misp-circl-feed/feeds/circl/misp/5b72c78a-274c-43a6-a945-4fd5950d210f.json

1 line
7.4 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{"Event": {"info": "OSINT - New Cmb Dharma Ransomware Variant Released", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Dharma Ransomware\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#ef0081", "exportable": true, "name": "workflow:state=\"complete\""}], "publish_timestamp": "0", "timestamp": "1536906833", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "a2a92847-3c13-47aa-b8f6-6bc6599ef7b8", "sharing_group_id": "0", "timestamp": "1534508624", "description": "File object describing a file with meta-information", "template_version": "11", "ObjectReference": [{"comment": "", "object_uuid": "a2a92847-3c13-47aa-b8f6-6bc6599ef7b8", "uuid": "5b76be50-82f0-40b7-b545-4def02de0b81", "timestamp": "1534508624", "referenced_uuid": "28d37ac7-5d4e-4dc5-9806-3a0335b4afbd", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "d2b46bc8-728e-44cb-a6fc-1bda91b29683", "timestamp": "1534508622", "to_ids": true, "value": "d50f69f0d3a73c0a58d2ad08aedac1c8", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "cbc2ddff-3fc5-481d-9b22-9533d7707f24", "timestamp": "1534508622", "to_ids": true, "value": "c25ff1bb2ea3e0804ab3f370ad2877b0b7c56903", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "ada6bf64-eabe-4f95-a5a2-7b32e50cdb8e", "timestamp": "1534508623", "to_ids": true, "value": "c2ab289cbd2573572c39cac3f234d77fdf769e48a1715a14feddaea8ae9d9702", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "28d37ac7-5d4e-4dc5-9806-3a0335b4afbd", "sharing_group_id": "0", "timestamp": "1534508623", "description": "VirusTotal report", "template_version": "2", "Attribute": [{"comment": "", "category": "Other", "uuid": "7b4c2186-d46a-4444-904e-963bbb0fdbae", "timestamp": "1534508623", "to_ids": false, "value": "2018-08-14 05:47:48", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}, {"comment": "", "category": "External analysis", "uuid": "94fd6e61-154c-44e8-ac6b-073a54eaaa16", "timestamp": "1534508623", "to_ids": false, "value": "https://www.virustotal.com/file/c2ab289cbd2573572c39cac3f234d77fdf769e48a1715a14feddaea8ae9d9702/analysis/1534225668/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "2a66be74-d97a-45c3-b2b6-647492a2ddb5", "timestamp": "1534508624", "to_ids": false, "value": "56/68", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5b72cc0c-7650-45f8-a0b8-480e950d210f", "timestamp": "1534250067", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/new-cmb-dharma-ransomware-variant-released/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5b72cc2d-4e18-422b-9e9c-4b04950d210f", "timestamp": "1534250037", "to_ids": false, "value": "On Thursday a new variant of the Dharma Ransomware was discovered that appends the .cmb extension to encrypted files.\r\n\r\nThe Cmb variant of the Dharma Ransomware was first discovered by Michael Gillespie when he noticed samples upl