2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2018-04-09" ,
"extends_uuid" : "" ,
"info" : "OSINT - PUBG Ransomware Decrypts Your Files If You Play PlayerUnknown's Battlegrounds" ,
"publish_timestamp" : "1523391236" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1523391234" ,
"uuid" : "5acc88e9-265c-4f22-9d2b-b702950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#2c4f00" ,
"local" : "0" ,
"name" : "malware_classification:malware-category=\"Ransomware\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#3a7300" ,
"local" : "0" ,
"name" : "circl:incident-classification=\"malware\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#001637" ,
"local" : "0" ,
"name" : "ms-caro-malware-full:malware-type=\"Joke\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#850048" ,
"local" : "0" ,
"name" : "workflow:todo=\"create-missing-misp-galaxy-cluster-values\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391188" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5acc8902-ab3c-4dfc-b0bf-32b6950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/pubg-ransomware-decrypts-your-files-if-you-play-playerunknowns-battlegrounds/" ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391188" ,
"to_ids" : false ,
"type" : "comment" ,
"uuid" : "5acc9143-c550-4cac-9c62-40f9950d210f" ,
"value" : "In what could only be a joke, a new ransomware has been discovered called \"PUBG Ransomware\" that will decrypt your files if you play the game called PlayerUnknown's Battlegrounds.\r\n\r\nDiscovered by MalwareHunterTeam, when the PUBG Ransomware is launched it will encrypt a user's files and folders on the user's desktop and append the .PUBG extension to them. When it has finished encrypting the files, it will display a screen giving you two methods that you can use to decrypt the encrypted files." ,
"Tag" : [
{
"colour" : "#00223b" ,
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523356033" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5acc9181-5c70-4a02-b2f0-4dae950d210f" ,
"value" : "3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1"
} ,
{
"category" : "Artifacts dropped" ,
"comment" : "ransomnote screen" ,
"data" : " / 9 j / 4 A A Q S k Z J R g A B A Q A A A Q A B A A D / 2 w B D A B A L C w s M C x A M D B A X D w 0 P F x s U E B A U G x 8 X F x c X F x 8 e F x o a G h o X H h 4 j J S c l I x 4 v L z M z L y 9 A Q E B A Q E B A Q E B A Q E B A Q E D / 2 w B D A R E P D x E T E R U S E h U U E R Q R F B o U F h Y U G i Y a G h w a G i Y w I x 4 e H h 4 j M C s u J y c n L i s 1 N T A w N T V A Q D 9 A Q E B A Q E B A Q E B A Q E D / w g A R C A I H B J 8 D A S I A A h E B A x E B / 8 Q A G g A A A g M B A Q A A A A A A A A A A A A A A A A M B A g Q F B v / E A B k B A Q E B A Q E B A A A A A A A A A A A A A A A B A g M E B f / a A A w D A Q A C E A M Q A A A B a 21 t 81 j C 1 Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Y w F j A W M B Z M Z 0 F Z l l