22a64d", "value": "e34c9159e6e78c59518a14c5b96bddfee094b684f99d4f69b13371284a014e87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020671", "to_ids": true, "type": "ssdeep", "uuid": "aac66821-f91b-4ccf-a491-c34295a9af40", "value": "3:JFHTgRAFsgUmhpDFGNIaFSGuVECDZKaECDZXFXKRLjRUKZFHbHWgUmhpDFGNIaFJ:JFH0ShtFGNIa0fZXFa51UKZFHb1htFGX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020671", "to_ids": false, "type": "size-in-bytes", "uuid": "58f407c4-d765-4079-ba08-e12a846686dd", "value": "189" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020671", "to_ids": true, "type": "filename", "uuid": "83f856d8-b4f9-4190-8a42-70b17e9fcdb4", "value": "1.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 08/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020671", "to_ids": false, "type": "text", "uuid": "ad8db8f9-08fa-42fe-a4f3-7f896b398a79", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:11/62\nFirst Submission:2025-06-03T08:48:32.000000+00:00\nLast Submission:2025-06-03T08:48:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022944", "uuid": "3be49c28-7364-4785-b12f-71a76b45eaf7", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022944", "to_ids": true, "type": "md5", "uuid": "88a7e91f-f80e-4ab2-a182-8d63e5328ccf", "value": "78680025b6b9d33377c6e672cdeb8cca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021526", "to_ids": true, "type": "sha1", "uuid": "c93f8174-0f7c-49be-a3c4-e9b9882c7fcc", "value": "9e17528cc985649a1b576d488da49427ad539bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021526", "to_ids": true, "type": "sha256", "uuid": "8fdf9662-df47-44fc-9fa4-6f1df651b6df", "value": "2c3f2261b00ea45e25eb4e9de2b7ff8e41f311c0b3d986461f834022c08b3b99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020692", "to_ids": true, "type": "ssdeep", "uuid": "409f0c1c-463d-4c57-9d09-a278b3524517", "value": "192:7DHhZTmYmNkmPFQOr8EzjmYmYA59VcOeOXPhTMF0aNx:XHhZcX9r8n9LTvaL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020692", "to_ids": false, "type": "size-in-bytes", "uuid": "65f2f857-cf0d-4284-9fb1-5112981311fc", "value": "8210" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020692", "to_ids": true, "type": "filename", "uuid": "16880c77-adf1-4b79-8809-e1504473e00f", "value": "exec.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020692", "to_ids": false, "type": "text", "uuid": "eb3643cb-33c5-44ce-b2da-c1d849dabcc9", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:21/62\nFirst Submission:2025-06-09T01:29:14.000000+00:00\nLast Submission:2025-06-09T01:29:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022966", "uuid": "edf61885-fdde-4d40-9668-f47f37e3d933", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022966", "to_ids": true, "type": "md5", "uuid": "6ecb109a-a1b3-451f-8cf2-1f1e822c2b9e", "value": "652841d3ec67eab71634c54a799853d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021527", "to_ids": true, "type": "sha1", "uuid": "bf91dc86-91fd-4576-ab91-5c73369bfd8b", "value": "d399032fb1d972aa3381667c23d19b7b7bfe457c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021527", "to_ids": true, "type": "sha256", "uuid": "dce352a1-b461-49b0-a917-3c9437d91274", "value": "3fcced9332301ff70b20c98c9434c858400013d659afa6bb5149cffb0206357d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020714", "to_ids": true, "type": "ssdeep", "uuid": "ddecead8-ea85-4a6f-91ad-6a5718ef7e43", "value": "192:7DKhZTmYmNkmPBqFj3DOmImz9F9VcOeOTPhTMF0aNx:XKhZcjqFjztn9rTvaL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020714", "to_ids": false, "type": "size-in-bytes", "uuid": "805b15ce-281f-4f15-a8bf-a195162faad6", "value": "7188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020714", "to_ids": true, "type": "filename", "uuid": "1f2eefff-6e71-4e42-b774-d1e496fb611d", "value": "t48rloz6.exe" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020714", "to_ids": false, "type": "text", "uuid": "5dd01135-c5fa-4741-9ca8-8715bb965650", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:22/62\nFirst Submission:2025-06-11T04:34:13.000000+00:00\nLast Submission:2025-06-11T04:34:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022987", "uuid": "5a42378e-cb82-46b6-afed-bcaa41bb5280", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022987", "to_ids": true, "type": "md5", "uuid": "8b033980-270b-4334-950a-68b5a1b124a1", "value": "04925b57576c617dc872b3ef72fe57b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021528", "to_ids": true, "type": "sha1", "uuid": "85355d6b-8de5-4669-b016-00d8f13a18c6", "value": "38ac24939827cbb69eb58f3c6c63271ab6658cd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021528", "to_ids": true, "type": "sha256", "uuid": "06ad3c50-b997-4194-b904-93f7bfd95692", "value": "a313f76fca50fff1bcd6f2c6cbc1268985f8c0a3a05fe7f43c4fc0ac3aff84dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020736", "to_ids": true, "type": "ssdeep", "uuid": "5f81762b-402b-4c32-a4f8-9544add27300", "value": "192:7DKhZTmYmNkmPFQ6pUs3LmImDF9VcOeOTPhTMF0aNx:XKhZcXdUN9rTvaL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020736", "to_ids": false, "type": "size-in-bytes", "uuid": "e2dac877-0ad6-4bf3-b8da-75650c22cf80", "value": "7840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020736", "to_ids": true, "type": "filename", "uuid": "2a764a84-e26c-4d60-81e2-02ff9c2649c5", "value": "exec1.