misp-circl-feed/feeds/circl/misp/5ac5d6b1-3848-4918-9e42-4206950d210f.json

255 lines
8 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "2",
"date": "2018-03-29",
"extends_uuid": "",
"info": "OSINT - Mole66 Cryptomix Ransomware Variant Released",
"publish_timestamp": "1523200204",
"published": true,
"threat_level_id": "3",
"timestamp": "1523200179",
"uuid": "5ac5d6b1-3848-4918-9e42-4206950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#3b7500",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#2c4f00",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:ransomware=\"CryptoMix\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:ransomware=\"Zeta\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#e8007d",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "workflow:state=\"complete\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200165",
"to_ids": false,
"type": "link",
"uuid": "5ac5d6c4-f19c-457b-9864-4f5e950d210f",
"value": "https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200166",
"to_ids": false,
"type": "comment",
"uuid": "5ac5d6df-5068-407a-98ca-4a59950d210f",
"value": "Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new Cryptomix variants a few times a month, but this time it has been almost 2 months since the previous System variant was released.",
"Tag": [
{
"colour": "#00223b",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1522916982",
"to_ids": true,
"type": "sha256",
"uuid": "5ac5de76-ba98-41ac-b403-4f6b950d210f",
"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200166",
"to_ids": true,
"type": "filename",
"uuid": "5ac5de77-5a7c-421e-ab52-4a87950d210f",
"value": "_HELP_INSTRUCTIONS_.TXT"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200166",
"to_ids": true,
"type": "filename",
"uuid": "5ac5de77-7a00-4741-b859-48ac950d210f",
"value": "%ALLUSERSPROFILE%\\[random].exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200167",
"to_ids": true,
"type": "email-src",
"uuid": "5ac5de78-c99c-471b-a1a7-4098950d210f",
"value": "alpha2018a@aol.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1523200170",
"uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
"ObjectReference": [
{
"comment": "",
"object_uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
"referenced_uuid": "339584d7-03bd-43aa-8bee-082050d98159",
"relationship_type": "analysed-with",
"timestamp": "1523200170",
"uuid": "5aca30aa-e498-4664-91dd-637702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1523200167",
"to_ids": true,
"type": "sha1",
"uuid": "5aca30a7-922c-43aa-87fd-637702de0b81",
"value": "f339b703192a562dde82596319e8720c30aaa5ed"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1523200168",
"to_ids": true,
"type": "sha256",
"uuid": "5aca30a8-89c8-45dc-878c-637702de0b81",
"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1523200168",
"to_ids": true,
"type": "md5",
"uuid": "5aca30a8-d1c4-45fe-a608-637702de0b81",
"value": "c3294c90474063dfb0d28ef8a693a6cb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1523200169",
"uuid": "339584d7-03bd-43aa-8bee-082050d98159",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1523200169",
"to_ids": false,
"type": "link",
"uuid": "5aca30a9-d1bc-423c-b3bf-637702de0b81",
"value": "https://www.virustotal.com/file/15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91/analysis/1522854946/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1523200169",
"to_ids": false,
"type": "text",
"uuid": "5aca30a9-7168-43f7-aa66-637702de0b81",
"value": "48/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1523200169",
"to_ids": false,
"type": "datetime",
"uuid": "5aca30a9-2f54-4ac7-b884-637702de0b81",
"value": "2018-04-04T15:15:46"
}
]
}
]
}
}