misp-circl-feed/feeds/circl/misp/5acb6516-f590-4456-8fd7-4243950d210f.json

513 lines
278 KiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2018-04-07",
"extends_uuid": "",
"info": "OSINT - New Matrix Ransomware Variants Installed Via Hacked Remote Desktop Services",
"publish_timestamp": "1523391310",
"published": true,
"threat_level_id": "3",
"timestamp": "1523391291",
"uuid": "5acb6516-f590-4456-8fd7-4243950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "misp-galaxy:ransomware=\"Matrix\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#2c4f00",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
},
{
"colour": "#00223b",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#3a7300",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391244",
"to_ids": false,
"type": "link",
"uuid": "5acb6525-5b00-451c-9e62-430f950d210f",
"value": "https://www.bleepingcomputer.com/news/security/new-matrix-ransomware-variants-installed-via-hacked-remote-desktop-services/",
"Tag": [
{
"colour": "#00223b",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391244",
"to_ids": false,
"type": "comment",
"uuid": "5acb6534-0f10-4266-b5fc-4f1a950d210f",
"value": "Two new Matrix Ransomware variants were discovered this week by MalwareHunterTeam that are being installed through hacked Remote Desktop services. While both of these variants encrypt your computer's files, one is a bit more advanced with more debugging messages and the use of cipher to wipe free space.",
"Tag": [
{
"colour": "#00223b",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391244",
"to_ids": true,
"type": "filename",
"uuid": "5acb659c-0d50-42b8-9be9-40f2950d210f",
"value": "!ReadMe_To_Decrypt_Files!.rtf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391245",
"to_ids": true,
"type": "email-src",
"uuid": "5acb659d-25ec-41ac-ae45-4e10950d210f",
"value": "files4463@tuta.io"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391245",
"to_ids": true,
"type": "email-src",
"uuid": "5acb659d-0704-4e84-b9ce-46a2950d210f",
"value": "files4463@protonmail.ch"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391246",
"to_ids": true,
"type": "email-src",
"uuid": "5acb659d-45ec-4971-aa43-4a49950d210f",
"value": "files4463@gmail.com"
},
{
"category": "Artifacts dropped",
"comment": "!ReadMe_To_Decrypt_Files!.rtf ransomnote",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCATiA4MDASIAAhEBAxEB/8QAGgABAAMBAQEAAAAAAAAAAAAAAAIDBAUBBv/EABgBAQEBAQEAAAAAAAAAAAAAAAABAgME/9oADAMBAAIQAxAAAAHq2ufrO2fG7FersGdaWbeUp55LUvSC6BB56F0CC4UrhSuFK4UrhSuFK4UrhSuFKMSwiSVixZQTTzlr3wPayazKXIiSWYvexPXnhIiSV2BTeeIxLCBMuKVUyR4erhSuFK4UrhSuFK4UrhSuFK4UrspY9tKTOaHtpSuFK4UqLj1dAgo2mBY64txeTzrN1MhOjzialv52g0xM2NkRKIVz9EqrQAAAAAAAABTDSMU9QzQ2CqGgZ46hl90jNTvFPl4xy1CmOgU+XjJPQMfm0ZfdIyS0iiGoZY7BRZMZmkZZ3gAAAAAAAABVaAK4XiEwq8uAFMrAhOkhpziCl1xxB052T8vlz16sp51uT1pep57Xw6SjTOpeU+Wb4yjnUq7KB7msJe57TRPz0AzqvS33NMs0c/oAFcVZZ5TE1q4l0KbScK/TTIAMs8thcr8J2ZJF6ETVKuwAoURNPuWZf5V4aLc2kAoVixnmXTxbiQI1X4DR7TWbZxkAAAAAAAAAPPfCi3NWbfKRoxaqC7LrqOeOuM/vbuj559BXHDfQj57ob/JfZPM69AAjIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRSEXvpFIRSEUhFIRSEUhFIRSEUhFIRSEUhFIRe1FislisWKxYrFjwvrwevB68HrwevB68HrwevB6j6enh6AeHr30jXcI+THKanXFs4S47x13Wc9+6c128KNHmkoTges8DW5d5tVaCCYgmIVy8JsUzUnEhbTaeRxdEVe1Gh74eS5sjoKrBCdBbPmdGa9rsruFtVi+1CJwmsqlpX7XYk/K7F9rniTTZTNfJZNKWeewV7VNLCtY34N55m057LkbIiqsPVdgg9qcowlteUGhXAvQgXAMG0kqxnRc/WWsegl576RBPm7ucadXM6Z7756AAZB1xbKNvLeK23zlq2t71zGVdZrrl6VeXiny8V+zEExBMQq0DPZYIJiqchCYQTDz0AAeeSEJh5XZ6VWgqtFU5ACKQeehXYKrPRVKY8jMVrB56EJh5n0Z7MbqpeR71hiy9cc6/VVZPmdOUcqPXLydO0ci7oim4ON52InMr6vkcTd0PKw9GEyEvPCRI8SEfJjz3z0AAyDri2Mp8tZ/bIrHVReK55TVHz0yeVw3jfbVDOr5wnLVPBtLFVg95MjqHKOqh4T8wbz0geWZ7yVU4RTbk3xJVPSu3m6JdaqyxCeYt8hOzN7VLWdvnufGtKssp49ROi+tFmPUs/ITPct1JoljvSfjxZShEteenmfRnstKpb5YRuYhrhVbZ69rllbz7DRZmqNzn6S9GRFTnOhDJA6HuOJrnn0FUoxLM+jwyNUjL5soL5RkAAZB1xbdTdy15XaUCnNv8zfYT81MzU1KLzIFqnIAAARkAHnkhH30IyZQ9kyVWujnWbWeoa5ee+eiq0mVqaQmZoAHldoAeeiCYhMPK7RCYAeZdXqZmlWZpGZpGbzUK/ZpYJiEbRBMQTEExBMQhcIJir2wQl74e1Wjz0PPfPQADIOuJ2Ue8tao45LsYRs9yaRKm49AAAAAArsoL45qzd7CYAAAAABHxWXe+egAAAFVuIbXP8ATfHDI3KbgAAADyKsu989AAAAAPK7MZr9w2mpReAAAAAIyge+03HoAPPfPQeD3HsMg64strt5a8el8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6PHo8ejx6IPImZS646FtVvLQLH1IikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCKQikIpCPvnoBUnM5I646FtVvLQL5KMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPsZAEZwmckdcdC2q3loF8lGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCUZAEZwmckdcdC2q3loF8lGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCUZAEZwmckdcdC2m7loF8lGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCUZAEZwmckdcb7qbuWgXyUZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEJRkARnCZyR1xvupu5aBfJRkAAAAAAAAAAAAAAAAK7OSdZx6zuObQdlyd5e5Xh1nN559E4tZ3nGsOq4dx1mCJ0XEmdhxbzpsGQ7TlenUc3Ed9zqDsOZYb3DkdpyOoTAAAAAAAAAAAAAABCUZAEZwmckdcb7qbuWgXyUZAAAAAAAAAAAAAAAADi9qBxdPUHLz9wcnrBys/dHJdYcl1hyY9gcO7rDBn644mzeMFfTGDzoDmukOJPsDnx6Q59HXHDl2hj2AAAAAAAAAAAAAAABCUZAEZwmckdcb7qbuWgXyUZAAAAABm0HoBSXAAAITBUWoTCm4AFJcApuAABAmAUlyi49U+loABUWlJcjIECYACEwhEtZNYAAAAAQmFVoAAAAABCUZAEZwmckdcb7areWgVKMgAAAADFn6o5k+gMObrjk3dAcr3qDkS6o5d27wx5euONLrjjS645tXXHMv1+nKr7I5U+kONLqTKMnR9ORd0RyJ9Qcp1Riy9ccuHXHHu6Qy4ewOVo2jkT6g5tPYGbH1Ryqu1A5mjcOO7A5OnaOVHrjnT3Dk+dcYs3WHKn0hzKOuObHrjn9AAAAAAAIe+egHk6vTmvXXG62q3loFSjIAAAAAxxvgY90bjnT2VmbZ76ZqNYz1bfC3PogVrJmCzVAo1wvMlOj0pvl4Z4WXFUdAhromWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh756AR898Mw64vtqt5aBUoyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIexkAR898Mw64vtqt5aBUoyAAAAAOetHvjwuotgU3BKu2BOn3wl754XeTyC+v0tp99PadNZKMNBjtsrJy8oLfJRLqLYmeycj15QW+ezI2Z7zJo88LPK7Cr2dhDym88uy6iwAAAAAAAAAAAAAAAAAAAFcoyAI+e+GYdcX21W8tAqUZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFcoyAI+e+GYdcX21W8tAqUZAAAAAGCyt3krMN1miFcZdE8VsX1111d7TDU2snubLVjhZ0aqPM2/3FfZfXRNV2W2yu6uVS3cvXzsfc0tNMM/hp9oiaZZqzVLJ5Zq9z2Yui6m7lQAAAAAAAAAAAAAAAAAAAAAAAK5RkAR8DMOuL7areWgVKMgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACuUZAEAZh1xfbTdy0CpQmAAAAAYrM3veXWc2+zVGiuXdLm3xqhlrrXLJXqdJz/c2/Tz/LOnXlhm7fOffZsrxTW6zDdZd7j9N7FCXfLDONVOX3U62G7Li6pYZVq9w16m6WMbZ87Tm6ctuI3+ZPK21ZfLN9Wfw6zz3z6AAAAAAAAAAAAAAAAAAArlGQBAGYdcXW1W8tAqcJgAAAAAAAAAAAAAAA
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391246",
"to_ids": false,
"type": "attachment",
"uuid": "5acb65c4-ae24-453a-a1fd-4317950d210f",
"value": "ransom-note.jpg"
},
{
"category": "Artifacts dropped",
"comment": "ransom background",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAE7A8gDASIAAhEBAxEB/8QAGQABAQEBAQEAAAAAAAAAAAAAAAIDAQQF/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAH4DWs9MO69Xzml55rtrFZIXouHXql8z0w152nbzybQsK6zKurm9Ga5taMHVxxvE3m3ySe7S1k2hmGvVxezCayb53PJ9flXi+s59u1wr1TOnlbY3l1vU6eXu1p5uaeg8bvNcutdM9fL30dXy9vZPL30dXyl3lDbreDQzm3lc+ezCaya5Xmamon0RLk25Zl26MuejSb8s+qEwaVc4tkuK4uAsAAAAAAAAAA9VYcx6b7yUy9Hn3uKnPabTylOSmW+Gt52hOm8SmqzvO5n1ePe50ZxnpsngvDazK8+Xn6OzOe07+a7jPZFldy0lrlRN9qFl85yXuHo8+uO2nn1m+87mtqg759p1y00zzz15ra5m4ymtOdwuKvTkvHKarvk3O9TLhv59tcc9p41fGc1r28ZunZTvn9Hn1y9GmXc9SLsKiarnJua7FHedzTaZ4tclcTNTeQWAAAAAAAAAAG3Z0wXbOOlJrEa5gDWXJ3lgAAAAAAAAABaaTfF7m6zwWAANM6KjfBbzok6Z0Odk04tcqklTrlL3srLZ6LPd4m4zuLzAA0jiXTMDbFSqMxctsezVQIFgAAAA0lzd5YNJcxYAAAAaVN4u6piLk2TdVHMd9J0yXRFrzmW6TU9XH0TxIz1w1w9Fss977wuW/OpGFRvz+uann6tY5mbMqs5XeHKnNNNs03zHfDXLuuWg3x5no5LXPL0+b1XHecjPa6i7O+T1ea8fXCp153iXTk8a4cvO3E3lntjrz+yOVn0TcVZyvP6EhWZzfC5vnKwZ9ePclz9Pn9GuXNc+47k0nZqDzevyb78+tYsejvO8uKIaadyT05Smuzh6tc/PeO951zmme3k9Hn9GuNs2e1VFrPedOaZ9l5XLMbmrlNSbRzNqkryxazrjDbEC5AAAA2y4mhSSVZKpNsuJoLkA72WRYAAABrEpoLl2rm8u1mz3hZVZjXPiXrmhHCx3g7wAAAC+SyLAAAC5l4LOupZXAFgAAAHdcbm4XDIWAAd1xTQXIAAAAAHpc5z9fJhvz1prGe6Y9J5VcvHqfQ3j3bOb7O2UvagZ1leuGvOJ25j6MLx9E9vPaOdUuOS9m1ie3Eef0Ya5a8rs2mzWazPcNvPcerks9exdkc6qMt8tceejz7y8d7OvJ2iVGvCZ0oz8/ow1x0ppOmOnA0zTXKqU8+me+uOdk2w9PmufZl3uezC+a5admZvbHu01GW+NznvGyYRty4tPZ147ZlVcgdXLK435guQAAAAAAAAN5zTfBcejFM3vlI3ykjTMmjMu8Rxb7mTSOE2Ym7gYtBd2Ca0vBZrzMWgm+AazyV15mNuZC4GbQXRmN2Ca17is76vJS1yDO3Mi7zkN84G+Al8kloLdZDW/OXtQZ3nI1rkM6si748FaYiqzG+cF7tgS4E05BdKxLozJrWPF0zGQsAAAAAAAAA9nKnj9Bypsyb1ceO/RSeL1c0mvLpdmPbqbyj0ePXL1eb15Tfani5eiNE8vN51xjfnc9vP3Te4+ftnrrjLec9vNz2ePXANcwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPX5eJv0886a318ZfT3yjavOZ3nJZ6e+VN+uPOPZhkPdzydm628i8/Rp5OL6NPGPX3xpfTzzrn0aeTi74F5hcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb3ccvdPNOXOEenS8/E9Vp4t27Xk7eqY811nTGNvPca+f3YTXO6F8nPRtefi57eHjenRPHtppOng76NLz8XfRqeF7C+N7pXxt9bjy69qanz+3xI76VT5/cz18LvOnjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9vj7Oevsnzp09VeKl9GnhpPRfho9XPKT288ia9mOK59eeMnrZJ07v4fWVzyGa9PirXP1d8fZv0d83U9PPL09byJr0cwXHrrxdm/Q8yz154E9eWFHqnzFSb8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFvVPP1Yc3WeedrvPzNNU81V62/C11Tzc9Nzfln1Z3Oce/zS5vYa8PdbvLzPRwxeji+dpqz56rRrLP2+JDak87fq+futnmejKyBeYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHty5jj0+uc03vzz7S9rGjSvHVz6K8kp7O+ZOnp8mk3G8zivo5Sa53zetOK883pzPmuO3cbmqZK381md/JdmnMuzprGfLjRmuchvzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANcktwAWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaVPc9ZvO07FSXPeL3s9WbimU1JcVK13hZuKZcCoqDRw1NxTPO8FRUl8GpuKSamk7FSXxxpU9Sbik7FSXPeL3s9WbimU1JcVK13hZuKZcCoqDRw1NxTPO8FRUl8GpuKSamk7FSXxxpU9SbztOxUlz3i97PVm4plNSXFStd4WbimXAqKg0cNTcUzzvBUVJfBqbikkXML6mZ2541ylNIOLpcmnCHeXIBpnKaZ0NpcVwgWAAAAAAHdprBpmgWGmcveaZgWG3JvJpmyFgA0lzby1kLgAaS5tYWWmaBYaaTp522LAWHd5rztM0CwAAdOLiUbrg2lc2mbIWGkS8O2FaTeCpuAAAAAAN683c9ebY+o5ntzPbuddXufepU86s3M3PNnZrLD0efXDaidO3mmnQ8+ud74drrPbk2Ix9PmvLfl5zesazOjLtXGPq8m1zzSeZ2rsnfN6PPrltpPM9eZb4a5evJ3PZc2ufeWmMXnvz89Hn1l06Z9E12UntlnvBcchnSibxz0y6eV6PP6JrHfK2py9HnuK0z2mu8rue3J6SazXHaqFvnOzVeT0+fXLnr8noJ7j6JeaJnaS2Y8+s643fMZr1InPbHh18QAAAAAAHahL244axJdZjpXcxfJJdZFuBKSLTwqsy9vPqaTBbQNMyyqzRpyC12Fi4SUkt1kW4EpIuO8LQL7mW6yFJJ2oVaEXWRdGfS2YqRmryNa9xLpyCNciaVia1ZCkmdZgukyT0ZTxr0+dw17iNZgi4JV5F0Zi+SS54NOQULkAAAAAD0ef0efPW+31dJrHPeHo5eUVGrXnjTPXnC5AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9HMGPR6ZwGuRrlvzFOl735peQa4BYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/8QAKhAAAgIBAwQBBAMBAQEAAAAAAQIAERIDEyEQIjEyQzAzQGAgI0FCUHD/2gAIAQEAAQUC6VK+l5lGV+bX86P/AINfQr83THOpyF+38UK1MeBpkwqVjLjMeNo9EBx74PRULRkIg0yYVKwCzjyRRwN7RgUmFCJtNK6bTQKSdppRvaMCEgoRFW4EJB0yJicMDZ0iIFLRVK9MeApMVbnOBQlQpwOmR00oHyIUbh1KLGyvAPQPQPcg7U91VbjVgO1LzWKpaFCJtmFamPG2ZgQXQmBCYUI6KhaMhE+JUJhQgDTJjIVm2ZyFxOCrU2mgUmHTattq0/dvb8ZR2YjEfb+KDu0zNT286er5Ppq+Yv29OD07QuSVatGFQGjVN7RfbLTimaftlp25s6XtlpxSC6k5/wDVmfHpz1T4tOfEnqG0xPj0+mnAcZWK/E3ov29Ppp