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 07/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020736", "to_ids": false, "type": "text", "uuid": "8fada461-4bef-4eb6-96fb-bb2246a89409", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:20/61\nFirst Submission:2025-06-11T04:35:09.000000+00:00\nLast Submission:2025-06-11T04:35:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023008", "uuid": "5e548fd4-76f7-459c-a676-848f8c5dd1d5", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023008", "to_ids": true, "type": "md5", "uuid": "b1ef0e6a-76b4-4ad7-85bb-dafecd3ea716", "value": "8fa157657ff72f5dcce5bfe7278d2e44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021529", "to_ids": true, "type": "sha1", "uuid": "44c94821-a8f6-4bb7-8d15-3a20b2f8dbac", "value": "6ca9bd5389ce6dd07dc4b3bbf307c5c6882a657b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021529", "to_ids": true, "type": "sha256", "uuid": "0244d900-552b-44ee-94db-35468ca5dcb8", "value": "03eac9eb7f4b4bc494ef0496ee23cabbf38f883896838ed813741d8f64ac9fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020758", "to_ids": true, "type": "ssdeep", "uuid": "0b16f28a-2d5f-46d1-bf61-808534a98310", "value": "192:7DKhZTmYmNkmPBqFj3LOmImz9F9VcOeOePhTMF0aNx:XKhZcjqFj7tn9QTvaL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020758", "to_ids": false, "type": "size-in-bytes", "uuid": "e6473a36-cced-43c9-a1e6-627fced4536a", "value": "7176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020758", "to_ids": true, "type": "filename", "uuid": "237d83a6-180b-4134-9a4b-7e50c1063e9e", "value": "376972953" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020758", "to_ids": false, "type": "text", "uuid": "a4c4453d-86f8-43f0-8898-a98a801e6325", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:21/62\nFirst Submission:2025-06-10T00:05:15.000000+00:00\nLast Submission:2025-06-10T00:05:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023029", "uuid": "98458f07-63d7-45aa-9bb5-06af10212f05", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023029", "to_ids": true, "type": "md5", "uuid": "a994df7e-d638-425c-b08e-0205de2e306f", "value": "536f64654bcb94f476e0fd6e09d9ef19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021530", "to_ids": true, "type": "sha1", "uuid": "8a9b5e3f-7fa7-4942-a8b0-fc75d6243656", "value": "ba80c3c164d6417a467f0aaf480f61bbfae70674", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021530", "to_ids": true, "type": "sha256", "uuid": "bcd7bab6-82f5-4174-adbd-db407920bdab", "value": "17652d7bb5fe0454023db4fc7f608df0dbe6af237be31258e16ba52f0e895e26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020779", "to_ids": true, "type": "ssdeep", "uuid": "9a13a3a9-6c47-415a-8b0b-1b5bd9ce5376", "value": "192:7DKhZTmYmNkmPBqFj3LOmImz9F9VcOeQ7vhTMF0aNx:XKhZcjqFjbtn9xTvaL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020779", "to_ids": false, "type": "size-in-bytes", "uuid": "38b4b45e-8309-44e7-b8c2-7b20ada7ee79", "value": "7215" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020779", "to_ids": true, "type": "filename", "uuid": "e0a53386-5329-4fa8-89c8-5bb09131ae6f", "value": "377091940" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020779", "to_ids": false, "type": "text", "uuid": "0ab52426-c062-41fe-b89b-ef20f677e579", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: Trojan:Script/Multiverze!rfn\nVT Total Detection:22/62\nFirst Submission:2025-06-11T09:05:38.000000+00:00\nLast Submission:2025-06-11T09:05:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023050", "uuid": "1b20da53-a60d-4f79-9fef-2a338e810a20", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023050", "to_ids": true, "type": "md5", "uuid": "ffd2f02c-bc99-4744-a05c-926d534907c0", "value": "76145574211a76bc1fee25d2e7f5b980", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021531", "to_ids": true, "type": "sha1", "uuid": "332be2d4-d88e-431b-98ab-2e537586fe5d", "value": "8f49489e99403fe9c1f3fbf74883b30899e95ff2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021531", "to_ids": true, "type": "sha256", "uuid": "480accde-3cbf-4aa0-8599-441e4156e077", "value": "74d1a678bdc4bb9f33321e94e3bd1bc1740472ed734231fc46af720072ecb77e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020801", "to_ids": true, "type": "ssdeep", "uuid": "93e326f6-86b5-4354-b5f9-b5b36bca4cb2", "value": "192:7DKhZTmYmNkmPBqFj3LOmImz9F9VcOeQsvhTMF0aNx:XKhZcjqFj7tn9qTvaL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020801", "to_ids": false, "type": "size-in-bytes", "uuid": "7b6d1ee1-499b-47fc-8b9c-6c7c309c7ac9", "value": "7187" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020801", "to_ids": true, "type": "filename", "uuid": "ac77b764-f835-4b1e-854b-d9fd04dbc213", "value": "sQG0Vl" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020801", "to_ids": false, "type": "text", "uuid": "43571ef6-ff5c-4e91-a66d-a07216b81fda", "value": "PeerTime installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:21/62\nFirst Submission:2025-06-11T17:24:36.000000+00:00\nLast Submission:2025-06-22T11:07:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023071", "uuid": "69040ef9-d900-44fc-a979-24b4421073d5", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023071", "to_ids": true, "type": "md5", "uuid": "20340979-f86f-467f-bfc2-3db39112b42d", "value": "587970103a79bd1c9b1bda2003e1a988", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021532", "to_ids": true, "type": "sha1", "uuid": "c208f492-a505-4b53-912b-04d943c4cb36", "value": "e4558c3f4079b8bb9bfe4dd216544970f61c9d5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021532", "to_ids": true, "type": "sha256", "uuid": "5fa0145c-4a21-4938-9601-9a16d17a1892", "value": "c9fc2af30f769d856b88b3051f19fdb663b3e0a0916279df9bbcba93c6a110c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020822", "to_ids": true, "type": "ssdeep", "uuid": "219c5bcb-cd1f-41a1-a920-2aa933378408", "value": "24576:cPr/b4r1kiu6jpwaOnm0VR1A5MbLjcb1s:cDT4pkipjyaOm7ac" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020822", "to_ids": false, "type": "size-in-bytes", "uuid": "6c83b27a-b988-445c-ae8e-07c64eb78fcd", "value": "1531904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020822", "to_ids": true, "type": "vhash", "uuid": "407bb3c9-bec5-429b-ab3d-3ed251d5e90b", "value": "938c709960b3a24179bd4cfab1acb4f7" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 07/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020822", "to_ids": false, "type": "text", "uuid": "9e2dccc4-d846-40ed-bd14-4174aea9390e", "value": "PeerTime instrumentor binary\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:7/64\nFirst Submission:2025-06-20T07:23:48.000000+00:00\nLast Submission:2025-06-20T07:23:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023092", "uuid": "795fb1c2-1d2a-4563-9cce-c67f09858fd7", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023092", "to_ids": true, "type": "md5", "uuid": "3fa45d76-ecfe-439b-900a-21e44fb27827", "value": "6cf3ed386024c73e6666416437f2e6a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021533", "to_ids": true, "type": "sha1", "uuid": "cfdf9254-f66f-4b2d-998f-3a5634cfa421", "value": "01b9161375f2f20c8058357106d2a51004f9d4aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021533", "to_ids": true, "type": "sha256", "uuid": "7e3186a7-154b-4b7c-a4bb-6d842aecee11", "value": "34d64b3cd9430e85edefcb883973a086dd5de9917e05fabec89b1f4ab9627e91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020844", "to_ids": true, "type": "ssdeep", "uuid": "c2a6a7ea-6fa7-47ff-a098-99b7c284631f", "value": "49152:9YzL2pwdxnFyBKfXIGQ9/Ftjh4o/snpKoJLB:mzEwdxnjfXIRtjh4oO7L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020844", "to_ids": false, "type": "size-in-bytes", "uuid": "77837b82-f876-4a19-8905-788d0bf82e6e", "value": "1608240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020844", "to_ids": true, "type": "vhash", "uuid": "43a47d88-5669-49f7-a213-0b2a28a89058", "value": "00d7c510e772acbd6621fd2fb5096545" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020844", "to_ids": true, "type": "filename", "uuid": "35803bae-7ae6-4491-9ac4-692cee952760", "value": "hcmp74b.exe" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020844", "to_ids": false, "type": "text", "uuid": "8cd7fc38-3b87-480b-975a-b7ec56deb254", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt.U!MTB\nVT Total Detection:33/65\nFirst Submission:2025-10-31T09:41:09.000000+00:00\nLast Submission:2025-10-31T09:41:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023113", "uuid": "70a7cc23-aa68-4cc2-9bcf-d884213a9f6c", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023113", "to_ids": true, "type": "md5", "uuid": "55c43bad-f153-4d05-a1df-6c6aae9f81fb", "value": "fbf96d77f4cc47d9b583313649653377", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021534", "to_ids": true, "type": "sha1", "uuid": "ca4595c2-b71c-4961-896d-9fc85af68b8d", "value": "30a30487b0d3597f6290e7e9d4098f4991c18fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021534", "to_ids": true, "type": "sha256", "uuid": "856ce366-4f67-4803-9cd8-f39d7bc85671", "value": "bfc35f12d00fa4b40c5fbce9e37d704e12a52262709bcbdf09f97890bc40cad5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020887", "to_ids": true, "type": "ssdeep", "uuid": "d7771d15-812f-487c-8e3d-326bbd477c50", "value": "49152:3YzL2pwdxnFyBKfXIGQ9/Ftjh4obOfFzmK:ozEwdxnjfXIRtjh4o0F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020887", "to_ids": false, "type": "size-in-bytes", "uuid": "3986c057-6f7a-4d42-aa2a-a567fb7227c3", "value": "1608240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020887", "to_ids": true, "type": "vhash", "uuid": "0b691068-6544-4e90-bdc8-91cc2c0781fd", "value": "00d7c510e772acbd6621fd2fb5096545" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020887", "to_ids": true, "type": "filename", "uuid": "7c3d1d68-2a79-4e5e-b752-7b82c69166e9", "value": "amd64_1" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020887", "to_ids": false, "type": "text", "uuid": "37733fcb-b892-4ca7-a297-0d4b0a9a85bc", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt.U!MTB\nVT