adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/57c4445b-c548-4654-af0b-4be3950d210f.json

144 lines
4.5 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2016-08-29",
"extends_uuid": "",
"info": "Ransomware - Xorist",
"publish_timestamp": "1472548231",
"published": true,
"threat_level_id": "3",
"timestamp": "1472541011",
"uuid": "57c4445b-c548-4654-af0b-4be3950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#3a7300",
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#420053",
"local": "0",
"name": "ms-caro-malware:malware-type=\"Ransom\"",
"relationship_type": ""
},
{
"colour": "#2c4f00",
"local": "0",
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472480394",
"to_ids": true,
"type": "sha1",
"uuid": "57c4448a-bef0-4ba7-a071-444e950d210f",
"value": "77b0c41b7d340b8a3d903f21347bbf06aa766b5b"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472480394",
"to_ids": true,
"type": "filename",
"uuid": "57c4448a-fb04-457d-87e7-4127950d210f",
"value": "3Z4wnG9603it23y.exe"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472480395",
"to_ids": true,
"type": "md5",
"uuid": "57c4448b-454c-4d17-90d1-4d2f950d210f",
"value": "0749bae92ca336a02c83d126e04ec628"
},
{
"category": "Payload delivery",
"comment": "Imported via the Freetext Import Tool",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472480395",
"to_ids": true,
"type": "sha256",
"uuid": "57c4448b-3fa4-4d65-9ccc-4afa950d210f",
"value": "b3c4ae251f8094fa15b510051835c657eaef2a6cea46075d3aec964b14a99f68"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472480448",
"to_ids": false,
"type": "comment",
"uuid": "57c444c0-8004-48fa-9c33-8aca950d210f",
"value": "UPX packed"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472480840",
"to_ids": false,
"type": "text",
"uuid": "57c44648-96f4-45d4-a8eb-453e950d210f",
"value": "Key: 85350044dF4AC3518D185678A9414A7F,\r\nEncryption rounds:8,\r\nStart offset: 64,\r\nAlgorithm: TEA"
},
{
"category": "External analysis",
"comment": "Imported via the Freetext Import Tool - Xchecked via VT: b3c4ae251f8094fa15b510051835c657eaef2a6cea46075d3aec964b14a99f68",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472540684",
"to_ids": false,
"type": "link",
"uuid": "57c5300c-0560-4146-bfaa-40e802de0b81",
"value": "https://www.virustotal.com/file/b3c4ae251f8094fa15b510051835c657eaef2a6cea46075d3aec964b14a99f68/analysis/1469554268/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472541011",
"to_ids": false,
"type": "link",
"uuid": "57c5310b-dc34-43cb-8b8e-4846950d210f",
"value": "http://www.xylibox.com/2011/06/have-fun-with-trojan-ransomwin32xorist.html"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1472547599",
"to_ids": true,
"type": "regkey|value",
"uuid": "57c54b0f-27a4-458b-8e63-4455950d210f",
"value": "Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run|%TEMP%\\3Z4wnG9603it23y.exe"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink