misp-circl-feed/feeds/circl/stix-2.1/5acc88e9-265c-4f22-9d2b-b702950d210f.json

225 lines
165 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5acc88e9-265c-4f22-9d2b-b702950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T20:13:54.000Z",
"modified": "2018-04-10T20:13:54.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5acc88e9-265c-4f22-9d2b-b702950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T20:13:54.000Z",
"modified": "2018-04-10T20:13:54.000Z",
"name": "OSINT - PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown's Battlegrounds",
"published": "2018-04-10T20:13:56Z",
"object_refs": [
"observed-data--5acc8902-ab3c-4dfc-b0bf-32b6950d210f",
"url--5acc8902-ab3c-4dfc-b0bf-32b6950d210f",
"x-misp-attribute--5acc9143-c550-4cac-9c62-40f9950d210f",
"indicator--5acc9181-5c70-4a02-b2f0-4dae950d210f",
"observed-data--5acc91b2-bd54-4e44-8aee-35e7950d210f",
"file--5acc91b2-bd54-4e44-8aee-35e7950d210f",
"artifact--5acc91b2-bd54-4e44-8aee-35e7950d210f",
"indicator--2ba7f152-381c-470f-a732-792397b424d4",
"x-misp-object--eefb6d88-9cc1-4d65-b266-b2e82a2464b9",
2024-04-05 12:15:17 +00:00
"relationship--fcb2adcd-0a21-43e7-9e2b-24f81b41c8eb"
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"malware_classification:malware-category=\"Ransomware\"",
"circl:incident-classification=\"malware\"",
"ms-caro-malware-full:malware-type=\"Joke\"",
"workflow:todo=\"create-missing-misp-galaxy-cluster-values\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5acc8902-ab3c-4dfc-b0bf-32b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T20:13:08.000Z",
"modified": "2018-04-10T20:13:08.000Z",
"first_observed": "2018-04-10T20:13:08Z",
"last_observed": "2018-04-10T20:13:08Z",
"number_observed": 1,
"object_refs": [
"url--5acc8902-ab3c-4dfc-b0bf-32b6950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5acc8902-ab3c-4dfc-b0bf-32b6950d210f",
"value": "https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5acc9143-c550-4cac-9c62-40f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T20:13:08.000Z",
"modified": "2018-04-10T20:13:08.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "In what could only be a joke, a new ransomware has been discovered called \"PUBG Ransomware\" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.\r\n\r\nDiscovered by MalwareHunterTeam, when the PUBG Ransomware is launched it will encrypt a user's files and folders on the user's desktop and append the .PUBG extension to them. When it has finished encrypting the files, it will display a screen giving you two methods that you can use to decrypt the encrypted files."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5acc9181-5c70-4a02-b2f0-4dae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T10:27:13.000Z",
"modified": "2018-04-10T10:27:13.000Z",
