misp-circl-feed/feeds/circl/misp/5ac5d6b1-3848-4918-9e42-4206950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2018-03-29",
    "extends_uuid": "",
    "info": "OSINT - Mole66 Cryptomix Ransomware Variant Released",
    "publish_timestamp": "1523200204",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1523200179",
    "uuid": "5ac5d6b1-3848-4918-9e42-4206950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#00223b",
        "local": "0",
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      },
      {
        "colour": "#3a7300",
        "local": "0",
        "name": "circl:incident-classification=\"malware\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": "0",
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#2c4f00",
        "local": "0",
        "name": "malware_classification:malware-category=\"Ransomware\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": "0",
        "name": "misp-galaxy:ransomware=\"CryptoMix\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": "0",
        "name": "misp-galaxy:ransomware=\"Zeta\"",
        "relationship_type": ""
      },
      {
        "colour": "#e2007a",
        "local": "0",
        "name": "workflow:state=\"complete\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1523200165",
        "to_ids": false,
        "type": "link",
        "uuid": "5ac5d6c4-f19c-457b-9864-4f5e950d210f",
        "value": "https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/",
        "Tag": [
          {
            "colour": "#00223b",
            "local": "0",
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1523200166",
        "to_ids": false,
        "type": "comment",
        "uuid": "5ac5d6df-5068-407a-98ca-4a59950d210f",
        "value": "Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new Cryptomix variants a few times a month, but this time it has been almost 2 months since the previous System variant was released.",
        "Tag": [
          {
            "colour": "#00223b",
            "local": "0",
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1522916982",
        "to_ids": true,
        "type": "sha256",
        "uuid": "5ac5de76-ba98-41ac-b403-4f6b950d210f",
        "value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1523200166",
        "to_ids": true,
        "type": "filename",
        "uuid": "5ac5de77-5a7c-421e-ab52-4a87950d210f",
        "value": "_HELP_INSTRUCTIONS_.TXT"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1523200166",
        "to_ids": true,
        "type": "filename",
        "uuid": "5ac5de77-7a00-4741-b859-48ac950d210f",
        "value": "%ALLUSERSPROFILE%\\[random].exe"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1523200167",
        "to_ids": true,
        "type": "email-src",
        "uuid": "5ac5de78-c99c-471b-a1a7-4098950d210f",
        "value": "alpha2018a@aol.com"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "7",
        "timestamp": "1523200170",
        "uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
            "referenced_uuid": "339584d7-03bd-43aa-8bee-082050d98159",
            "relationship_type": "analysed-with",
            "timestamp": "1523200170",
            "uuid": "5aca30aa-e498-4664-91dd-637702de0b81"
          }
        ],
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha1",
            "timestamp": "1523200167",
            "to_ids": true,
            "type": "sha1",
            "uuid": "5aca30a7-922c-43aa-87fd-637702de0b81",
            "value": "f339b703192a562dde82596319e8720c30aaa5ed"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1523200168",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5aca30a8-89c8-45dc-878c-637702de0b81",
            "value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
          },
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "md5",
            "timestamp": "1523200168",
            "to_ids": true,
            "type": "md5",
            "uuid": "5aca30a8-d1c4-45fe-a608-637702de0b81",
            "value": "c3294c90474063dfb0d28ef8a693a6cb"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "1",
        "timestamp": "1523200169",
        "uuid": "339584d7-03bd-43aa-8bee-082050d98159",
        "Attribute": [
          {
            "category": "External analysis",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "permalink",
            "timestamp": "1523200169",
            "to_ids": false,
            "type": "link",
            "uuid": "5aca30a9-d1bc-423c-b3bf-637702de0b81",
            "value": "https://www.virustotal.com/file/15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91/analysis/1522854946/"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "detection-ratio",
            "timestamp": "1523200169",
            "to_ids": false,
            "type": "text",
            "uuid": "5aca30a9-7168-43f7-aa66-637702de0b81",
            "value": "48/67"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "last-submission",
            "timestamp": "1523200169",
            "to_ids": false,
            "type": "datetime",
            "uuid": "5aca30a9-2f54-4ac7-b884-637702de0b81",
            "value": "2018-04-04T15:15:46"
          }
        ]
      }
    ]
  }
}
chg: [feed] added 2023-04-21 13:25:09 +00:00			`{`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"Event": {`
			`"analysis": "2",`
			`"date": "2018-03-29",`
			`"extends_uuid": "",`
			`"info": "OSINT - Mole66 Cryptomix Ransomware Variant Released",`
			`"publish_timestamp": "1523200204",`
			`"published": true,`
			`"threat_level_id": "3",`
			`"timestamp": "1523200179",`
			`"uuid": "5ac5d6b1-3848-4918-9e42-4206950d210f",`
			`"Orgc": {`
			`"name": "CIRCL",`
