misp-circl-feed/feeds/circl/misp/5c04f23f-fd50-4445-ba0b-40b3950d210f.json

616 lines
20 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-11-30",
"extends_uuid": "",
"info": "OSINT - Making a Ransomware Payment? It May Now Violate U.S. Sanctions",
"publish_timestamp": "1544041458",
"published": true,
"threat_level_id": "3",
"timestamp": "1544041447",
"uuid": "5c04f23f-fd50-4445-ba0b-40b3950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:ransomware=\"Samas-Samsam\""
},
{
"colour": "#0088cc",
"name": "misp-galaxy:malpedia=\"SamSam\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543830329",
"to_ids": false,
"type": "link",
"uuid": "5c04fb39-311c-44cf-ab12-4637950d210f",
"value": "https://www.blockchain.com/btc/address/149w62rY42aZBox8fGcmqNsXUzSStKeq8C"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543830329",
"to_ids": false,
"type": "link",
"uuid": "5c04fb39-1a6c-4032-9faa-419e950d210f",
"value": "https://www.blockchain.com/btc/address/1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543830329",
"to_ids": false,
"type": "link",
"uuid": "5c04fb39-c988-48c8-9dda-4a05950d210f",
"value": "https://www.bleepingcomputer.com/news/security/making-a-ransomware-payment-it-may-now-violate-us-sanctions/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543846924",
"to_ids": true,
"type": "email-src",
"uuid": "5c053c0c-8fd0-477d-8150-4533950d210f",
"value": "iranvisacart@yahoo.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543846925",
"to_ids": true,
"type": "email-src",
"uuid": "5c053c0d-bcb0-49ad-bb0a-4bc0950d210f",
"value": "alikhorashadi@yahoo.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543846925",
"to_ids": true,
"type": "email-src",
"uuid": "5c053c0d-1e50-4b7f-81cc-41db950d210f",
"value": "mastercartaria@yahoo.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543846926",
"to_ids": true,
"type": "email-src",
"uuid": "5c053c0e-c268-4be8-8b67-43f1950d210f",
"value": "toppglasses@gmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543846926",
"to_ids": true,
"type": "email-src",
"uuid": "5c053c0e-a968-4d69-8613-43cf950d210f",
"value": "iranian_boy5@yahoo.com"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543849765",
"to_ids": true,
"type": "hostname",
"uuid": "5c054725-27e8-455c-afbc-4ebc950d210f",
"value": "www.enexchanger.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543849766",
"to_ids": true,
"type": "email-src",
"uuid": "5c054726-cec0-4fe0-9e95-4bb4950d210f",
"value": "enexchanger@gmail.com"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543849766",
"to_ids": true,
"type": "email-src",
"uuid": "5c054726-fb24-4a0c-a93d-41fd950d210f",
"value": "ensaniyat1365@gmail.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "An address used in a cryptocurrency",
"meta-category": "financial",
"name": "coin-address",
"template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46",
"template_version": "4",
"timestamp": "1543832646",
"uuid": "5c04f529-effc-4355-b816-4174950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5c04f529-effc-4355-b816-4174950d210f",
"referenced_uuid": "5c04fb39-1a6c-4032-9faa-419e950d210f",
"relationship_type": "related-to",
"timestamp": "1543832646",
"uuid": "5c050446-17b0-4e64-8f16-4b8b950d210f"
}
],
"Attribute": [
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "address",
"timestamp": "1543828777",
"to_ids": true,
"type": "btc",
"uuid": "5c04f529-1e64-4e83-92ae-453f950d210f",
"value": "1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "symbol",
"timestamp": "1543828777",
"to_ids": false,
"type": "text",
"uuid": "5c04f529-831c-434b-bdad-4e3e950d210f",
"value": "BTC"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An address used in a cryptocurrency",
"meta-category": "financial",
"name": "coin-address",
"template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46",
"template_version": "4",
"timestamp": "1543831366",
"uuid": "5c04f61e-f3cc-4c8c-8ae1-4e77950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5c04f61e-f3cc-4c8c-8ae1-4e77950d210f",