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391246",
"to_ids": false,
"type": "attachment",
"uuid": "5acb662e-ae24-4c24-b1e4-45b9950d210f",
"value": "background.jpg"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391247",
"to_ids": true,
"type": "filename",
"uuid": "5acb688a-afe4-4118-9fa4-4d4c950d210f",
"value": "#Decrypt_Files_ReadMe#.rtf"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391247",
"to_ids": true,
"type": "email-src",
"uuid": "5acb688b-04dc-4e65-9b64-4eab950d210f",
"value": "restorfile@tutanota.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391247",
"to_ids": true,
"type": "email-src",
"uuid": "5acb688b-1d94-4570-94ce-4e30950d210f",
"value": "restorefile@protonmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391248",
"to_ids": true,
"type": "email-src",
"uuid": "5acb688b-1de4-4f58-924d-445a950d210f",
"value": "restorefile@qq.com"
},
{
"category": "Artifacts dropped",
"comment": "ransomnote wallpaper",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAE7A8gDASIAAhEBAxEB/8QAGQABAAMBAQAAAAAAAAAAAAAAAAECAwQF/8QAGQEBAQEBAQEAAAAAAAAAAAAAAAECAwQF/9oADAMBAAIQAxAAAAHwGts9MY3LzpveebSzWM2JWL6LjMdUvM6aNc7SbzybUKLSlJtK0jozXNrYwSYidqN5ts0q3iXFtSyjWVyjswmsm9LmsdXKsTcznNtFxddZ05o2xvKW9505W9jmX6E40xrlLXTPXmdErzNNU5nRK8qbXlRtLWMaEzb1ms47MFzjXK8zU1SvRSXNosym9jJvpN8kdVExXtc5RvEuK9LgLAAAAAAAAAAOq2NcenRFUz3597i1c9ZuaxZSKplvjped1E6b0qmrZ3zua9PJvc6Mq56bIqq+G1znbNee81rntXfm0uMtlLLTlpLK1Ju00WXiIJw6Oe89tOeZrWIqtyCcNM7y30wrOrVKL54LvFc7i17xNFZXSeTUvNJl5+nn11yz2rC3RnNazfGbtKqW598Nct752z1ic72FqzRWLm00sTE5prEVW0VXFa2reQWAAAAAAAAAAGtpvBe6Y3tLWIvMCYay5JiwAAAAAAAAAAumlbwqiWYFgAABtjNBcgAE3lzFhtjNBck2lrHTk3mLzAA0oiW9ANslhOhkLlvgmr1EgWAAAAE3lzTFiV5cxYAAAAaWm8U6piLk2TdrUjPfSumUuil2ojLZiLVlrHorCUz1x1w3uyz3vMFy3iUpham/P1xNcenWkZy7M5si0wRatEvtmm4x3w1xnXLRW+MZ6IrOuePTzdVxMRXPaZrYc3Ty649dJtnsiYl2yiqzExedrRDdMN8NeftytbHopas2Sx1StporfC6xF+dnrxnJc+nn6Nco1ztjvCtkmtqVzdfLtrz62yjHotWYuLTFFaTkvTlVLNcOvXPmvltedojXPbj6Ofo1xuznPabUusIkjTOZYvW5laJuVbVNqRm1ZReObSuuVG2IFyAAABtkTUF0rC1lUwbYk0FyATMtRYAAABrSszUC5L3m8l82QsmapdcglFygsAAAAALpaCwAACVqywLJTEqL0AsAAAAnXK83mvRkLAAJ1xTQXIAAAAAHSiOfqitG+F77Z57q06TlWi8ZV6G8Z2zm0a5yr0Gdsr64axCda5dPPrlvDTHakWrZN6RNTWyxDSKYdHPrlrFpm1bGqLmZw1xuOmKs9Zra60i1bmue2WuUdHPvLEpz1im9FU1gjPWxnh0c+uOlmk6Y6RBOmUzUWmDn0z31wzuTcZdHPc9eUzns59I1y0mtZvbGdpc898bmm+exhTaLi0wz1iV6ytaIRJc87U35guQAAAAAAAAN65TNwLjoxRN7ZVG+VSTfMmihds6St2ZNKQTacDV6wZuqXZgmtL4LNYzF1SbYoNqRVdYzG0ZC9JhnSKDRSF3YJrWcljq5ZW0UM7RkXeuQ3pmN8UJeKkvOZdJzg1vgVahneuRrXKYZ1ZGt8UJbTKC85k3zoanbCUtWCXVhb3xLozJrbEt6QZCwAAAAAAAADslbj9Lli/Rvz8Vum8vJvW7XLboqxzX6KWXremO8LVucbbWuePpmRz6wac3VkuNr6XnPN05TpSvZmzjTpsnNHVKxzdOCs+vO45tI6rjltpeb5p6ZmuWemq8kaZ78gWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdWeUZ69N+Q10TzQnRpxjpvxyu9M4Y6uZFdMc6a305JNejilevClTppjCdlOZL1uUdVeaa1vzmeqOWZroc6zqrzl6LcpN9OMdM8snTTAaZl5C1lV4KpEFiq9SFxRNii9SFqhepCZKrwVAAAAAAAAAAAAAAAAAAAAAAAABve7l7+Wu+uvPxuqy8mmms1wuq1zxT0XTkdVlw0tGetIuucadOlzxaaamOXVSXmdc3PHHVNnK65lwz685rnjtpc8s9heN0as8Troc7qiqtJx24jo6eTnnrjPXkv1UrCeuq8jq5rypeq4tWYS8QIvQtqwL1QaKEmayqVUgKAAAAAAAAAAAAAAAAAAAAAAAB215649PTtxQdNuSTpnjsdUcsnTjmZ7I47TfTz1jXPotzJrp14LNb6cWidFI517Jpz56dPPWN+ftcbPTqpz2uOpy1a7K8yOmuCzfTkHbXlTfU5JTW/NFx0actV655bG7nXPXyWzuZF5VtIrathUIskrbO5Fs9BW0CYkzCgAAAAAAAAAAAAAAAAAAAAAAAXdTn6uJvbXLnaXTCdt504J1vcc06aJzNrGM9EzrzxuTnja1zzTfoTmr3YzfO10uOaNdTmjSl5xPRSbyjqyXKeiFwjp57iBcAAAAAWqC1RMAAABKAAmBMAAAAAAAAAAAAAAAAAAAAAAAAAAB2258+Xt12wtZa2UrM46M6ZV0W+NYuOumOmet865Xn0sZXdz6zU6cutTXTmTprnvnoyptc5xamuekKS21pivSxS68umWuMDfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABpSJZmovQQKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0tWc9a3pZJpapeswszBa3pZlW1S9LVW6C1vS7MQFqWqXQarelmYmJJpapeBqt6WStq2SaWqXhDS1ZSt6WSaWqXrMLMwWt6WZVtUvS1Vugtb0uzEBalql0Gq3pZmJiSaWqXgarelkratkmlql4Q0tWUrelkmlql6zCzMFrelmVbVL0tVboLW9LsxAWpapdBqt6WZiYkmlql4Gq3pZKi5ovKZk3MNcpTShE2suTSCiYuQJjSksTfMGxivSgQAAAAABLea52mdgIaZymmdAkxvWbzXzZCwAWKrzNZujFai4AAAmNM5RZKuis6ZRrlcBYATvN869GQsANU3mvVKi5LpaCw0rLEb4KFyAAAAAABvbmnPWNsekU1Z7M7Ss0SlqwIvWtjVM1lh0c+uG16zOk3zTSQ59c774TaWeylxTLo57y2i+c3rTWs6M1rjHq5NrmNKpuLIiebp5tc9tKp0jHfC8uvJOey9brnMXTGl6b88dHP0zapnrjvnrcTTSs6RESzOdOq5oiJrTHbnsppnprjtXO+e0xN5pWJM89+ffC2+HTnpWaazpnauiZWvkXtWrV6Rqjn1pca568y16Mdbz0rWM9pwvnvzBcAAAAAAAATaKy2tmNa1LpWgvbMWipL2zLaiUmaC6gtakK0oTStC3UGmcwlrZl0isFposXoi00F7ZFvQS00F6Fl1Et5oW85C8VIvRZaaF1zhGkULrWgnbCTemZqdMoZ2jKVlUzeKjWMy6WxLrSpLzmNGYvbIXipLKjWlS3oXN1EtrUhZguQAAAAAAANGjPdFqzVdawNM5Wk2qxTe+U3G2VmoRhee2kWnWkxmxrFNVpS9rlj0Zrla92Yi9J1is6XGanUZ5R0mVGrOG8QtprfPTJj065Rk2WvP18txA1xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3z1wz22pSE3tzJve3PBuxhNrYCNcmue9uZnroo1zb86XopmaaZTedr5azU4XpZsxma6J5tp0tlSLjqyziXrxgt5w75eWtGuV7ZEsos1zggXIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH/8QAKhAAAgIBAwQBAwUBAQAAAAAAAQIAERIDEzIQISIxMzBAQyAjQVBgQnD/2gAIAQEAAQUC619KpREr72v6iv6XTHfU7hfj/FCtTHsNMmFSsK4zHttHogOPnF+NULRkKwaZMZSsAs15FaOJvaaBSYUIm03XaMCknaaUb2mmBIKEQLlAhIOmRMThgbOmRApaKpXpj4hSQFud8G
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391248",
"to_ids": false,
"type": "attachment",
"uuid": "5acb68b4-eaa8-43da-963b-4714950d210f",
