2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5a252fea-cbdc-425d-ba82-436a950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:54.000Z" ,
"modified" : "2017-12-04T11:56:54.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5a252fea-cbdc-425d-ba82-436a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:54.000Z" ,
"modified" : "2017-12-04T11:56:54.000Z" ,
"name" : "OSINT - Test Cryptomix Ransomware Variant Released" ,
"published" : "2017-12-04T12:52:43Z" ,
"object_refs" : [
"indicator--5a253125-44a8-461e-babb-4e7f950d210f" ,
"indicator--5a253125-0fb8-4839-9845-43d4950d210f" ,
"indicator--5a253125-dd28-4b39-ac53-4904950d210f" ,
"indicator--5a253125-355c-44f8-b921-4831950d210f" ,
"indicator--5a253125-d8d0-4831-af33-4f4a950d210f" ,
"indicator--5a253125-6110-487f-be6b-4668950d210f" ,
"indicator--5a253125-c4c8-48c8-ad37-43ca950d210f" ,
"indicator--5a253125-7184-4745-a474-4842950d210f" ,
"x-misp-attribute--5a25313e-2f3c-4233-94c9-4e2c950d210f" ,
"observed-data--5a25314e-786c-454b-8ef6-4d30950d210f" ,
"url--5a25314e-786c-454b-8ef6-4d30950d210f" ,
"indicator--5a253802-01b0-4493-a57e-b6fc02de0b81" ,
"indicator--5a253802-a93c-4d1b-8988-b6fc02de0b81" ,
"observed-data--5a253802-be14-4b6c-bef9-b6fc02de0b81" ,
"url--5a253802-be14-4b6c-bef9-b6fc02de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:ransomware=\"CryptoMix\"" ,
"type:OSINT" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-44a8-461e-babb-4e7f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[file:hashes.SHA256 = '0b2f5f6e61a81c9a872827e5ea1fd5ea05ca470b55975267b00033251dc79c1b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-0fb8-4839-9845-43d4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[file:name = '_HELP_INSTRUCTION.TXT']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-dd28-4b39-ac53-4904950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\[random].exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-355c-44f8-b921-4831950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[email-message:from_ref.value = 'test757@tuta.io']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-d8d0-4831-af33-4f4a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[email-message:from_ref.value = 'test757@protonmail.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-6110-487f-be6b-4668950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[email-message:from_ref.value = 'test757xz@yandex.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-c4c8-48c8-ad37-43ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[email-message:from_ref.value = 'test757xy@yandex.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253125-7184-4745-a474-4842950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"pattern" : "[email-message:from_ref.value = 'test757@consultant.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5a25313e-2f3c-4233-94c9-4e2c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Today, MalwareHunterTeam discovered a new variant of the CryptoMix ransomware that appends the .TEST extension to encrypted files and changes the contact emails used by the ransomware. \r\n\r\nIn this article I will provide a brief summary of any changes that have occurred in this new variant. As we are always looking for weaknesses, if you are a victim of this variant and decide to pay the ransom, please send us the decryptor so we can take a look at it. You can also discuss or receive support for Cryptomix ransomware infections in our dedicated Cryptomix Help & Support Topic."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a25314e-786c-454b-8ef6-4d30950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:49.000Z" ,
"modified" : "2017-12-04T11:56:49.000Z" ,
"first_observed" : "2017-12-04T11:56:49Z" ,
"last_observed" : "2017-12-04T11:56:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a25314e-786c-454b-8ef6-4d30950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a25314e-786c-454b-8ef6-4d30950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/test-cryptomix-ransomware-variant-released/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253802-01b0-4493-a57e-b6fc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:50.000Z" ,
"modified" : "2017-12-04T11:56:50.000Z" ,
"description" : "- Xchecked via VT: 0b2f5f6e61a81c9a872827e5ea1fd5ea05ca470b55975267b00033251dc79c1b" ,
"pattern" : "[file:hashes.SHA1 = 'e20b53e74da470d6e36ed15ba70eb1f1658eaaaf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5a253802-a93c-4d1b-8988-b6fc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:50.000Z" ,
"modified" : "2017-12-04T11:56:50.000Z" ,
"description" : "- Xchecked via VT: 0b2f5f6e61a81c9a872827e5ea1fd5ea05ca470b55975267b00033251dc79c1b" ,
"pattern" : "[file:hashes.MD5 = '74c7bec8d4949ebf2f8f6be1af2f2113']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-12-04T11:56:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5a253802-be14-4b6c-bef9-b6fc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-12-04T11:56:50.000Z" ,
"modified" : "2017-12-04T11:56:50.000Z" ,
"first_observed" : "2017-12-04T11:56:50Z" ,
"last_observed" : "2017-12-04T11:56:50Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5a253802-be14-4b6c-bef9-b6fc02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5a253802-be14-4b6c-bef9-b6fc02de0b81" ,
"value" : "https://www.virustotal.com/file/0b2f5f6e61a81c9a872827e5ea1fd5ea05ca470b55975267b00033251dc79c1b/analysis/1512356719/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