"referenced_uuid": "5c04fb39-311c-44cf-ab12-4637950d210f",
"relationship_type": "related-to",
"timestamp": "1543831365",
"uuid": "5c04ff45-6aac-40a4-9742-49fa950d210f"
}
],
"Attribute": [
{
"category": "Financial fraud",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "address",
"timestamp": "1543829022",
"to_ids": true,
"type": "btc",
"uuid": "5c04f61e-e908-49ae-be5c-4ec7950d210f",
"value": "149w62rY42aZBox8fGcmqNsXUzSStKeq8C"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "symbol",
"timestamp": "1543829023",
"to_ids": false,
"type": "text",
"uuid": "5c04f61f-3e90-41dc-a124-465c950d210f",
"value": "BTC"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An person which describes a person or an identity.",
"meta-category": "misc",
"name": "person",
"template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248",
"template_version": "3",
"timestamp": "1543847140",
"uuid": "5c05399d-daac-4062-9269-47a2950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5c05399d-daac-4062-9269-47a2950d210f",
"referenced_uuid": "5c04f61e-f3cc-4c8c-8ae1-4e77950d210f",
"relationship_type": "uses",
"timestamp": "1543846333",
"uuid": "5c0539bd-1e38-4cad-b585-46dc950d210f"
},
{
"comment": "",
"object_uuid": "5c05399d-daac-4062-9269-47a2950d210f",
"referenced_uuid": "5c053c0c-8fd0-477d-8150-4533950d210f",
"relationship_type": "related-to",
"timestamp": "1543847109",
"uuid": "5c053cc5-5294-4d93-ba1f-4805950d210f"
},
{
"comment": "",
"object_uuid": "5c05399d-daac-4062-9269-47a2950d210f",
"referenced_uuid": "5c053c0d-bcb0-49ad-bb0a-4bc0950d210f",
"relationship_type": "related-to",
"timestamp": "1543847121",
"uuid": "5c053cd1-a318-4bbe-b4a6-485f950d210f"
},
{
"comment": "",
"object_uuid": "5c05399d-daac-4062-9269-47a2950d210f",
"referenced_uuid": "5c053c0d-1e50-4b7f-81cc-41db950d210f",
"relationship_type": "related-to",
"timestamp": "1543847129",
"uuid": "5c053cd9-97b0-4b04-af6e-43a5950d210f"
},
{
"comment": "",
"object_uuid": "5c05399d-daac-4062-9269-47a2950d210f",
"referenced_uuid": "5c053c0e-c268-4be8-8b67-43f1950d210f",
"relationship_type": "related-to",
"timestamp": "1543847134",
"uuid": "5c053cde-b22c-4f57-b998-4d48950d210f"
},
{
"comment": "",
"object_uuid": "5c05399d-daac-4062-9269-47a2950d210f",
"referenced_uuid": "5c053c0e-a968-4d69-8613-43cf950d210f",
"relationship_type": "related-to",
"timestamp": "1543847140",
"uuid": "5c053ce4-9850-427c-b72f-4f7d950d210f"
}
],
"Attribute": [
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "nationality",
"timestamp": "1543846302",
"to_ids": false,
"type": "nationality",
"uuid": "5c05399e-a3c0-4126-b343-4182950d210f",
"value": "Iran"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "passport-number",
"timestamp": "1543846302",
"to_ids": false,
"type": "passport-number",
"uuid": "5c05399e-1368-44eb-b1ff-4276950d210f",
"value": "T14553558"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "passport-country",
"timestamp": "1543846302",
"to_ids": false,
"type": "passport-country",
"uuid": "5c05399e-1630-4e0a-997f-4b00950d210f",
"value": "Iran"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "passport-expiration",
"timestamp": "1543846302",
"to_ids": false,
"type": "passport-expiration",
"uuid": "5c05399e-1ee8-4bcc-be2e-4075950d210f",
"value": "29 Oct 2013"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "gender",
"timestamp": "1543846302",
"to_ids": false,
"type": "gender",
"uuid": "5c05399e-115c-47e8-b53c-416d950d210f",
"value": "Male"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "date-of-birth",
"timestamp": "1543846302",
"to_ids": false,
"type": "date-of-birth",
"uuid": "5c05399e-beac-424f-87b4-4c76950d210f",
"value": "21 Sep 1979"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-name",
"timestamp": "1543846303",
"to_ids": false,
"type": "last-name",
"uuid": "5c05399f-c6fc-4446-958c-4091950d210f",
"value": "KHORASHADIZADEH"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-name",
"timestamp": "1543846303",
"to_ids": false,