			`"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"`
			`},`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"local": "0",`
			`"name": "osint:source-type=\"blog-post\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#3a7300",`
			`"local": "0",`
			`"name": "circl:incident-classification=\"malware\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#ffffff",`
			`"local": "0",`
			`"name": "tlp:white",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#2c4f00",`
			`"local": "0",`
			`"name": "malware_classification:malware-category=\"Ransomware\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
			`"local": "0",`
			`"name": "misp-galaxy:ransomware=\"CryptoMix\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#0088cc",`
			`"local": "0",`
			`"name": "misp-galaxy:ransomware=\"Zeta\"",`
			`"relationship_type": ""`
			`},`
			`{`
			`"colour": "#e2007a",`
			`"local": "0",`
			`"name": "workflow:state=\"complete\"",`
			`"relationship_type": ""`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1523200165",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "5ac5d6c4-f19c-457b-9864-4f5e950d210f",`
			`"value": "https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"local": "0",`
			`"name": "osint:source-type=\"blog-post\"",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1523200166",`
			`"to_ids": false,`
			`"type": "comment",`
			`"uuid": "5ac5d6df-5068-407a-98ca-4a59950d210f",`
			`"value": "Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new Cryptomix variants a few times a month, but this time it has been almost 2 months since the previous System variant was released.",`
			`"Tag": [`
			`{`
			`"colour": "#00223b",`
			`"local": "0",`
			`"name": "osint:source-type=\"blog-post\"",`
			`"relationship_type": ""`
			`}`
			`]`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1522916982",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "5ac5de76-ba98-41ac-b403-4f6b950d210f",`
			`"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1523200166",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "5ac5de77-5a7c-421e-ab52-4a87950d210f",`
			`"value": "_HELP_INSTRUCTIONS_.TXT"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1523200166",`
			`"to_ids": true,`
			`"type": "filename",`
			`"uuid": "5ac5de77-7a00-4741-b859-48ac950d210f",`
			`"value": "%ALLUSERSPROFILE%\\[random].exe"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"timestamp": "1523200167",`
			`"to_ids": true,`
			`"type": "email-src",`
			`"uuid": "5ac5de78-c99c-471b-a1a7-4098950d210f",`
			`"value": "alpha2018a@aol.com"`
			`}`
			`],`
			`"Object": [`
			`{`
			`"comment": "",`
			`"deleted": false,`
			`"description": "File object describing a file with meta-information",`
			`"meta-category": "file",`
			`"name": "file",`
			`"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",`
			`"template_version": "7",`
			`"timestamp": "1523200170",`
			`"uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",`
			`"ObjectReference": [`
			`{`
			`"comment": "",`
			`"object_uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",`
			`"referenced_uuid": "339584d7-03bd-43aa-8bee-082050d98159",`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`"relationship_type": "analysed-with",`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`"timestamp": "1523200170",`
			`"uuid": "5aca30aa-e498-4664-91dd-637702de0b81"`
			`}`
			`],`
			`"Attribute": [`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "sha1",`
			`"timestamp": "1523200167",`
			`"to_ids": true,`
			`"type": "sha1",`
			`"uuid": "5aca30a7-922c-43aa-87fd-637702de0b81",`
			`"value": "f339b703192a562dde82596319e8720c30aaa5ed"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "sha256",`
			`"timestamp": "1523200168",`
			`"to_ids": true,`
			`"type": "sha256",`
			`"uuid": "5aca30a8-89c8-45dc-878c-637702de0b81",`
			`"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"`
			`},`
			`{`
			`"category": "Payload delivery",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "md5",`
			`"timestamp": "1523200168",`
			`"to_ids": true,`
			`"type": "md5",`
			`"uuid": "5aca30a8-d1c4-45fe-a608-637702de0b81",`
			`"value": "c3294c90474063dfb0d28ef8a693a6cb"`
			`}`
			`]`
			`},`
			`{`
			`"comment": "",`
			`"deleted": false,`
			`"description": "VirusTotal report",`
			`"meta-category": "misc",`
			`"name": "virustotal-report",`
			`"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",`
			`"template_version": "1",`
			`"timestamp": "1523200169",`
			`"uuid": "339584d7-03bd-43aa-8bee-082050d98159",`
			`"Attribute": [`
			`{`
			`"category": "External analysis",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "permalink",`
			`"timestamp": "1523200169",`
			`"to_ids": false,`
			`"type": "link",`
			`"uuid": "5aca30a9-d1bc-423c-b3bf-637702de0b81",`
			`"value": "https://www.virustotal.com/file/15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91/analysis/1522854946/"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": true,`
			`"object_relation": "detection-ratio",`
			`"timestamp": "1523200169",`
			`"to_ids": false,`
			`"type": "text",`
			`"uuid": "5aca30a9-7168-43f7-aa66-637702de0b81",`
			`"value": "48/67"`
			`},`
			`{`
			`"category": "Other",`
			`"comment": "",`
			`"deleted": false,`
			`"disable_correlation": false,`
			`"object_relation": "last-submission",`
			`"timestamp": "1523200169",`
			`"to_ids": false,`
			`"type": "datetime",`
			`"uuid": "5aca30a9-2f54-4ac7-b884-637702de0b81",`
			`"value": "2018-04-04T15:15:46"`
			`}`
			`]`
			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`]`
chg: [gen] updated 2023-12-14 14:30:15 +00:00			`}`
chg: [feed] added 2023-04-21 13:25:09 +00:00			`}`