Total Detection:33/64\nFirst Submission:2025-05-27T16:18:08.000000+00:00\nLast Submission:2025-05-29T07:22:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023134", "uuid": "4cbfd0fd-33cf-4d96-8ca2-090118dae75b", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023134", "to_ids": true, "type": "md5", "uuid": "20e0e135-a63f-49c7-9a75-4b589d19c1bc", "value": "3a4ccd2ef01f6956decba1038669cbbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021535", "to_ids": true, "type": "sha1", "uuid": "9ae65db1-4b9f-4d8f-9a68-6d66b0fafa0e", "value": "6be1782ea400c8cfbba20ab633cc5793c04d1f09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021535", "to_ids": true, "type": "sha256", "uuid": "1c2db64c-ccb0-4d70-94d7-91c23c876ff4", "value": "c9a42423ef08bd7f183915780d39530eba5e4e25968c51965ff8bb3026965a28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021057", "to_ids": true, "type": "ssdeep", "uuid": "3133c945-617a-442a-a2ba-69521028a8b4", "value": "12288:li0oaGJhbWs2kP+UC0AR28fL/Lj/H90Svg+heBFI:M0FCRjx+t0ARzfL//upoeB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021057", "to_ids": false, "type": "size-in-bytes", "uuid": "ad97a271-f1c6-4cbf-8486-b911996e5514", "value": "583032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021057", "to_ids": true, "type": "vhash", "uuid": "8aaa7f59-dd3f-4a52-8a43-2afb820628ff", "value": "4c5331a461cd3179906a0a6898d5e41c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021057", "to_ids": true, "type": "filename", "uuid": "f9a6073e-332e-4d0d-bedc-d283f7b4b8da", "value": "arm926t_1.octet-stream" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021057", "to_ids": false, "type": "text", "uuid": "7b133975-7ddc-47ff-911b-a3bf212410fa", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt!MTB\nVT Total Detection:38/63\nFirst Submission:2025-06-11T04:25:15.000000+00:00\nLast Submission:2025-06-13T08:12:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023155", "uuid": "fd2e0dfe-7a75-4bc5-a071-c35216da70e4", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023155", "to_ids": true, "type": "md5", "uuid": "50bbdc10-1da5-45f8-b821-c2ad10792058", "value": "e75df6e03fc11fa8bd75351b0d5bce6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021536", "to_ids": true, "type": "sha1", "uuid": "2de13ca9-3974-4d28-b4d3-5c361b1963e8", "value": "8d8a870397ce8d8612c996ab112e9d7af6333c82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021536", "to_ids": true, "type": "sha256", "uuid": "2f08938e-9c80-4cc2-92a7-cc588d6e630b", "value": "38eeaa4eaad72feb3f8e6993565fcc548d8e7bb93642590f00fa24aacc0e2862", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021078", "to_ids": true, "type": "ssdeep", "uuid": "27a9a2d2-19c7-4586-9049-3f74bb92ce64", "value": "49152:tYzL2pwdxnFyBKfXIGQ9/Ftjh4oPQe43W:WzEwdxnjfXIRtjh4oPk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021078", "to_ids": false, "type": "size-in-bytes", "uuid": "96aef47e-d91a-4b8a-8830-63e7a7af6f5c", "value": "1608240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021078", "to_ids": true, "type": "vhash", "uuid": "506cbdb4-03fd-49b7-8837-b5f536bf4dea", "value": "00d7c510e772acbd6621fd2fb5096545" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021078", "to_ids": true, "type": "filename", "uuid": "25109734-e019-4e61-b4ac-6128484ed057", "value": "amd64_1" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021078", "to_ids": false, "type": "text", "uuid": "4c32f85b-1915-4fd2-87d3-3303778be4de", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt.U!MTB\nVT Total Detection:35/65\nFirst Submission:2025-05-31T04:04:09.000000+00:00\nLast Submission:2025-06-08T12:23:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023177", "uuid": "abc1125d-ab37-4ff6-a40c-d5dc5233d93a", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023177", "to_ids": true, "type": "md5", "uuid": "dcf6402b-a0b4-4b71-aecc-4cc474b43bdc", "value": "02b804b02aac1ab4cfc8e88dbcb5ee96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021537", "to_ids": true, "type": "sha1", "uuid": "d18ee3e3-3523-4e21-9ccd-9f487b68107a", "value": "f02f7dabac0cf876fcac48c46df0e58ad452615e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021537", "to_ids": true, "type": "sha256", "uuid": "53c6b07a-f625-4267-a24a-49be68440de6", "value": "56bead2933e91366e4a0d5761daf5b238a7f2c22e597664ef67b3ecae20ab326", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021100", "to_ids": true, "type": "ssdeep", "uuid": "f1bb02ff-f3cc-4f61-ad1e-0d384bdc8c87", "value": "12288:bmrtqJiuZRVML+P/FTtqD7xwIGQ6CmPjq3prVJgFXa/5+pVit03q:kqJirsNTtqD7iC+LOrVWFKcXi0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021100", "to_ids": false, "type": "size-in-bytes", "uuid": "b4272b33-37f3-4618-8f97-94add77ceed8", "value": "714536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021100", "to_ids": true, "type": "vhash", "uuid": "24248275-5720-4a8e-844e-404c39ea6bb8", "value": "b9aceb0f474a69d0809a17d96ed9cd97" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021100", "to_ids": true, "type": "filename", "uuid": "685336cd-aa5e-44fe-aa84-67e00caa6fe8", "value": "aarch64_1" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021100", "to_ids": false, "type": "text", "uuid": "c15cf2ec-9870-4831-aea2-6e2a2e41d801", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt!MTB\nVT