{"Event":{"info":"GandCrab Ransomware Version 2 Released With New .Crab Extension & Other Changes","Tag":[{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:ransomware=\"GandCrab\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""},{"colour":"#2c4f00","exportable":true,"name":"malware_classification:malware-category=\"Ransomware\""},{"colour":"#3b0020","exportable":true,"name":"workflow:todo=\"expansion\""}],"publish_timestamp":"0","timestamp":"1521188536","analysis":"2","Attribute":[{"comment":"","category":"External analysis","uuid":"5aa29e02-aaac-4955-a600-48e2950d210f","timestamp":"1520606729","to_ids":false,"value":"https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"link"},{"comment":"","category":"External analysis","uuid":"5aa29e2a-6720-4462-9b8f-4c2f950d210f","timestamp":"1520606774","to_ids":false,"value":"Last week, security firm Bitdefender, the Romanian Police, and Europol allegedly gained access to the GandCrab Ransomware's Command & Control servers, which allowed them to recover some of the victim's decryption keys. This allowed Bitdefender to release a tool that could decrypt some victim's files.\r\n\r\nAfter this breach, the GandCrab developers stated that they would release a second version of GandCrab that included a more secure command & control server in order to prevent a similar compromise in the future.\r\n\r\nYesterday, MalwareHunterTeam discovered that GandCrab version 2 was released, which contains changes that supposedly make it more secure and allow us to differentiate it from the original version. In this article we will provide a quick overview as to what has changed and how you can identify that you are are infected with the GandCrab Ransomware.","Tag":[{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""}],"disable_correlation":false,"object_relation":null,"type":"comment"},{"comment":"","category":"Network activity","uuid":"5aa29ecd-59a8-4612-ab33-4ac5950d210f","timestamp":"1520606925","to_ids":false,"value":"malwarehunterteam.bit","disable_correlation":false,"object_relation":null,"type":"domain"},{"comment":"","category":"Network activity","uuid":"5aa29ecd-0734-461e-8497-4ae4950d210f","timestamp":"1520606925","to_ids":false,"value":"politiaromana.bit","disable_correlation":false,"object_relation":null,"type":"domain"},{"comment":"","category":"Network activity","uuid":"5aa29ecd-66a0-4072-b4e6-4abc950d210f","timestamp":"1520606925","to_ids":false,"value":"gdcb.bit","disable_correlation":false,"object_relation":null,"type":"domain"},{"comment":"","category":"Payload delivery","uuid":"5aa29ee9-e7c8-4012-aeeb-4a21950d210f","timestamp":"1520606953","to_ids":true,"value":"CRAB-Decrypt.txt","disable_correlation":false,"object_relation":null,"type":"filename"},{"comment":"","category":"Payload delivery","uuid":"5aa29f46-6030-4040-8e28-1527950d210f","timestamp":"1520607046","to_ids":true,"value":"966a0852c8adbea0b7b7aada7c2c851ee642c7bca7da3b29ee143f47ddeb90a5","disable_correlation":false,"object_relation":null,"type":"sha256"}],"extends_uuid":"","published":false,"date":"2018-03-06","Orgc":{"uuid":"55f6ea5e-2c60-40e5-964f-47a8950d210f","name":"CIRCL"},"threat_level_id":"3","uuid":"5aa29dd0-a560-420c-acda-188b950d210f"}}
