misp-circl-feed/feeds/circl/misp/5bcdcd27-03e4-4118-9f82-46c3950d210f.json

1 line
25 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{"Event": {"info": "OSINT - How we discovered a Ukranian cybercrime hotspot", "Tag": [{"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"win.gandcrab\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"GandCrab\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1540287402", "Object": [{"comment": "Windows security center stops monitoring the \r\nstatus of an antivirus protection", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcdd845-8e88-4c09-a35d-4e4f950d210f", "sharing_group_id": "0", "timestamp": "1540216901", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcdd845-ce48-46cd-b50d-4b19950d210f", "timestamp": "1540216901", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\AntiVirusOverride", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcdd847-b4d4-423c-9397-4759950d210f", "timestamp": "1540216903", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcdd851-bbe8-41a7-ae9b-47bd950d210f", "timestamp": "1540216913", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcdd851-5cf8-4f2f-825e-4aae950d210f", "timestamp": "1540216913", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "No clear documentation available but it seems like it disables the antivirus updates.", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcecafe-9d14-4881-9aa2-4f6f950d210f", "sharing_group_id": "0", "timestamp": "1540279038", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcecaff-033c-47e3-ba7a-4e7c950d210f", "timestamp": "1540279039", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\UpdatesOverride", "disable_correlation": false, "object_relation": "key", "type": "regkey"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecb02-6c6c-4cee-95a0-4bbf950d210f", "timestamp": "1540279042", "to_ids": false, "value": "1", "disable_correlation": false, "object_relation": "data", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5bcecb07-158c-4c76-9a5a-48a4950d210f", "timestamp": "1540279047", "to_ids": false, "value": "HKLM", "disable_correlation": true, "object_relation": "root-keys", "type": "text"}, {"comment": "", "category": "Persistence mechanism", "uuid": "5bcecb09-2000-4994-b7e0-48f8950d210f", "timestamp": "1540279049", "to_ids": false, "value": "REG_NONE", "disable_correlation": true, "object_relation": "data-type", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "registry-key"}, {"comment": "Turns of the firewall", "template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5", "uuid": "5bcecdb3-6f40-48b7-b0a8-429a950d210f", "sharing_group_id": "0", "timestamp": "1540280108", "description": "Registry key object describing a Windows registry key with value and last-modified timestamp", "template_version": "4", "Attribute": [{"comment": "", "category": "Persistence mechanism", "uuid": "5bcecdb3-b774-47a1-8cc2-4360950d210f", "timestamp": "1540280108", "to_ids": true, "value": "HKLM\\SOFTWARE\\Microsoft\\Security Center\\FirewallOverride",