Total Detection:34/64\nFirst Submission:2025-06-11T04:25:11.000000+00:00\nLast Submission:2025-06-11T04:25:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023198", "uuid": "4952afdc-e76e-4673-9d44-1b29f47a576f", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023198", "to_ids": true, "type": "md5", "uuid": "97f868f2-efc7-4ff9-b35a-751c52b06358", "value": "05580309235fa04c22cf6cbd31ef39ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021538", "to_ids": true, "type": "sha1", "uuid": "aad2afc4-b59a-4a2a-bc8c-2fea833721fe", "value": "f19f96e59e8f62a34eb305012db0b85d40ed81c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021538", "to_ids": true, "type": "sha256", "uuid": "d19cadd5-e0e0-40f7-b31b-bef0a43a46cd", "value": "6a2d23cc8746a83e9a3b974788fce0e414706b8e75ff390426dd7e10b19967b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021122", "to_ids": true, "type": "ssdeep", "uuid": "99b84dfc-72dd-4ab5-b0f7-7c48ef6e893b", "value": "24576:CX4oMZYdAZlIHiwB7885LaPOtVEKKWdI9uBZ:z/ZyHfBSPC/KWieZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021122", "to_ids": false, "type": "size-in-bytes", "uuid": "51218dd1-b85f-4c67-b6cf-fabc9599ac73", "value": "792372" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021122", "to_ids": true, "type": "vhash", "uuid": "df36cbe2-c336-4b89-879b-969ca0c9480a", "value": "f5eb211ca7d438554094f8f1f164e69d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021122", "to_ids": true, "type": "filename", "uuid": "41fa4072-34ee-4016-abeb-1d647fabbbeb", "value": "i686_1" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021122", "to_ids": false, "type": "text", "uuid": "b6aa9a69-5b91-43f4-898b-30ace1b41d4f", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt.W!MTB\nVT Total Detection:38/65\nFirst Submission:2025-06-11T04:25:15.000000+00:00\nLast Submission:2025-06-11T04:25:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023220", "uuid": "750ff169-45e0-4399-9cfd-0f38f0418f55", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023220", "to_ids": true, "type": "md5", "uuid": "832a5a46-84bd-435e-a7bb-0915965b1e80", "value": "e0ab78a2f5b92d265437fc9dd86e2899", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021539", "to_ids": true, "type": "sha1", "uuid": "82ffc3d8-4f60-4b2c-9573-bdef3eafe8c1", "value": "755c55ecc9896f5db71becb32261ccfe318fd626", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021539", "to_ids": true, "type": "sha256", "uuid": "e03e1966-b3a2-4c52-bcf3-9bfd0636253f", "value": "9a7225c17e4bad3ffe7f080530d36f4f8aca5c116b913caa91ab9b0cee85638e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021144", "to_ids": true, "type": "ssdeep", "uuid": "5ad2807b-4d74-423a-bed1-c86691061b74", "value": "12288:FmIlwJUiL22Z+M7pd7B6yD2YN6oNr7reYakUp4:Fm1X7BR/wEr7rIkr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021144", "to_ids": false, "type": "size-in-bytes", "uuid": "86c3c8ca-03eb-494c-9bd6-05470363691b", "value": "658068" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021144", "to_ids": true, "type": "vhash", "uuid": "6e2b4a0c-fe8b-42b0-886e-7576323e8748", "value": "fb2ee49ad8b2aa49be6d41aef345a18f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021144", "to_ids": true, "type": "filename", "uuid": "d23fc9c3-6e3d-4641-880f-c759d96008d2", "value": "mips_1.octet-stream" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021144", "to_ids": false, "type": "text", "uuid": "1350847b-ee8a-482b-9af1-94cf6c820443", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt!MTB\nVT Total Detection:36/63\nFirst Submission:2025-06-11T04:25:12.000000+00:00\nLast Submission:2025-06-13T08:12:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023241", "uuid": "5154720f-bfde-4f89-9b97-d39e07dcb5e7", "Attribute": [ { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023241", "to_ids": true, "type": "md5", "uuid": "2a0e9fcb-23bb-4d55-b810-80668bb6159b", "value": "e0c13dcf6ee7065400c7617bba781d75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021540", "to_ids": true, "type": "sha1", "uuid": "d14290a7-ade4-4346-989b-61f7cd6da52b", "value": "bdf4237546ed6020076a8ee264982ad3375b1ec5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PeerTime malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021540", "to_ids": true, "type": "sha256", "uuid": "33a71cc2-bf75-4cd4-9d40-c48c83681fc6", "value": "870e791af14caaf395c56028176a9c3f4c1ff0318ef3112d57ecd3d4a1be2ef9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021165", "to_ids": true, "type": "ssdeep", "uuid": "207a3f79-19d8-4a73-90bb-2fff57653421", "value": "49152:pYzL2pwdxnFyBKfXIGQ9/Ftjh4oE4HzZwAeqf:CzEwdxnjfXIRtjh4oEkz2AZf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021165", "to_ids": false, "type": "size-in-bytes", "uuid": "cf0b7378-2643-4af5-9827-d216aecdffce", "value": "1608240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021165", "to_ids": true, "type": "vhash", "uuid": "ab684de8-a2be-4464-a2a5-1253c35c5bd1", "value": "00d7c510e772acbd6621fd2fb5096545" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021165", "to_ids": true, "type": "filename", "uuid": "ce72caa2-bacf-43b5-82b9-2f1acb0605b2", "value": "streamlit_download (4).bin" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021165", "to_ids": false, "type": "text", "uuid": "3fcd0a0e-4af1-471c-967a-b27bbcc87326", "value": "PeerTime malware\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt.U!MTB\nVT Total Detection:30/64\nFirst Submission:2025-06-02T10:45:13.000000+00:00\nLast Submission:2025-06-02T10:45:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023262", "uuid": "2e9f86e7-13bd-423f-9986-1a9c31fc8a13", "Attribute": [ { "category": "Payload delivery", "comment": "BruteEntry installation script", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023262", "to_ids": true, "type": "md5", "uuid": "e1e347e3-5ba2-4d32-9c4c-7d03b008d83f", "value": "c54614deedd7642939f92aea90c6978d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021541", "to_ids": true, "type": "sha1", "uuid": "9cae3f29-f3ed-42ba-b882-94e85ac7ebab", "value": "eb858dc0f48b523cce5e912f850d3d11b450b70a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry installation script", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021541", "to_ids": true, "type": "sha256", "uuid": "2018b11a-1133-44f7-9df6-113117db42ec", "value": "1fcdd5a417db31e5e07d32cecfa69e53f0dce95b7130ad9c03b92249f001801d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021187", "to_ids": true, "type": "ssdeep", "uuid": "046dbba6-dc5a-453d-8094-d9ebab3e05a8", "value": "6:eT1MuT13E20T13EMZS9AdRE4uS/WpawFnUearfEbFCUnUEbgE8ZG:eTbTt4Tt3dRJ+DFUvfmXUD6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021187", "to_ids": false, "type": "size-in-bytes", "uuid": "2d9fba06-08c0-4397-b32a-d800d486d69e", "value": "459" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021187", "to_ids": true, "type": "filename", "uuid": "d574fe25-0637-4736-855b-e507125e4670", "value": "i.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021187", "to_ids": false, "type": "text", "uuid": "246a8860-1528-42b5-88c5-20c08df0878f", "value": "BruteEntry installation script\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:6/62\nFirst Submission:2025-06-11T04:34:56.000000+00:00\nLast Submission:2025-06-11T04:34:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023283", "uuid": "7579c819-7ec4-4470-9a56-9ee430e47ebc", "Attribute": [ { "category": "Payload delivery", "comment": "BruteEntry instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023283", "to_ids": true, "type": "md5", "uuid": "b1b2c6a2-50e2-4a7f-9cf1-37eadd01f3b9", "value": "24f2be6bd956c54db1b93c4c97fdb431", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021542", "to_ids": true, "type": "sha1", "uuid": "74a9c41a-49e7-4abb-b1bb-d691c6dab91c", "value": "a749e6bf064cfae46752da40376f5851a0bb691e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021542", "to_ids": true, "type": "sha256", "uuid": "4a306f5c-12b8-4714-8c2b-a5dc0a276059", "value": "66ce42258062e902bd7f9e90ad5453a901cfc424f0ea497c4d14f063f3acd329", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021209", "to_ids": true, "type": "ssdeep", "uuid": "58063695-795d-4fb9-b76d-1d6417e61e73", "value": "49152:9gfAVO+LJd8Q3faTd1xI5Oo67d5rg/MAtf2Qz7RFR:9bk6wXunWrg/HtfL71" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021209", "to_ids": false, "type": "size-in-bytes", "uuid": "03502afe-7b12-465a-8f9c-58a092cad494", "value": "2608493" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021209", "to_ids": true, "type": "vhash", "uuid": "64dfde5a-12d5-46ef-9fbb-78a785fc191a", "value": "db4bdcfe3686cb8c85b318ebac63d6f4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021209", "to_ids": true, "type": "filename", "uuid": "534f7aa6-08c7-44ea-963f-50661700b81d", "value": "daemon.octet-stream" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021209", "to_ids": false, "type": "text", "uuid": "2884f29a-5e55-41cd-b812-128f6071f476", "value": "BruteEntry instrumentor binary\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt!MTB\nVT Total Detection:21/65\nFirst Submission:2025-06-05T11:37:43.000000+00:00\nLast Submission:2025-06-13T09:01:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023304", "uuid": "f2db9e9b-0ef4-4c8a-aa15-ef7858db3ed6", "Attribute": [ { "category": "Payload delivery", "comment": "BruteEntry instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023304", "to_ids": true, "type": "md5", "uuid": "69789854-40f7-490d-be2c-a2c6f8a6a014", "value": "236c79305336f4dddbe25eb24f5cbd1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021543", "to_ids": true, "type": "sha1", "uuid": "0f8143a4-4d36-4476-bd34-5f22b2201141", "value": "50ac201eaeef516f132ea2067bb774d0d1d86edb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry instrumentor