T J 1 h l o g s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C x U L F Q s V C m X W r H W c 7 y W r i d 87 c j r 8 m 4 X J O s k x J B I s S A S S F q 2 g k l Y m 0 l Z t K 1 s B a C U i t 4 s p D C q W v K U G Q L L Q Q S F C S o q y o q r a X N Z A r E x Y T E k B J B I R I A E x E g A F E h A E r E g B I Q S E E w k E l Q S J A A A V B I Q T A A A B E E h A S o E g E g B A A p I E V Y R S b y q x l R Z a E 6 O / D 0 O X b L p w T n W 8 x o O n T B U 6 i 8 T B 1 q o N x z W m 0 x I O j b k 6 R 7 c j R 0 8 v q g M B Y w F j A W M B Y w F j A T D M w 3 D v w a x f k 9 b l V S S d Z g k I J h C J K J i Q t W Z b W p J d q O l K m d 2 f O k J 6 d j k 6 c v f s 4 k Q a l 2 T t z e c 5 P Y s 5 t W 2 j n 17 P n 9 R 969 s 55 Y l y r 7 n F s r C 7 a w O R 6 T O u F G s M S O / m O S B 0 w A B I A E w B K w W F r J K Q S J E g A A A A B Q A Q S E E w g E k R I Q S E E h E S E E h B I R I K T E w A L I A B M T M y s T M S x W 1 U p F o s 6 P Q 5 / Q 5 d m G O u d b l 5 Q 13 w h u M U m w w h u M I a p y S b T H U 3 G E N x h D c Y p N g A A A A A A A C 13 o R j 0 59 Y v y u r y q p M T v M w A E k k R a K A k g k A J D p 8 z p y z z u 1 m z v D 38 p H K 7 / A J / 0 F n A I j c 17 u f v x e b 2 O J 3 T z 8 d q 9 l / P d v j H X y 9 D k y p i d 2 + a a a 0 T W E v G s U 9 N 5 v 0 m N + a j s F m H q W 52 d Y u z y 9 G 8768 j s Y 1 x d y 9 W 8 s Z l 52 d d H m + i 4 K d J z e P n f R 5 G h O 8 P 6 D e J m 9 b m n U r j 9 P n d Z K 0 5 H d l S z m 6 K x 9 B L L M G m d p h z d f C a M W z L H Q O P a X X z v Q + f 3 n s T o 4 W N O 1 Z u h Y L 5 n T l 5 F e l z u m I J L I J A C S J m Z Y m 0 k W L S x W 9 S l b V K k l n Q 34 N / H q n T z J m u m c 9 B 16 c y p 2 F 85 x t S Q W t l D e c y h 1 k c 9 x s b g W n T X z W q 7 X z K H W X g g 6 N + P J 0 l 58 x 1 r c 5 B 1 D O o 3 r y 7 h e P f g 1 i / J 6 / J 1 K E m 8 A E s k S S E q B J B M l Z k K 9 L n 9 G V m L T z Z X p r O s z 6 H z v b z r j V 6 O K x 2 + E Z u H u c L v H n T T f e O j z u t x c b 6 v P O m c J 8 G + e x j F Y 6 c u I j r y n 0 f m / S c 98 C y D p n v 8 h + n n v m 9 j B r R O r k d e X m 6 c 2 r U z 4 t 2 L W f Q + d 9 F w 8 b 0 b J 5 Z 2 e V v y R 0 v P 97 n V k 7 / O 1 H N 6 X N 6 a c X u c X t n G 2 G p c q N 2 A 6 U t w 51 p j P u O S 3 F 2 O n O m G 2 f n v u + f 9 B w N T v + f 9 B w I 3 b e X 1 F Q Y N 6 Z s W 3 H q Q S a k E i R J Y i x K z M T E z U l t W I q K 2 q A B v 3 Y d 3 L a d P M m a 6 a 8 a D q H M q d h f O c b U k E 3 y h v O Z Q 62 f A 42 N w L T p q 5 z V d r 5 l D r L w Q d E 5 U n R p n z H a j l X N p k 0 D o z 6 C M O 7 F r N + T 12 n B P S l n m o 9 M H m j 0 p Z 5 q f S E v m z 0 g e c P R h 509 E L 57 R 2 Q 42 b 0 R H n T 0 R Z 51 n e D B f Y Z 1 z e f 6 I s 890 O i H O O i H E z e k L P N 6 u 0 G E 3 G b y I 7 B q e c P R l n n O l 0 S P O H o y v P 7 u k S + f 6 O 8 M S + i S 8 N v X L n i J 9 C V z + d 6 E j m a N Z L z 8 H f L O L u 2 C 4 s P b D i a O m R w O n s J U K 2 E v