2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2018-03-29" ,
"extends_uuid" : "" ,
"info" : "OSINT - Mole66 Cryptomix Ransomware Variant Released" ,
"publish_timestamp" : "1523200204" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1523200179" ,
"uuid" : "5ac5d6b1-3848-4918-9e42-4206950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#3b7500" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "circl:incident-classification=\"malware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#2c4f00" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "malware_classification:malware-category=\"Ransomware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"CryptoMix\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0088cc" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "misp-galaxy:ransomware=\"Zeta\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#e8007d" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "workflow:state=\"complete\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523200165" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5ac5d6c4-f19c-457b-9864-4f5e950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523200166" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5ac5d6df-5068-407a-98ca-4a59950d210f" ,
"value" : "Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new Cryptomix variants a few times a month, but this time it has been almost 2 months since the previous System variant was released." ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1522916982" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5ac5de76-ba98-41ac-b403-4f6b950d210f" ,
"value" : "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523200166" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ac5de77-5a7c-421e-ab52-4a87950d210f" ,
"value" : "_HELP_INSTRUCTIONS_.TXT"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523200166" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5ac5de77-7a00-4741-b859-48ac950d210f" ,
"value" : "%ALLUSERSPROFILE%\\[random].exe"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523200167" ,
"to_ids" : true ,
"type" : "email-src" ,
"uuid" : "5ac5de78-c99c-471b-a1a7-4098950d210f" ,
"value" : "alpha2018a@aol.com"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1523200170" ,
"uuid" : "aa6231bd-cf24-43c7-9a74-b33d36b2ea23" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "aa6231bd-cf24-43c7-9a74-b33d36b2ea23" ,
"referenced_uuid" : "339584d7-03bd-43aa-8bee-082050d98159" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1523200170" ,
"uuid" : "5aca30aa-e498-4664-91dd-637702de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1523200167" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5aca30a7-922c-43aa-87fd-637702de0b81" ,
"value" : "f339b703192a562dde82596319e8720c30aaa5ed"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1523200168" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5aca30a8-89c8-45dc-878c-637702de0b81" ,
"value" : "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1523200168" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5aca30a8-d1c4-45fe-a608-637702de0b81" ,
"value" : "c3294c90474063dfb0d28ef8a693a6cb"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1523200169" ,
"uuid" : "339584d7-03bd-43aa-8bee-082050d98159" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1523200169" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5aca30a9-d1bc-423c-b3bf-637702de0b81" ,
"value" : "https://www.virustotal.com/file/15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91/analysis/1522854946/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1523200169" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5aca30a9-7168-43f7-aa66-637702de0b81" ,
"value" : "48/67"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1523200169" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5aca30a9-2f54-4ac7-b884-637702de0b81" ,
"value" : "2018-04-04T15:15:46"
}
]
}
]
}
}