binary", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021543", "to_ids": true, "type": "sha256", "uuid": "f43f5936-7ec7-4b88-a3f9-c8e2765e0b51", "value": "d5eb979cb8a72706bfa591fa57d4ebf7d13cecdc9377b0192375e2f570f796df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021231", "to_ids": true, "type": "ssdeep", "uuid": "70a09a76-0150-4f10-9cba-438bea20f350", "value": "49152:RgwhwKQHgF2wqtsTdp2pTaDoULj7LTsuXLVMJ:RJJIAP2pa8UrsuXhs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021231", "to_ids": false, "type": "size-in-bytes", "uuid": "a4b3357f-5aa1-46e8-a1ab-e5fd846f776f", "value": "2602541" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021231", "to_ids": true, "type": "vhash", "uuid": "7a5e8bbc-80a0-47f4-8368-9b48bd1b020d", "value": "db4bdcfe3686cb8c85b318ebac63d6f4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021231", "to_ids": true, "type": "filename", "uuid": "bb4f30dc-e526-48ef-b2b4-c968830b91c5", "value": "daemon_bak.octet-stream" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021231", "to_ids": false, "type": "text", "uuid": "9a0830b9-2ff6-41b3-805f-285765928a4b", "value": "BruteEntry instrumentor binary\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt!MTB\nVT Total Detection:32/64\nFirst Submission:2025-06-11T04:25:16.000000+00:00\nLast Submission:2025-06-13T08:12:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023326", "uuid": "0c7ad3c9-5174-46b3-b9c3-c64209c21bd5", "Attribute": [ { "category": "Payload delivery", "comment": "BruteEntry agent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023326", "to_ids": true, "type": "md5", "uuid": "2dd58c8b-e4ad-4d27-84ea-ad06d03e3634", "value": "a35720e248c8b89a58f7fe516459181c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry agent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021544", "to_ids": true, "type": "sha1", "uuid": "be321c56-d419-4767-a2af-e5522d97df84", "value": "74cb41b383be4be3004bdba25974d120eb8d1395", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry agent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021544", "to_ids": true, "type": "sha256", "uuid": "9548463e-8593-4491-926b-8b605a4cdd44", "value": "66adeedfb739774fcc09aa7426c8fad29f8047ab4caee8040d07c0e84d011611", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021252", "to_ids": true, "type": "ssdeep", "uuid": "d645eace-8dc7-4e45-aa49-f8a4f311afd4", "value": "196608:TJZmbRXdThUp8dnz3Trc1XXR/gDmoWuahiJ2C:1Z2ddTC8x/c1GDBNau" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021252", "to_ids": false, "type": "size-in-bytes", "uuid": "d734e2c9-4aea-4e7b-bb25-d3924e4c541f", "value": "14062057" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021252", "to_ids": true, "type": "vhash", "uuid": "f0a0f615-4994-4657-afc3-967c46fd9249", "value": "3636f2218734d600870c06702c7e6c61" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021252", "to_ids": true, "type": "filename", "uuid": "30a0c544-d2c9-4bb4-b8c8-bcd299e4f6ec", "value": "os_check_agent" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021252", "to_ids": false, "type": "text", "uuid": "796c8fdf-a6d6-4506-a083-d16b77bc72c9", "value": "BruteEntry agent\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:23/65\nFirst Submission:2025-05-29T09:15:28.000000+00:00\nLast Submission:2025-05-29T09:15:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023347", "uuid": "f3841140-49cc-4e22-b472-0727e6b115dd", "Attribute": [ { "category": "Payload delivery", "comment": "BruteEntry agent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023347", "to_ids": true, "type": "md5", "uuid": "e40078d0-76cd-4c45-bc4c-17d6f7f44e3f", "value": "ff3a1b28267dd826d4e1c46c6f54bd55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry agent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021545", "to_ids": true, "type": "sha1", "uuid": "f051a25b-e409-414a-bdaf-a1469999f08f", "value": "bd1ef371ab4af20ba46e72dbb67856918a908838", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BruteEntry agent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021545", "to_ids": true, "type": "sha256", "uuid": "bd02c19b-6b2f-48d8-9f81-24738abed771", "value": "66bdce93de3b02cf9cdadad18ca1504ac83e379a752d51f60deae6dcbafe4e31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021274", "to_ids": true, "type": "ssdeep", "uuid": "5bffebaa-2948-44f9-b8ba-c6b3465ca05f", "value": "196608:gQ6psYCuGF0ren1XGkDkFR5nGgIA39+oWB:0pLCpOre1WvGdAt+h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021274", "to_ids": false, "type": "size-in-bytes", "uuid": "41d879cf-a7ef-41d9-a7a1-4595c09c6d77", "value": "14914266" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773021274", "to_ids": true, "type": "vhash", "uuid": "c21b1e68-0347-4c84-a2a6-819d169b7071", "value": "3636f2218734d600870c06702c7e6c61" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021274", "to_ids": true, "type": "filename", "uuid": "0e0bbf23-da8c-492b-b4fe-8005fd182f15", "value": "os_check_agent" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 08/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021274", "to_ids": false, "type": "text", "uuid": "f9975988-7692-42db-a6f7-df80331f66c7", "value": "BruteEntry