{ "Event": { "analysis": "1", "date": "2026-04-14", "extends_uuid": "", "info": "[Threat Intel] Q1 2026 Malware Statistics Report for Windows Database Servers", "protected": false, "publish_timestamp": "1776682892", "published": true, "threat_level_id": "3", "timestamp": "1776682892", "uuid": "f63a7643-f37a-49a2-bb4e-e62153d7339e", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#bb889f", "local": false, "name": "misp-galaxy:producer=\"AhnLab\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Guessing - T1110.001\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#aff0ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Permission Groups Discovery - T1069\"", "relationship_type": "" }, { "colour": "#cfd023", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Cracking - T1110.002\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#71ecdb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"", "relationship_type": "" }, { "colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#f055aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776164416", "to_ids": false, "type": "link", "uuid": "0a7d3a44-3eb5-45d8-8305-724f2c1d40cb", "value": "https://asec.ahnlab.com/en/93333/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776164416", "to_ids": false, "type": "text", "uuid": "0c5a9288-f854-4b98-9855-c2fc8f851a3e", "value": "During the first quarter of 2026, Windows-based MS-SQL and MySQL database servers experienced consistent malicious attacks with a temporary decrease in February before rising again in March. The primary threat actor, Larva-26002, leveraged various utilities including BCP, curl, bitsadmin, and PowerShell to deploy a Go-based scanner called ICE Cloud, which contained Turkish language strings and C&C-based scanning capabilities. This tool attempted MS-SQL authentication using predefined credentials. Attack methods primarily consisted of brute force attacks, dictionary attacks, and exploitation of unpatched systems with misconfigured accounts stemming from inadequate account management practices." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776164416", "to_ids": false, "type": "text", "uuid": "601b003c-d4b1-43b8-886e-17a385d7e3a2", "value": "Name: Q1 2026 Malware Statistics Report for Windows Database Servers\nAuthor: AlienVault\nAdversary: Larva-26002\nTags: [\"dictionary attack\", \"brute force\", \"scanner\", \"loveminer\", \"gh0strat\", \"database servers\", \"shadowforce\", \"mysql\", \"coinminer\", \"ice cloud\", \"credential stuffing\", \"juicypotato\", \"clrshell\", \"netcat\", \"mykings\", \"ms-sql\"]\nTgtd countries: []\nMlwr families: [\"ICE Cloud\", \"Gh0stRAT\", \"CLRShell\", \"CoinMiner\", \"LoveMiner\", \"MyKings\", \"Shadowforce\", \"JuicyPotato\", \"Netcat\"]\nAttack_ids: [\"T1033\", \"T1110.001\", \"T1003\", \"T1069\", \"T1110.002\", \"T1082\", \"T1190\", \"T1083\", \"T1059.001\", \"T1098\", \"T1110\", \"T1078\", \"T1071.001\", \"T1136\", \"T1046\", \"T1518\", \"T1105\", \"T1021.001\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1776164416", "to_ids": false, "type": "threat-actor", "uuid": "c9b003e2-2820-480b-9dfa-d4faa6884a25", "value": "Larva-26002" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776654476", "to_ids": true, "type": "md5", "uuid": "38a2f185-efa4-42c8-ae2c-ac61a423ab7e", "value": "28847cb6859b8239f59cbf2b8f194770", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776654477", "to_ids": true, "type": "md5", "uuid": "d924c150-6832-4710-9cb4-e8aadda79008", "value": "7fbbf16256c7c89d952fee47b70ea759", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654553", "to_ids": true, "type": "ip-dst", "uuid": "601a57e4-deb1-40c9-a12c-f7fce1dc6df1", "value": "109.205.211.13", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654574", "to_ids": true, "type": "domain", "uuid": "8ae3d74c-9e51-4bd6-a68e-225d7877209f", "value": "hostroids.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776654595", "to_ids": true, "type": "url", "uuid": "71899c95-7471-4f2a-ac19-328bd2964525", "value": "http://109.205.211.13/api.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776654616", "uuid": "320fce2d-e0de-44a2-89f8-9fe31dbbe825", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776654616", "to_ids": true, "type": "md5", "uuid": "6d93ece7-7a73-4fc1-aa2b-75ee84e9d08f", "value": "0a9f2e2ff98e9f19428da79680e80b77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776654473", "to_ids": true, "type": "sha1", "uuid": "4fa092ca-e222-42d0-ad79-4b79198d0492", "value": "10b31700a4a5ee1b673aa2a070d2908536ca2d9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776654473", "to_ids": true, "type": "sha256", "uuid": "724abe18-98ef-422b-8444-e76f922231be", "value": "6130a96f19ab4e3af5dfaf16fef8d8c176d9cc508b0422032ef4c18a4b65ef19