"pattern": "[file:hashes.SHA256 = '3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-10T10:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5acc91b2-bd54-4e44-8aee-35e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T20:13:08.000Z",
"modified": "2018-04-10T20:13:08.000Z",
"first_observed": "2018-04-10T20:13:08Z",
"last_observed": "2018-04-10T20:13:08Z",
"number_observed": 1,
"object_refs": [
"file--5acc91b2-bd54-4e44-8aee-35e7950d210f",
"artifact--5acc91b2-bd54-4e44-8aee-35e7950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5acc91b2-bd54-4e44-8aee-35e7950d210f",
"name": "pubg-ransomware.jpg",
"content_ref": "artifact--5acc91b2-bd54-4e44-8aee-35e7950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--5acc91b2-bd54-4e44-8aee-35e7950d210f",
"payload_bin": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAIHBJ8DASIAAhEBAxEB/8QAGgAAAgMBAQAAAAAAAAAAAAAAAAMBAgQFBv/EABkBAQEBAQEBAAAAAAAAAAAAAAABAgMEBf/aAAwDAQACEAMQAAABa21t81jC1YwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBYwFjAWMBZMZ0FZllTJ1hlogsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCxULFQsVCmXWrHWc7yWrid87cjr8m4XJOskxJBIsSASSFq2gklYm0lZtK1sBaCUit4spDCqWvKUGQLLQQSFCSoqyoqraXNZArExYTEkBJBIRIAExEgAFEhAErEgBIQSEEwkElQSJAAAVBIQTAAABEEhASoEgEgBAApIEVYRSbyqxlRZaE6O/D0OXbLpwTnW8xoOnTBU6i8TB1qoNxzWm0xIOjbk6R7cjR08vqgMBYwFjAWMBYwFjATDMw3Dvwaxfk9blVSSdZgkIJhCJKJiQtWZbWpJdqOlKmd2fOkJ6djk6cvfs4kQal2Ttzec5PYs5tW2jn17Pn9R969s55Ylyr7nFsrC7awOR6TOuFGsMSO/mOSB0wABIAEwBKwWFrJKQSJEgAAAABQAQSEEwgEkRIQSEEhESEEhBIRIKTEwALIABMTMysTMSxW1UpFos6PQ5/Q5dmGOudbl5Q13whuMUmwwhuMIapySbTHU3GENxhDcYpNgAAAAAAAC13oRj059YvyuryqpMTvMwAEkkRaKAkgkAJDp8zpyzzu1mzvD38pHK7/AJ/0FnAIjc17ufvxeb2OJ3Tz8dq9l/PdvjHXy9Dkypid2+aaa0TWEvGsU9N5v0mN+ajsFmHqW52dYuzy9G8768jsY1xdy9W8sZl52ddHm+i4KdJzePnfR5GhO8P6DeJm9bmnUrj9PndZK05HdlSzm6Kx9BLLMGmdphzdfCaMWzLHQOPaXXzvQ+f3nsTo4WNO1ZuhYL5nTl5FelzumIJLIJACSJmZYm0kWLSxW9SlbVKklnQ34N/HqnTzJmumc9B16cyp2F85xtSQWtlDecyh1kc9xsbgWnTXzWq7XzKHWXgg6N+PJ0l58x1rc5B1DOo3ry7hePfg1i/J6/J1KEm8AEskSSEqBJBMlZkK9Ln9GVmLTzZXprOsz6HzvbzrjV6OKx2+EZuHucLvHnTTfeOjzutxcb6vPOmcJ8G+exjFY6cuIjryn0fm/Sc98CyDpnv8h+nnvm9jBrROrkdeXm6c2rUz4t2LWfQ+d9Fw8b0bJ5Z2eVvyR0vP97nVk7/O1HN6XN6acXucXtnG2GpcqN2A6Utw51pjPuOS3F2OnOmG2fnvu+f9BwNTv+f9BwI3beX1FQYN6ZsW3HqQSakEiRJYixKzMTEzUltWIqK2qABv3Yd3LadPMma6a8aDqHMqdhfOcbUkE3yhvOZQ62fA42NwLTpq5zVdr5lDrLwQdE5UnRpnzHajlXNpk0Doz6CMO7FrN+T12nBPSlnmo9MHmj0pZ5qfSEvmz0gecPRh509EL57R2Q42b0RHnT0RZ51neDBfYZ1zef6Is890OiHOOiHEzekLPN6u0GE3GbyI7BqecPRlnnOl0SPOHoyvP7ukS+f6O8MS+iS8NvXLniJ9CVz+d6EjmaNZLz8HfLOLu2C4sPbDiaOmRwOnsJUK2EvKy98rl5+4JxdHSNTgP7Bc409Ixvn4O+amDB3g4GvqBkXvM3gR6A1PPnoA4B3w4M90OHPbDiz2Q4p2heHHdDhR3g4B3xOfutXOk6eZMvTXjQdQ5lTsL5zjakgm+UN5zKHWz4HGxuBadNXOartfModZeCDonKk6NM+Y7Ucq5rtk0DTPoIx7MlzbDqxUwpNWKxZaKVuWiopwiEeIKfOcTQZxdM4zn22GadY0zlmXQJqPM0Z6azPOuTzPNOjPMrzPNy+M8mgy2XQZy40CIrQZyNBnk0GWy6DPNjxMWaDIzO3iDWHznJdBnkeIAywrj3vbPOWnVztNaDNFmquakuimWJdWziv3z7EZbbzScbMa6Zmt0jxC41mRo4SXDhIOEiuFA0TA8QQ4SK4TA+USNFAwUR0GobKhcno4RS9xLLTC5mlSzPNjJpMoTYpNqk1JIL1GKm0UkmoW+IrejFUXrYTCzTtz6PN3jJrwLbDuwklSrxUsIBCLTSy82UGSJHEJG1sTVtOPupMzz9C5Jz1dRi+3hpatuXrqXm4GoZ18y63rz9FZmM9a2i0pRhrFGxXfJyHK356ljh7qSXarEzclyu+Dksr08yyZ4fQrcnXNNicdaMqwTexcIU1eek53335VXvPP0wMqSrTk6ea1ks5+oi99YuvSmopdWdPW2dZXaSpep3f58SHTzhJEEiwBBFgqWhYJCIsRFossAEBMbNOfXjeLTjmzXOZEdBeStdBeZw5GiBc0B5koblZXK1iFprpkbFdeSlblog0s50mtcZjpGG8OWTTnZ9GbHP6HP1m+DelcsbSsVtYmQ1zWQ1zGQ1hltpFzToDMaRMkbSsUbRMRtizFOwXGbAxmwTGbBcZsDGbAxxtJcVtc1ijcJiNomI2lYjaGI2iY42hjNhWQ2BjNgZDWGQ1hkNZHM5fo8PPpybdaZeZXsKzvmT0ROcvqlnN3adU1lvqnpyyL3pXnZukc+traZ7cMhrLnIawyGsMhrFyGsjIawyGslyGsMhrDIawymolymsMk6gtqU3Gk6eZK9NeNB1DmVOwvnONqSCb5Q3nModbPgcbG4Fp01c5qu18yh1l4IOicqTo0z5jtRyrmuM8mhmfQRz+hz9Yu1XPXtnDk7ZxQ7RxZOyccOwceTsHIDrnJk6py5OmcyTpHNDpHMg6hy4s6pyoOscmTqnKk6hy4OqcojqnKDqnLDqHLK6hyw6hyw6hyw6hzA6ZzIOocuLOqcoOqcoOqcsOocsOocsOocsOocsOicm2b1a8LnZ166fIszv1dvLbq7teazWN0c/np3jyxL6w47d56ZzCzpnMJemc0Okc0Okc2DpnNDpHNI6RzA6ZzA6ZzRekc0Okc2DpnMDqmXVmp08yV6a8aDqHMqdhfOcbUkE3yhvOZQ62fA42NwLTpq5zVdr5lDrLwQdE5UnRpnzHajlXNcZ5NDM+gjn9Dn6xfn9DnhNZqQkJJCSywWIrNpKTeSk3CszJUsJUvIuGRYurIKTYqs2IqWCpIVJCCQCSqlgrMhBMlSwVLBQtFlS0EEhBIQSESERN0yznTWbvqq1MaOhgitdC8dKdbJdcejR1dYqnZCc6r8Q60v3M0vXc0JmqySVJiCJCAAAAJiAAAUAIJgIkNWvLqzpOnmTL0140HUOZU7C+c42pIJvlDecyh1s+BxsbgWnTVzmq7XzKHWXgg6JypOjTPmO1HKua5y6SbpcRz+hz9Yvz+hgIJmokCZiVmaylprK2tW8TaJlAkgkSJAJgJgAiSoLBWZmKkzS6OqULgsuJUYC5uFC4ULQRIBEwREhBYKEhWbwUGQU0w6WefdOdDd11wx0JswK6c2ef27uLnW1K+0kXCgmIM2mLOO62OXswlliK6c9lZIqYmUiCSo6Yzy2VTLoEyypE3kVDai5u
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2ba7f152-381c-470f-a732-792397b424d4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T20:13:12.000Z",
"modified": "2018-04-10T20:13:12.000Z",
"pattern": "[file:hashes.MD5 = '0997ba7292ddbac1c7e7ade6766ed53c' AND file:hashes.SHA1 = 'd63ff86f05b6f2fb86abf0dcd16cd2008fa3c158' AND file:hashes.SHA256 = '3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-04-10T20:13:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--eefb6d88-9cc1-4d65-b266-b2e82a2464b9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-04-10T20:13:10.000Z",
"modified": "2018-04-10T20:13:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1/analysis/1523371298/",
"category": "External analysis",
"uuid": "5acd1ad6-61c4-45e4-98f6-4bb802de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "44/66",
"category": "Other",
"uuid": "5acd1ad7-b308-4547-96b5-41f902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-04-10T14:41:38",
"category": "Other",
"uuid": "5acd1ad7-c180-4b13-bb89-45ba02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
2024-04-05 12:15:17 +00:00
"id": "relationship--fcb2adcd-0a21-43e7-9e2b-24f81b41c8eb",
2023-04-21 14:44:17 +00:00
"created": "2018-04-10T20:13:11.000Z",
"modified": "2018-04-10T20:13:11.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--2ba7f152-381c-470f-a732-792397b424d4",
"target_ref": "x-misp-object--eefb6d88-9cc1-4d65-b266-b2e82a2464b9"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}