"type": "first-name",
"uuid": "5c05399f-27bc-4fec-a652-43a2950d210f",
"value": "Ali"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "alias",
"timestamp": "1543846303",
"to_ids": false,
"type": "text",
"uuid": "5c05399f-0170-47df-b228-417c950d210f",
"value": "Mastercartaria"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "alias",
"timestamp": "1543846304",
"to_ids": false,
"type": "text",
"uuid": "5c0539a0-a534-4b5a-97b2-4290950d210f",
"value": "Iranvisacart"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "place-of-birth",
"timestamp": "1543846304",
"to_ids": false,
"type": "place-of-birth",
"uuid": "5c0539a0-a540-4ad6-a5de-4480950d210f",
"value": "Tehran, Iran"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An person which describes a person or an identity.",
"meta-category": "misc",
"name": "person",
"template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248",
"template_version": "3",
"timestamp": "1543850397",
"uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f",
"referenced_uuid": "5c04f529-effc-4355-b816-4174950d210f",
"relationship_type": "uses",
"timestamp": "1543849790",
"uuid": "5c05473e-3c04-43d5-a923-4f20950d210f"
},
{
"comment": "",
"object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f",
"referenced_uuid": "5c054725-27e8-455c-afbc-4ebc950d210f",
"relationship_type": "related-to",
"timestamp": "1543850355",
"uuid": "5c054973-e7cc-470b-a38c-4872950d210f"
},
{
"comment": "",
"object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f",
"referenced_uuid": "5c054726-cec0-4fe0-9e95-4bb4950d210f",
"relationship_type": "related-to",
"timestamp": "1543850391",
"uuid": "5c054997-6bf8-43fe-a3ce-4a11950d210f"
},
{
"comment": "",
"object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f",
"referenced_uuid": "5c054726-fb24-4a0c-a93d-41fd950d210f",
"relationship_type": "related-to",
"timestamp": "1543850397",
"uuid": "5c05499d-c1ac-48f5-9bc0-4c72950d210f"
}
],
"Attribute": [
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "nationality",
"timestamp": "1543848705",
"to_ids": false,
"type": "nationality",
"uuid": "5c054301-9804-4513-874c-4514950d210f",
"value": "Iran"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "gender",
"timestamp": "1543848706",
"to_ids": false,
"type": "gender",
"uuid": "5c054302-6db0-4a39-ad39-4c11950d210f",
"value": "Male"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "date-of-birth",
"timestamp": "1543848706",
"to_ids": false,
"type": "date-of-birth",
"uuid": "5c054302-2728-4053-8f6f-4ecc950d210f",
"value": "09 Mar 1987"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-name",
"timestamp": "1543848707",
"to_ids": false,
"type": "last-name",
"uuid": "5c054303-6418-4cda-a44e-4783950d210f",
"value": "GHORBANIYAN"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "first-name",
"timestamp": "1543848707",
"to_ids": false,
"type": "first-name",
"uuid": "5c054303-ea40-4920-a0be-467e950d210f",
"value": "Mohammad"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "alias",
"timestamp": "1543848707",
"to_ids": false,
"type": "text",
"uuid": "5c054303-f09c-40cc-8386-4bfb950d210f",
"value": "GHORBANIAN, Mohammad"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "alias",
"timestamp": "1543848708",
"to_ids": false,
"type": "text",
"uuid": "5c054304-a1c0-4fa5-9070-4e1e950d210f",
"value": "Ensaniyat_Exchanger"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "alias",
"timestamp": "1543848708",
"to_ids": false,
"type": "text",
"uuid": "5c054304-d670-4a4c-8b21-4331950d210f",
"value": "Ensaniyat"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "alias",
"timestamp": "1543848709",
"to_ids": false,
"type": "text",
"uuid": "5c054305-5f20-4c83-addd-4fe0950d210f",
"value": "EnExchanger"
},
{
"category": "Person",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "place-of-birth",
"timestamp": "1543848709",
"to_ids": false,
"type": "place-of-birth",
"uuid": "5c054305-ba88-471f-86aa-42ef950d210f",
"value": "Tehran, Iran"
}
]
}
]
}
}