{ "Event": { "analysis": "1", "date": "2026-04-13", "extends_uuid": "", "info": "[Threat Intel] Q1 2026 malware statistics report for Windows web servers", "protected": false, "publish_timestamp": "1776682897", "published": true, "threat_level_id": "3", "timestamp": "1776682897", "uuid": "dbdfe7e0-7cca-400c-86f6-9c40f4b8d7e6", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#bb889f", "local": false, "name": "misp-galaxy:producer=\"AhnLab\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#657ac3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol Tunneling - T1572\"", "relationship_type": "" }, { "colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": "" }, { "colour": "#9dfeaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Elevation Control Mechanism - T1548\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#f055aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\"", "relationship_type": "" }, { "colour": "#3970d7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776164424", "to_ids": false, "type": "link", "uuid": "d4070494-d35f-4878-88f8-738bfac7b1ab", "value": "https://asec.ahnlab.com/en/93335/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776164424", "to_ids": false, "type": "text", "uuid": "290be903-19b2-4f38-9229-042bd23a2860", "value": "Analysis of Windows web server attacks during Q1 2026 reveals that Internet Information Services (IIS) and Apache Tomcat servers face persistent threats through web shell exploitation. The Larva-26001 threat actor has been targeting domestic IIS servers for several years, deploying privilege escalation tools including JuicyPotato, BadPotato, and exploiting CVE-2019-1458. Following privilege escalation, attackers utilize port-forwarding tools like HTran and PortTranC to redirect traffic to RDP port 3389, enabling remote control of compromised systems. Attack vectors include file upload vulnerabilities, Web Framework-WAS vulnerabilities, and unpatched RCE services. Additional malicious activities involve deployment of backdoors, CoinMiners, and proxy tools for internal network compromise." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776164424", "to_ids": false, "type": "text", "uuid": "0ce8f72e-4dc5-4d07-b3f8-1f9bfd3fadce", "value": "Name: Q1 2026 malware statistics report for Windows web servers\nAuthor: AlienVault\nAdversary: Larva-26001\nTags: [\"iis\", \"apache tomcat\", \"jsprat\", \"cve-2019-1458\", \"windows web servers\", \"privilege escalation\", \"badpotato\", \"rdp compromise\", \"porttranc\", \"web shell\", \"htran\", \"port forwarding\", \"printspoofer\", \"coinminer\", \"juicypotato\"]\nTgtd countries: []\nMlwr families: [\"JuicyPotato\", \"BadPotato\", \"HTran\", \"PortTranC\", \"Jsprat\", \"PrintSpoofer\"]\nAttack_ids: [\"T1082\", \"T1190\", \"T1572\", \"T1505.003\", \"T1548\", \"T1090\", \"T1059\", \"T1083\", \"T1078\", \"T1571\", \"T1068\", \"T1136\", \"T1018\", \"T1046\", \"T1021.001\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1776164424", "to_ids": false, "type": "threat-actor", "uuid": "9ec54d97-c027-4986-ab01-911c5f5e74f0", "value": "Larva-26001" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776164424", "to_ids": false, "type": "vulnerability", "uuid": "82b07623-1bcd-4e36-94ff-98a3a6d63380", "value": "CVE-2019-1458" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776654486", "to_ids": true, "type": "md5", "uuid": "aaac3565-1ae2-45b4-86b4-9ff228deefd1", "value": "0f0a43507e9fb6adb3c4dac92072cec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776654725", "uuid": "bbf1bf2c-3062-44ef-a0e2-fe9773f08c80", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776654725", "to_ids": true, "type": "md5", "uuid": "8ff7821d-d891-45e5-89e8-d52f34bfde5d", "value": "141f13b3aae7a0e2410bb3a59101df75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776654482", "to_ids": true, "type": "sha1", "uuid": "e970e980-e79a-4450-8ab1-f8478dfc3c2d", "value": "3735c6e260a647b0937d853bc5fa261d876492ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776654482", "to_ids": true, "type": "sha256", "uuid": "3c9d0f6f-dc02-41ae-b792-64e2cb583f49", "value": "69862b4b42ed8f86be94ef517b20cf6feabdbd5eb0fb0e6e9001a1dfad1cb1cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776654013", "to_ids": true, "type": "ssdeep", "uuid": "39fff958-03f8-4046-afca-3bb119963aae", "value": "768:0hfwqDjBcNWY+AMRqIB1uIQJYA4/Fkt/slOU6qaKMVI0vMI/t2S:01wqDjBcNWPfmI9ZDlOU6qIVI0vvw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776654013", "to_ids": false, "type": "size-in-bytes", "uuid": "2e380984-5a37-4c87-997f-a9763cdcd9ff", "value": "38400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776654013", "to_ids": true, "type": "vhash", "uuid": "e2581d63-3bb2-409f-b77a-64e692de7632", "value": "03403e7e6d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776654013", "to_ids": true, "type": "filename", "uuid": "da57fe4b-81e1-4418-ab44-df64ffa4aebd", "value": "l.