"value": "wallpaper.jpg"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523280189",
"to_ids": true,
"type": "sha256",
"uuid": "5acb693d-4d94-4edb-b326-40a4950d210f",
"value": "a26087bb88d654cd702f945e43d7feebd98cfc50531d2cdc0afa2b0437d25eea"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523280190",
"to_ids": true,
"type": "sha256",
"uuid": "5acb693e-b984-43e9-8985-41e9950d210f",
"value": "996ea85f12a17e8267dcc32eae9ad20cff44115182e707153006162711fbe3c9"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523391249",
"to_ids": false,
"type": "link",
"uuid": "5accacb2-2a30-4de7-8c57-4094950d210f",
"value": "http://id-ransomware.blogspot.lu/2016/12/matrix-ransomware.html"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1523307058",
"uuid": "8d158558-595e-4460-9706-acc37ae7f29f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "8d158558-595e-4460-9706-acc37ae7f29f",
"referenced_uuid": "2b816db9-6c8d-4c0e-9efd-99a358d67736",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-12-14 14:30:15 +00:00
"timestamp": "1523307060",
"uuid": "5acbd234-1bb4-4d5e-a9a3-8fe202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1523307055",
"to_ids": true,
"type": "sha1",
"uuid": "5acbd22f-7b98-47d2-a6ef-8fe202de0b81",
"value": "be45c74a5dc7a4830be0167ef8ef26ffec37d4de"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1523307056",
"to_ids": true,
"type": "sha256",
"uuid": "5acbd230-cb24-4520-8874-8fe202de0b81",
"value": "a26087bb88d654cd702f945e43d7feebd98cfc50531d2cdc0afa2b0437d25eea"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1523307056",
"to_ids": true,
"type": "md5",
"uuid": "5acbd230-f714-4b91-a946-8fe202de0b81",
"value": "b4d152a4a0dc40258f3dfae88dd1e2c0"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1523307057",
"uuid": "2b816db9-6c8d-4c0e-9efd-99a358d67736",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1523307057",
"to_ids": false,
"type": "link",
"uuid": "5acbd231-7c70-4127-a4bd-8fe202de0b81",
"value": "https://www.virustotal.com/file/a26087bb88d654cd702f945e43d7feebd98cfc50531d2cdc0afa2b0437d25eea/analysis/1523287281/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1523307057",
"to_ids": false,
"type": "text",
"uuid": "5acbd231-b244-4747-8a04-8fe202de0b81",
"value": "51/65"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1523307057",
"to_ids": false,
"type": "datetime",
"uuid": "5acbd231-0470-42cd-a4a9-8fe202de0b81",
"value": "2018-04-09T15:21:21"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1523307061",
"uuid": "949e2684-bf18-4920-8317-98d91d5c505c",
"ObjectReference": [
{
"comment": "",