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776653861", "to_ids": true, "type": "ssdeep", "uuid": "5b40b730-c728-4c73-a738-4104d1b10390", "value": "24576:5g7QOOCfZafg/LkjDm0V0KlmmUjXVlV6RuoPwzJQ8BfIh949la9yTx5pAsCcjt9w:5+QfqlKsm2+AiKvMcMFbQu3qH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776653861", "to_ids": false, "type": "size-in-bytes", "uuid": "87706d8e-7254-4c01-b502-9b03818c67bf", "value": "2621440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776653861", "to_ids": true, "type": "vhash", "uuid": "f916189f-ed78-4bec-9425-92f7b33ec1f8", "value": "026066655d5d15641az2c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776653861", "to_ids": true, "type": "filename", "uuid": "f8b4e30e-da22-4249-9931-f018b771b404", "value": "0a9f2e2ff98e9f19428da79680e80b77.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 17/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776653861", "to_ids": false, "type": "text", "uuid": "868f9074-09be-4da2-bc9a-7533597b2bad", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:23/72\nFirst Submission:2026-01-14T09:14:20.000000+00:00\nLast Submission:2026-03-20T18:29:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776654637", "uuid": "c7df046d-5e20-492f-ac60-ce497317329d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776654637", "to_ids": true, "type": "md5", "uuid": "83e15dd8-65a5-4d6a-8fa0-a50265571a0a", "value": "5200410ec674184707b731b697154522", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776654474", "to_ids": true, "type": "sha1", "uuid": "5781e6d6-a96a-4971-913e-ff9c777d89bc", "value": "8d8c4b1f1f80b368340c6f4f45f35a49be794d45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776654474", "to_ids": true, "type": "sha256", "uuid": "4ecfe89b-1269-4fe1-a372-2635f9b9ba85", "value": "7ac9ea9f9d9a25c73d3267e7466cb0643f4e981bda36013ee9264feebe38b51c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776653903", "to_ids": true, "type": "ssdeep", "uuid": "cdf089ec-a453-4dc3-9f26-e57b2a341f1a", "value": "98304:UEFqwEmCSAgoJM0YPdbOEG7gqZPUSfgbILuzlK5BfD4j:UEFEmYM0YVrGHLm45ZD4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776653903", "to_ids": false, "type": "size-in-bytes", "uuid": "d3eff32c-2814-4db0-86ee-30b7d7fb181e", "value": "9905152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776653903", "to_ids": true, "type": "vhash", "uuid": "fd90da60-a550-4a37-ac60-426a56feef87", "value": "0960f6655d55551555757az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776653903", "to_ids": true, "type": "filename", "uuid": "a2f91265-c33e-49fb-9fcb-fbb4a06df97f", "value": "pl88ntqfg.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 18/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776653903", "to_ids": false, "type": "text", "uuid": "16522119-9645-41f2-97a2-de9cf51bd537", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:25/72\nFirst Submission:2025-12-12T03:31:02.000000+00:00\nLast Submission:2025-12-12T03:31:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776654658", "uuid": "304bafd1-20e9-4822-9168-eda43b230e2e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776654658", "to_ids": true, "type": "md5", "uuid": "68bda1ad-8005-4d68-9c82-b8e11c468c54", "value": "89bf428b2d9214a66e2ea78623e8b5c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776654475", "to_ids": true, "type": "sha1", "uuid": "e0b29553-daff-4211-a5b0-78b7a97cbbfa", "value": "c031af92131cc5cef0be6fcb0804c2a84b976177", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776654475", "to_ids": true, "type": "sha256", "uuid": "ca576d08-2c80-432e-81d9-42cb063f8f5f", "value": "9084885412af5ae242082869ebb204bcc855db4216bda0b399d06097d193aab9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776653946", "to_ids": true, "type": "ssdeep", "uuid": "504fa649-833f-4848-b69e-9d60652eb0b4", "value": "49152:3T12L2ux06m2ik/BssklSBn1XohELthfbku2+xhZ4sYLSLK/CnZcaVq3IM5WDons:3fsLIEXDhaLB25M0Yfdb7Eu7s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776653946", "to_ids": false, "type": "size-in-bytes", "uuid": "65c08923-0753-4c1d-be75-ad930b01ce78", "value": "6956032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776653946", "to_ids": true, "type": "vhash", "uuid": "7a239153-0ff1-42ae-8290-64ab6080e816", "value": "066086655d55551d15541az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776653946", "to_ids": true, "type": "filename", "uuid": "0aba8de1-fa11-434f-8fc6-149189ef0120", "value": "5qt9l.exe" }, { "category": "Other", "comment": "Checked: 20/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776653946", "to_ids": false, "type": "text", "uuid": "11c02fad-3460-42f7-816a-0ba70413f849", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:13/72\nFirst Submission:2026-03-09T06:16:05.000000+00:00\nLast Submission:2026-03-09T06:16:05.000000+00:00" } ] } ] } }