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 14/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776654013", "to_ids": false, "type": "text", "uuid": "b1dca9e5-0786-4c4c-bc2e-45ce53d3e832", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win32/HTran\nVT Total Detection:42/72\nFirst Submission:2014-03-15T18:10:07.000000+00:00\nLast Submission:2015-12-21T07:31:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776654746", "uuid": "35deda65-e4f2-4335-b5fe-cb47764acaba", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776654746", "to_ids": true, "type": "md5", "uuid": "2d6dabcc-0b84-413b-87de-ee62bbc2bc16", "value": "297e9a406f4a7b361882320d9801cfa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776654483", "to_ids": true, "type": "sha1", "uuid": "c97937f0-f13e-4c8c-bd1e-3d06aca74370", "value": "4504e0d9d5843a1b6637dcff2e7a8875fd774b4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776654483", "to_ids": true, "type": "sha256", "uuid": "b4de35ef-9c4c-4355-a7ae-e82d0c97f5fa", "value": "aa0db29e00c33ba522540485b545ca0da7d2a7e8186f54a8a4dabd9438884c1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776654035", "to_ids": true, "type": "ssdeep", "uuid": "e5951fc6-c3bc-459b-a1a0-4c2144fa628c", "value": "96:6PdCY+l2CeTUAHrHBBv9l5fmLLhYoY/KLzNt:HQCeTUALB5MWoDN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776654035", "to_ids": false, "type": "size-in-bytes", "uuid": "068aa5e6-c3df-4b61-944b-cce91f213eab", "value": "6144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776654035", "to_ids": true, "type": "vhash", "uuid": "9054f956-3dad-4037-aaa1-e6e49ac290c6", "value": "263036551517081120010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776654035", "to_ids": true, "type": "filename", "uuid": "95c5c65a-1b66-438d-8e22-c2fdcc0ccbb4", "value": "PortTranC.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 23/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776654035", "to_ids": false, "type": "text", "uuid": "22fe2f3d-296c-49bc-8372-abeeab6a1e48", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:32/72\nFirst Submission:2020-10-05T19:16:55.000000+00:00\nLast Submission:2025-06-05T06:26:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776654768", "uuid": "31825fe1-58f3-471c-b71f-7ae6355b7d15", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776654768", "to_ids": true, "type": "md5", "uuid": "5e8f58bb-273e-4f83-be03-5b1bcfba807d", "value": "33034332feae99284adb3e20e8fa534f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776654484", "to_ids": true, "type": "sha1", "uuid": "8858ae48-1176-4c0c-b84d-f2eb942bda87", "value": "fdc6e2a8fdc0951c871ba5789b2d23cf08b244ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776654484", "to_ids": true, "type": "sha256", "uuid": "86e00e3a-e254-4c59-9e2a-856f463aa644", "value": "09d663f51b9c6d85da84f1586f876455aea4524c292d5747a4ac458aea9554fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776654057", "to_ids": true, "type": "ssdeep", "uuid": "b3615d8b-bbcd-44c8-9406-9784517a82ac", "value": "3072:40SnKKTvf3/c0RTtPijo3w/EsoSvyXSU9po:QFvUQTtueSgpo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776654057", "to_ids": false, "type": "size-in-bytes", "uuid": "39b80947-88e3-4b85-aeed-cabd24c5a26a", "value": "133920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776654057", "to_ids": true, "type": "vhash", "uuid": "68db5efc-a659-4852-a145-e753c25f6ac2", "value": "01503e0f7d1019z47z15z1dz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776654057", "to_ids": true, "type": "filename", "uuid": "ac7ddfd4-0c11-43c1-91f2-8a46a80751e6", "value": "JuicyPotato.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776654057", "to_ids": false, "type": "text", "uuid": "eacda9e3-846e-4e63-aa21-0aa3a8c72f2a", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win64/Juicypotato\nVT Total Detection:61/73\nFirst Submission:2020-12-06T06:40:09.000000+00:00\nLast Submission:2025-11-25T09:33:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776654789", "uuid": "ee5b8680-e138-4f66-8bec-9dfd61524bcf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776654789", "to_ids": true, "type": "md5", "uuid": "09630ba7-90b9-4bcf-af30-3cee54cf8499", "value": "5b3ed99a5ef7ee49436e38a6fc7bf50d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776654485", "to_ids": true, "type": "sha1", "uuid": "933696c4-ac15-40b0-b3cc-0bd9dbe1f488", "value": "dd18afc96dbff32b80ccc6c1a1efa0f4dc84d1a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776654485", "to_ids": true, "type": "sha256", "uuid": "a709f63b-e3b7-4c56-892b-c7b7b3b320e3", "value": "e774b7f932285699d9694b975994d5bc9de742d16ae5b3e9ea5ef90516b17191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776654079", "to_ids": true, "type": "ssdeep", "uuid": "285a8df7-fd67-49b1-9a3d-d79f262e9366", "value": "1536:04dWMRqsQZ15VggWGDbnBLKDZzrN6hF3UkdyXjR16EfYbeZx2+RO9yKMB:dQGqs4qgWGDTBLMZV0UN16EQiRO9I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776654079", "to_ids": false, "type": "size-in-bytes", "uuid": "3ac446ee-3a01-4f6a-9a01-1dc39a926947", "value": "79872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776654079", "to_ids": true, "type": "vhash", "uuid": "fed7a72a-348a-4eed-a62d-f9e4282baafa", "value": "07408e0d0d051f0a0e751bz1nz15z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776654079", "to_ids": true, "type": "filename", "uuid": "6afb678e-53f8-4c13-8a22-55c9db7b34e5", "value": "l.txt" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 01/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776654079", "to_ids": false, "type": "text", "uuid": "847e7a96-5109-44eb-86b2-9150a469139f", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win32/HTran\nVT Total Detection:39/72\nFirst Submission:2015-09-15T12:33:43.000000+00:00\nLast Submission:2025-04-28T05:46:04.000000+00:00" } ] } ] } }