135 lines
3.9 KiB
JSON
135 lines
3.9 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-03-16",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!",
|
||
|
"publish_timestamp": "1489759744",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1489759737",
|
||
|
"uuid": "58cbbdc9-9974-4da4-b10d-2e9c950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#2c4f00",
|
||
|
"name": "malware_classification:malware-category=\"Ransomware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#420053",
|
||
|
"name": "ms-caro-malware:malware-type=\"Ransom\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#39b300",
|
||
|
"name": "enisa:nefarious-activity-abuse=\"ransomware\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489759686",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58cbbddd-ee44-487b-b368-091f950d210f",
|
||
|
"value": "https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489747532",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "58cbbe4c-0dac-4f45-9516-82a7950d210f",
|
||
|
"value": "loic_win32.exe"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489747533",
|
||
|
"to_ids": true,
|
||
|
"type": "filename",
|
||
|
"uuid": "58cbbe4d-b304-4de7-8105-82a7950d210f",
|
||
|
"value": "RANSOM_NOTE.txt"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489747552",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "58cbbe60-2c10-4833-a4d7-82ab950d210f",
|
||
|
"value": "pwd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489747697",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "58cbbef1-eb20-412a-bc04-82ae950d210f",
|
||
|
"value": "39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489747714",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "58cbbf02-6910-4fd5-a825-0921950d210f",
|
||
|
"value": "https://www.virustotal.com/en/file/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc/analysis/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489759614",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "58cbed7e-7658-44ba-b7a9-08c5950d210f",
|
||
|
"value": "78117f7acc8b385e9b29fe711436d16d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1489759616",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "58cbed80-23f4-4ac6-8007-08c5950d210f",
|
||
|
"value": "0d4dfe880f8ec4b394f49f1a2608200dd06ba8a6"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|