misp-circl-feed/feeds/circl/misp/5bf81c54-4464-4c12-aae7-4607950d210f.json

1 line
175 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{"Event": {"info": "OSINT - Aurora / Zorro Ransomware Actively Being Distributed", "Tag": [{"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Aurora Ransomware\""}], "publish_timestamp": "0", "timestamp": "1543222498", "Object": [{"comment": "", "template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46", "uuid": "5bfba696-7a10-46db-8e0b-4c9f950d210f", "sharing_group_id": "0", "timestamp": "1543218838", "description": "An address used in a cryptocurrency", "template_version": "4", "Attribute": [{"comment": "", "category": "Financial fraud", "uuid": "5bfba696-2460-4afb-ae36-4b96950d210f", "timestamp": "1543218838", "to_ids": true, "value": "18sj1xr86c3YHK44Mj2AXAycEsT2QLUFac", "disable_correlation": false, "object_relation": "address", "type": "btc"}, {"comment": "", "category": "Other", "uuid": "5bfba697-a9f8-4af6-ba2b-4ce9950d210f", "timestamp": "1543218839", "to_ids": false, "value": "BTC", "disable_correlation": true, "object_relation": "symbol", "type": "text"}], "distribution": "5", "meta-category": "financial", "name": "coin-address"}, {"comment": "Ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5bfba948-d188-4b1a-b11e-406d950d210f", "sharing_group_id": "0", "timestamp": "1543219528", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5bfba948-c420-443e-a091-4132950d210f", "timestamp": "1543219528", "to_ids": true, "value": "!-GET_MY_FILES-!.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5bfba94a-c67c-463e-8fd7-4b6f950d210f", "timestamp": "1543219530", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5bfba95f-ec48-46b9-ad7b-4a10950d210f", "sharing_group_id": "0", "timestamp": "1543219551", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5bfba95f-00d8-49b9-a78a-4509950d210f", "timestamp": "1543219551", "to_ids": true, "value": "#RECOVERY-PC#.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5bfba960-f634-4f97-93e6-4402950d210f", "timestamp": "1543219552", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5bfba976-5148-4a25-8b94-4467950d210f", "sharing_group_id": "0", "timestamp": "1543219574", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5bfba977-32c8-4364-9f18-4364950d210f", "timestamp": "1543219575", "to_ids": true, "value": "@_RESTORE-FILES_@.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5bfba977-f284-4728-ba45-48cc950d210f", "timestamp": "1543219575", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Wallpapaer ransomnote", "template_uuid": "688c46fb-5edb-40a3-82