{ "Event": { "analysis": "1", "date": "2026-04-17", "extends_uuid": "", "info": "[Threat Intel] Uptick in Bomgar RMM Exploitation", "protected": false, "publish_timestamp": "1776767271", "published": true, "threat_level_id": "3", "timestamp": "1776767270", "uuid": "ddd2e7d6-bacb-4276-a967-deb2ab1f1be6", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#8f20d0", "local": false, "name": "misp-galaxy:producer=\"Huntress\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Groups - T1069.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#ecc598", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1136.001\"", "relationship_type": "" }, { "colour": "#a6d5f3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1136.002\"", "relationship_type": "" }, { "colour": "#673bb0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Groups - T1069.001\"", "relationship_type": "" }, { "colour": "#71ecdb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"", "relationship_type": "" }, { "colour": "#e43954", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#3970d7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#b06a8a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain or Tenant Policy Modification - T1484\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776682825", "to_ids": false, "type": "link", "uuid": "38472537-d314-4f5f-9f29-09f5e43d251d", "value": "https://www.huntress.com/blog/uptick-bomgar-exploitation" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776682825", "to_ids": false, "type": "text", "uuid": "a9f1074c-f174-4efa-b49f-70c7459a39da", "value": "Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776682825", "to_ids": false, "type": "text", "uuid": "b185ba1e-b60c-4c90-a960-6297daa9eadd", "value": "Name: Uptick in Bomgar RMM Exploitation\nAuthor: AlienVault\nAdversary: \nTags: [\"lockbit\", \"simplehelp\", \"remote access tools\", \"ransomware\", \"byovd\", \"screenconnect\", \"atera\", \"bomgar\", \"rmm exploitation\", \"anydesk\", \"cve-2026-1731\", \"poisonkiller\", \"msp targeting\"]\nTgtd countries: []\nMlwr families: [\"LockBit\", \"PoisonKiller\", \"AnyDesk\", \"ScreenConnect\", \"Atera\", \"SimpleHelp\"]\nAttack_ids: [\"T1053.005\", \"T1133\", \"T1489\", \"T1069.002\", \"T1135\", \"T1082\", \"T1190\", \"T1219\", \"T1136.001\", \"T1136.002\", \"T1069.001\", \"T1098\", \"T1562.001\", \"T1078\", \"T1068\", \"T1486\", \"T1018\", \"T1484\"]\nIndustries: [\"Healthcare\", \"Technology\"]" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776682825", "to_ids": false, "type": "vulnerability", "uuid": "78224407-82ea-487f-a3a9-ddf733715832", "value": "CVE-2026-1731" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735724", "to_ids": true, "type": "sha256", "uuid": "30c28715-a166-4667-9f8b-788e47e73246", "value": "538b3b36dd8a30e721cc8dc579098e984cf8ed30b71d55303db45c7344f7a4cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735724", "to_ids": true, "type": "sha256", "uuid": "d98dfc7d-1fbd-456f-badd-29d7b2d6f47e", "value": "bc9635dcc3444c18b447883c6bc1931e5373e48c7dbfaa607285a9fb668b03ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776736068", "to_ids": true, "type": "ip-dst", "uuid": "fd3bde9a-f65c-4554-8e6b-e05b0dbc6219", "value": "146.70.41.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776689558", "to_ids": true, "type": "email-src", "uuid": "83968536-eb10-43ef-a510-10d5a276380b", "value": "lokbt9@onionmail.org" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736089", "uuid": "21f43aa6-8e31-4d84-a7d1-8521c0cc7968", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736089", "to_ids": true, "type": "md5", "uuid": "a2fbe672-7f86-434f-93a8-5a9983db0544", "value": "2cc835399634d1f8f50e465201bfd877", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735720", "to_ids": true, "type": "sha1", "uuid": "eb026e62-bb4d-4950-a7e5-3c67f9254f26", "value": "4cad3e674682d3d70cc875977f23d71f41ceb55e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735720", "to_ids": true, "type": "sha256", "uuid": "dcb32fa1-b14e-4d4a-8b23-2bb73064213b", "value": "a5035cbd6c31616288aa66d98e5a25441ee38651fb5f330676319f921bb816a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733435", "to_ids": true, "type": "ssdeep", "uuid": "f1351ff8-eac4-4f3b-840e-cad319187c89", "value": "192:0Np/y5vzVXpWlVHMEc+Pbp5GBe1VfNEwm1ahYCydn2O8xYqD0cSX01k9z3AT/ipe:0N85rVXcLr7GBJ1ah3yqvDyR9za