agent\r\nType Description: ELF\nMicrosoft: Trojan:Linux/SAgnt!MTB\nVT Total Detection:30/65\nFirst Submission:2025-06-05T11:39:30.000000+00:00\nLast Submission:2025-06-16T19:08:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023368", "uuid": "d80ff8e4-6800-4685-bf5a-47805b6ac258", "Attribute": [ { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023368", "to_ids": true, "type": "md5", "uuid": "ce254ddb-2c80-4329-91d1-92920ed852a3", "value": "298574221daeb95f771942a2dd321d17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021546", "to_ids": true, "type": "sha1", "uuid": "76fb42e4-7e3e-44ab-a80b-5fe7513d70c2", "value": "9a287642bc2c76c990b8e87322e690beeae088a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021546", "to_ids": true, "type": "sha256", "uuid": "92b8d1c0-2ee5-4a62-bbef-04d59dfd191d", "value": "023467e236a95d5f0e62e26445d430d749c59312f66cf136e6e2c2d526c46ba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021296", "to_ids": true, "type": "ssdeep", "uuid": "10b6f458-c945-483c-999e-098808c96141", "value": "3:lyMva6VK+LUUmhCcDS:lfva6VK+gh2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021296", "to_ids": false, "type": "size-in-bytes", "uuid": "2aedea00-baa4-4ef3-ab21-7dee377fb8a1", "value": "44" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021296", "to_ids": true, "type": "filename", "uuid": "a516ea41-b892-494f-bd90-e2e4493011dc", "value": "1.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021296", "to_ids": false, "type": "text", "uuid": "1d99e925-8bd6-493d-8a68-bde72d0140dc", "value": "Additional malicious scripts\r\nType Description: DOS batch file\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:10/62\nFirst Submission:2025-06-17T22:02:42.000000+00:00\nLast Submission:2025-06-17T22:02:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023390", "uuid": "60d4954a-2a07-4c09-80e1-3cf37ec3adb2", "Attribute": [ { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023390", "to_ids": true, "type": "md5", "uuid": "b53dff65-55af-4eea-bbdc-231b4222f17e", "value": "777e1029ae275d071b0185ced71620c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021548", "to_ids": true, "type": "sha1", "uuid": "2991e45a-f978-4b89-b20a-093bd7d4b78c", "value": "6628988fd8eb1d5180ebbf2cb201135fc5864428", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021548", "to_ids": true, "type": "sha256", "uuid": "8b51baa5-b53c-41ac-bbaf-eca768e6b787", "value": "f8066833e47814793d8c58743622b051070dac09cb010c323970c81b59260f84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021318", "to_ids": true, "type": "ssdeep", "uuid": "99c5f802-4801-4a08-88ce-3fe8114a0295", "value": "6:3JtKJTpOQhTX+WvyDdUFlfRN4ieHeHbJSgDs:3JY5hedUFP4PgDs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021318", "to_ids": false, "type": "size-in-bytes", "uuid": "5124769e-3955-450f-a7cc-7052482b62a8", "value": "199" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021318", "to_ids": true, "type": "filename", "uuid": "796c5a89-f719-424f-9cb2-893d6b81866b", "value": "2.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021318", "to_ids": false, "type": "text", "uuid": "dc4a641f-5f98-4c2b-b545-1836318b1e37", "value": "Additional malicious scripts\r\nType Description: Shell script\nMicrosoft: None\nVT Total Detection:6/62\nFirst Submission:2025-06-17T22:01:53.000000+00:00\nLast Submission:2025-06-17T22:01:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773023411", "uuid": "f3b84b77-335f-402f-8661-096803970686", "Attribute": [ { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773023411", "to_ids": true, "type": "md5", "uuid": "55e50e69-5212-47ae-8e67-4e9298f1a2e8", "value": "589fb975776e2c1e23f1028a7b50bbdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021549", "to_ids": true, "type": "sha1", "uuid": "387ff725-7386-4211-bf9f-3fcd8261db2e", "value": "a4392f5ed2a2c74633d7af1334bb3488b8425cc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Additional malicious scripts", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021549", "to_ids": true, "type": "sha256", "uuid": "bb58facd-dae8-4a36-91dd-c4a886587f9c", "value": "06b23d84fd7afd525dfd7860ebd561dcdd72ccbeb51981d5d9a75acf068d0a2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773021339", "to_ids": true, "type": "ssdeep", "uuid": "ef72f97d-6285-4b45-9d48-745ae9873173", "value": "3:lyGlFFIMva6VK+LUUmhDGP:lVlFFxva6VK+ghDGP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773021339", "to_ids": false, "type": "size-in-bytes", "uuid": "f6d76b3f-8288-465e-9afb-71d91f7db55e", "value": "54" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773021339", "to_ids": true, "type": "filename", "uuid": "07b25302-93e2-47ac-8e0b-4412e4bb7b2f", "value": "rev.sh" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773021339", "to_ids": false, "type": "text", "uuid": "b3809d28-3871-4781-bf9e-e1d4b97a563b", "value": "Additional malicious scripts\r\nType Description: Shell script\nMicrosoft: Trojan:DOS/Casdet!rfn\nVT Total Detection:10/62\nFirst Submission:2025-06-17T22:02:33.000000+00:00\nLast Submission:2025-06-17T22:02:33.000000+00:00" } ] } ] } }