K y 98 r l 5 + 4 J x d H S N T g P 7 B c 409 I x v n 4 O + a m D B 3 g 4 G v q B k X v M 3 g R 6 A 1 P P n o A 4 B 3 w 4 M 90 O H P b D i z 2 Q 4 p 2 h e H H d D h R 3 g 4 B 3 x O f u t X O k 6 e Z M v T X j Q d Q 5 l T s L 5 z j a k g m + U N 5 z K H W z 4 H G x u B a d N X O a r t f M o d Z e C D o n K k 6 N M + Y 7 U c q 5 r t k 0 D T P o I x 7 M l z b D q x U w p N W K x Z a K V u W i o p w i E e I K f O c T Q Z x d M 4 z n 22 G a d Y 0 z l m X Q J q P M 0 Z 6 a z P O u T z P N O j P M r z P N y + M 8 m g y 2 X Q Z y 40 C I r Q Z y N B n k 0 G W y 6 D P N j x M W a D I z O 3 i D W H z n J d B n k e I A y w r j 3 v b P O W n V z t N a D N F m q u a k u i m W J d W z i v 3 z 7 E Z b b z S c b M a 6 Z m t 0 j x C 41 m R o 4 S X D h I O E i u F A 0 T A 8 Q Q 4 S K 4 T A + U S N F A w U R 0 G o b K h c n o 4 R S 9 x L L T C 5 m l S z P N j J p M o T Y p N q k 1 J I L 1 G K m 0 U k m o W + I r e j F U X r Y T C z T t z 6 P N 3 j J r w L b D u w k l S r x U s I B C L T S y 82 U G S J H E J G 1 s T V t O P u p M z z 9 C 5 J z 1 d R i + 3 h p a t u X r q X m 4 G o Z 18 y 63 r z 9 F Z m M 9 a 2 i 0 p R h r F G x X f J y H K 356 l j h 7 q S X a r E z c l y u + D k s r 0 8 y y Z 4 f Q r c n X N N i c d a M q w T e x c I U 1 e e k 53335 V X v P P 0 w M q S r T k 6 e a 1 k s 5 + o i 99 Y u v S m o p d W d P W 2 d Z X a S p e p 3 f 58 S H T z h J E E i w B B F g q W h Y J C I s R F o s s A E B M b N O f X j e L T j m z X O Z E d B e S t d B e Z w 5 G i B c 0 B 5 k o b l Z X K 1 i F p r p k b F d e S l b l o g 0 s 50 m t c Z j p G G 8 O W T T n Z 9 G b H P 6 H P 1 m + D e l c s b S s V t Y m Q 1 z W Q 1 z G Q 1 h l t p F z T o D M a R M k b S s U b R M R t i z F O w X G b A x m w T G b B c Z s D G b A x x t J c V t c 1 i j c J i N o m I 2 l Y j a G I 2 i Y 42 h j N h W Q 2 B j N g Z D W G Q 1 h k N Z H M 5 f o 8 P P p y b d a Z e Z X s K z v m T 0 R O c v q l n N 3 a d U 1 l v q n p y y L 3 p X n Z u k c + t r a Z 7 c M h r L n I a w y G s M h r F y G s j I a w y G s l y G s M h r D I a w y m o l y m s M k 6 g t q U 3 G k 6 e Z K 9 N e N B 1 D m V O w v n O N q S C b 5 Q 3 n M o d b P g c b G 4 F p 0 1 c 5 q u 18 y h 1 l 4 I O i c q T o 0 z 5 j t R y r m u M 8 m h m f Q R z + h z 9 Y u 1 X P X t n D k 7 Z x Q 7 R x Z O y c c O w c e T s H I D r n J k 6 p y 5 O m c y T p H N D p H M g 6 h y 4 s 6 p y o O s c m T q n K k 6 h y 4 O q c o j q n K D q n L D q H L K 6 h y w 6 h y w 6 h y w 6 h z A 6 Z z I O o c u L O q c o O q c o O q c s O o c s O o c s O o c s O o c s O i c m 2 b 1 a 8 L n Z 166 f I s z v 1 d v L b q 7 t e a z W N 0 c / n p 3 j y x L 6 w 47 d 56 Z z C z p n M J e m c 0 O k c 0 O k c 2 D p n N D p H N I 6 R z A 6 Z z A 6 Z z R e k c 0 O k c 2 D p n M D q m X V m p 0 8 y V 6 a 8 a D q H M q d h f O c b U k E 3 y h v O Z Q 62 f A 42 N w L T p q 5 z V d r 5 l D r L w Q d E 5 U n R p n z H a j l X N c Z 5 N D M + g j n 9 D n 6 x f n 9 D n h N Z q Q k J J C S y w W I r N p K T e S k 3 C