"object_uuid": "949e2684-bf18-4920-8317-98d91d5c505c",
"referenced_uuid": "d21be9c3-bd7f-4349-8c2d-cea0804f2b37",
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
2023-12-14 14:30:15 +00:00
"timestamp": "1523307060",
"uuid": "5acbd234-6f3c-4bc9-b2c9-8fe202de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1523307058",
"to_ids": true,
"type": "sha1",
"uuid": "5acbd232-c024-44b6-8240-8fe202de0b81",
"value": "ff70a421bbcf31ad76708912aeb362d9102695f4"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1523307058",
"to_ids": true,
"type": "sha256",
"uuid": "5acbd232-0180-4d59-8f58-8fe202de0b81",
"value": "996ea85f12a17e8267dcc32eae9ad20cff44115182e707153006162711fbe3c9"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1523307059",
"to_ids": true,
"type": "md5",
"uuid": "5acbd233-e7d8-4c03-86e3-8fe202de0b81",
"value": "a42c211988a47c9843737ce26812584f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1523307059",
"uuid": "d21be9c3-bd7f-4349-8c2d-cea0804f2b37",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1523307059",
"to_ids": false,
"type": "link",
"uuid": "5acbd233-103c-4153-9fa1-8fe202de0b81",
"value": "https://www.virustotal.com/file/996ea85f12a17e8267dcc32eae9ad20cff44115182e707153006162711fbe3c9/analysis/1523284651/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1523307060",
"to_ids": false,
"type": "text",
"uuid": "5acbd234-8a9c-41c3-b96a-8fe202de0b81",
"value": "52/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1523307060",
"to_ids": false,
"type": "datetime",
"uuid": "5acbd234-da28-404a-ab73-8fe202de0b81",
"value": "2018-04-09T14:37:31"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An IP address (or domain) and a port seen as a tuple (or as a triple) in a specific time frame.",
"meta-category": "network",
"name": "ip-port",
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
"template_version": "6",
"timestamp": "1523363058",
"uuid": "5accacf2-ed80-4799-b66f-4f5d950d210f",
"Attribute": [
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "domain",
"timestamp": "1523363059",
"to_ids": true,
"type": "domain",
"uuid": "5accacf3-15cc-4df8-9347-4642950d210f",
"value": "murik.xyz"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "ip",
"timestamp": "1523363059",
"to_ids": true,
"type": "ip-dst",
"uuid": "5accacf3-e020-4185-b0d0-4475950d210f",
"value": "212.8.244.111"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "dst-port",
"timestamp": "1523363060",
"to_ids": false,
"type": "port",
"uuid": "5accacf4-87a8-4eab-9e3c-4247950d210f",
"value": "80"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}