/io" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733435", "to_ids": false, "type": "size-in-bytes", "uuid": "4aab38d6-c632-4060-b4c7-03aa8717a0e2", "value": "19672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733435", "to_ids": true, "type": "vhash", "uuid": "698ae028-fadf-4b49-849f-e5b88034b7b1", "value": "014066551d1516151iz13xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733435", "to_ids": true, "type": "filename", "uuid": "8687cb76-7533-48bf-a462-c57356c495e1", "value": "PoisonX.sys" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733435", "to_ids": false, "type": "text", "uuid": "970508ae-2cbc-4c39-b99d-24ce2b57f1b7", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:32/72\nFirst Submission:2026-04-03T08:11:03.000000+00:00\nLast Submission:2026-04-20T07:26:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736110", "uuid": "daac7616-5d1a-4482-8d1c-104d7893f308", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736110", "to_ids": true, "type": "md5", "uuid": "b48f3219-f490-419c-aca1-05727421cd41", "value": "09505c16eaa1ec4360f66b6865909f20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735721", "to_ids": true, "type": "sha1", "uuid": "5eaa508c-c972-4ff0-bcc7-c9da358fcb3c", "value": "df90319a71e7c2001a7e1915ca4865864783d90d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735721", "to_ids": true, "type": "sha256", "uuid": "41ede93e-3e37-42b7-bbd2-04bcafc2825c", "value": "3529b1422da886b7d04555340dfb1efd44a625c2921af6df39819397176956d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733456", "to_ids": true, "type": "ssdeep", "uuid": "08c7a403-f481-4bbd-8617-2e0eb4e69ef4", "value": "3072:v6glyuxE4GsUPnliByocWepgYIDohdM16a+/fqGg:v6gDBGpvEByocWeNIDok1BUXg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733456", "to_ids": false, "type": "size-in-bytes", "uuid": "abad388b-b5d5-4b89-9c97-ef7b7f88fc2b", "value": "151552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733456", "to_ids": true, "type": "vhash", "uuid": "05ff1695-e2e2-4ccb-b0d7-762e7ef29c48", "value": "01506666151d7d7567z61z7nzbfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733456", "to_ids": true, "type": "filename", "uuid": "13384d6d-135a-45eb-9d18-e4d439d55113", "value": "LB3.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733456", "to_ids": false, "type": "text", "uuid": "eac872d3-9ed7-4860-84d4-bc5625af5ab2", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win32/Lockbit.AK!ibt\nVT Total Detection:61/72\nFirst Submission:2026-04-16T22:06:17.000000+00:00\nLast Submission:2026-04-16T22:09:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736131", "uuid": "ab5760a0-e327-420e-9213-096a3197f6ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736131", "to_ids": true, "type": "md5", "uuid": "75841ddc-c35f-4c47-96ba-4272788c6477", "value": "97c93a3fea94114b90150ebfd5584380", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735722", "to_ids": true, "type": "sha1", "uuid": "f4527f2f-afd7-478e-85d2-f91c7ecc2421", "value": "37206ef6ae4b05a3372c87c580380e1c122b8021", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735722", "to_ids": true, "type": "sha256", "uuid": "3fc6d4b6-199e-47ff-b9ea-d62e7c184744", "value": "b44dd12179a15a7d89c18444d36e8d70b51d30c7989d3ab71330061401f731fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733499", "to_ids": true, "type": "ssdeep", "uuid": "85b3e493-cadc-4ea0-92b8-97eeada573a3", "value": "49152:jaohnC+kao3dSYoXDpGCD/x6jGrjCPoBsbfLRCX4B/+5dswnbh2wEtIy0kRVQ+1y:/nFkao3MYoTpGCD/x6jAjCPoBspCX4pU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733499", "to_ids": false, "type": "size-in-bytes", "uuid": "4ad74495-bd1a-4171-83cd-3651e2aa581a", "value": "1988920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733499", "to_ids": true, "type": "vhash", "uuid": "1484edd0-6a0c-4c3f-8e2a-991be6c2124e", "value": "016076655d1d1515556160e02002e00997z7015z70300a5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733499", "to_ids": true, "type": "filename", "uuid": "c29661f9-41c3-4090-952d-b0d40762adaa", "value": "HRSword.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733499", "to_ids": false, "type": "text", "uuid": "6315867f-8894-448f-8a93-1a3a44cc26a6", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:8/72\nFirst Submission:2023-06-28T20:38:13.000000+00:00\nLast Submission:2026-03-23T20:04:48.000000+00:00" } ] } ] } }