s z J U s J U v I u G R Y u r I K T Y q s 2 I q W C p I V J C C Q C S q l g r M h B M l S w V L B Q t F l S 0 E E h B I Q S E S E R N 0 y z n T W b v q q 1 M a O h g i t d C 8 d K d b J d c e j R 1 d Y q n Z C c 6 r 8 Q 60 v 3 M 0 v X c 0 J m q y S V J i C J C A A A A J i A A A U A I J g I k N W v L q z p O n m T L 0 140 H U O Z U 7 C + c 42 p I J v l D e c y h 1 s + B x s b g W n T V z m q 7 X z K H W X g g 6 J y p O j T P m O 1 H K u a 5 y 6 S b p c R z + h z 9 Y v z + h g I J m o k C Z i V m a y l p r K 2 t W 8 T a J l A k g k S J A J g J g A i S o L B W Z m K k z S 6 O q U L g s u J U Y C 5 u F C 4 U L Q R I B E w R E h B Y K E h W b w U G Q U 0 w 6 W e f d O d D d 11 w x 0 J s w K 6 c 2 e f 27 u L n W 1 K + 0 k X C g m I M 2 m L O O 62 O X s w l l i K 6 c 9 l Z I q Y m U i C S o 6 Y z y 2 V T L o E y y p E 3 k V D a i 5 u F S w P 0 J d K n T z
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1523391188" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "5acc91b2-bd54-4e44-8aee-35e7950d210f" ,
"value" : "pubg-ransomware.jpg"
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "7" ,
"timestamp" : "1523391192" ,
"uuid" : "2ba7f152-381c-470f-a732-792397b424d4" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "2ba7f152-381c-470f-a732-792397b424d4" ,
"referenced_uuid" : "eefb6d88-9cc1-4d65-b266-b2e82a2464b9" ,
2023-04-21 13:25:09 +00:00
"relationship_type" : "analysed-with" ,
2023-12-14 14:30:15 +00:00
"timestamp" : "1523391191" ,
"uuid" : "5acd1ad7-df04-4155-bc1c-464602de0b81"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1523391189" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5acd1ad5-d454-4166-aa3a-498d02de0b81" ,
"value" : "d63ff86f05b6f2fb86abf0dcd16cd2008fa3c158"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1523391189" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5acd1ad5-0c3c-4e72-8ca1-40d102de0b81" ,
"value" : "3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1523391190" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5acd1ad6-9458-43ed-8bda-48b202de0b81" ,
"value" : "0997ba7292ddbac1c7e7ade6766ed53c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "1" ,
"timestamp" : "1523391190" ,
"uuid" : "eefb6d88-9cc1-4d65-b266-b2e82a2464b9" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1523391190" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "5acd1ad6-61c4-45e4-98f6-4bb802de0b81" ,
"value" : "https://www.virustotal.com/file/3208efe96d14f5a6a2840daecbead6b0f4d73c5a05192a1a8eef8b50bbfb4bc1/analysis/1523371298/"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1523391191" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5acd1ad7-b308-4547-96b5-41f902de0b81" ,
"value" : "44/66"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1523391191" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5acd1ad7-c180-4b13-bb89-45ba02de0b81" ,
"value" : "2018-04-10T14:41:38"
}
]
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}
