misp-circl-feed/feeds/circl/misp/5c51800b-4054-4a1d-9f2d-4810950d210f.json

1 line
47 KiB
JSON
Raw Permalink Normal View History

2023-12-14 14:30:15 +00:00
{"Event": {"info": "OSINT - New LockerGoga Ransomware Allegedly Used in Altran Attack", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#000000", "exportable": true, "name": "dnc:malware-type=\"Ransomware\""}, {"colour": "#39b300", "exportable": true, "name": "enisa:nefarious-activity-abuse=\"ransomware\""}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00acd1", "exportable": true, "name": "veris:action:malware:variety=\"Ransomware\""}, {"colour": "#000000", "exportable": true, "name": "Ransomware"}, {"colour": "#420053", "exportable": true, "name": "ms-caro-malware:malware-type=\"Ransom\""}, {"colour": "#001739", "exportable": true, "name": "ms-caro-malware-full:malware-type=\"Ransom\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}], "publish_timestamp": "0", "timestamp": "1548849757", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c51852f-de8c-4a99-a0f9-4c01950d210f", "sharing_group_id": "0", "timestamp": "1548846383", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c51852f-f300-42ee-824e-468e950d210f", "timestamp": "1548846383", "to_ids": true, "value": "X:\\work\\Projects\\LockerGoga\\cl-src-last\\cryptopp\\src\\rijndael_simd.cpp", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c51852f-ecec-4705-bc0c-4590950d210f", "timestamp": "1548846383", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c518643-345c-473f-a3b4-1746950d210f", "sharing_group_id": "0", "timestamp": "1548846659", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c518643-a490-4e85-bb4d-1746950d210f", "timestamp": "1548846659", "to_ids": true, "value": "README-NOW.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c518643-9d38-45c6-a0d4-1746950d210f", "timestamp": "1548846659", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5c5180b6-03ec-477c-b914-1747950d210f", "timestamp": "1548845370", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5c518120-9f24-4cae-8aca-4485950d210f", "timestamp": "1548845369", "to_ids": false, "value": "Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and their own assets, Altran decided to shu