misp-circl-feed/feeds/circl/misp/58481165-02dc-427e-a1c2-40de950d210f.json

{"Event": {"info": "OSINT - Petya Ransomware Returns with GoldenEye Version, Continuing James Bond Theme", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}], "publish_timestamp": "0", "timestamp": "1481118266", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "584811a1-9ed0-4495-84c8-40d3950d210f", "timestamp": "1481118113", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/petya-ransomware-returns-with-goldeneye-version-continuing-james-bond-theme/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "584811bb-7e88-48aa-b0ee-4aba950d210f", "timestamp": "1481118139", "to_ids": false, "value": "The author of the Petya-Mischa ransomware combo has returned with a new version that uses the name GoldenEye Ransomware, continuing the malware's James Bond theme.\r\n\r\nBrought to our attention today by a Bleeping Computer user named gizmo21, this new \"GoldenEye\" ransomware is almost identical to past Petya and Mischa variants.", "disable_correlation": false, "object_relation": null, "type": "comment"}, {"comment": "starts with", "category": "Payload delivery", "uuid": "5848121b-f2c8-4813-ad13-d9c6950d210f", "timestamp": "1481118235", "to_ids": false, "value": "Bewerbung", "disable_correlation": false, "object_relation": null, "type": "email-subject"}, {"comment": "", "category": "Payload delivery", "uuid": "58481239-0fec-4404-bbcc-4833950d210f", "timestamp": "1481118265", "to_ids": true, "value": "Wiebold-Bewerbung.xls", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "58481239-b2a8-44a0-8f5d-40a6950d210f", "timestamp": "1481118265", "to_ids": true, "value": "Meinel-Bewerbung.xls", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "58481239-c96c-4d34-bb08-43e9950d210f", "timestamp": "1481118265", "to_ids": true, "value": "Seidel-Bewerbung.xls", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "58481239-7ab0-4b10-a9a4-4e5d950d210f", "timestamp": "1481118265", "to_ids": true, "value": "W\u00fcst-Bewerbung.xls", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5848123a-2ddc-40f8-a9a3-4638950d210f", "timestamp": "1481118266", "to_ids": true, "value": "Born-Bewerbung.xls", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Payload delivery", "uuid": "5848123a-e8dc-4fc7-a66c-43ce950d210f", "timestamp": "1481118266", "to_ids": true, "value": "Schlosser-Bewerbung.xls", "disable_correlation": false, "object_relation": null, "type": "filename"}], "extends_uuid": "", "published": false, "date": "2016-12-06", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "58481165-02dc-427e-a1c2-40de950d210f"}}