2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--56e12e66-f01c-41be-afea-4d9a950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:20:35.000Z" ,
"modified" : "2016-03-10T10:20:35.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--56e12e66-f01c-41be-afea-4d9a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:20:35.000Z" ,
"modified" : "2016-03-10T10:20:35.000Z" ,
"name" : "Cerber Ransomware" ,
"published" : "2016-03-10T10:21:19Z" ,
"object_refs" : [
"indicator--56e12ed8-18e4-4f3b-8767-49f5950d210f" ,
"observed-data--56e12ed9-2378-4c4d-bc31-435b950d210f" ,
"url--56e12ed9-2378-4c4d-bc31-435b950d210f" ,
"observed-data--56e12ed9-56ec-46fa-829b-42f6950d210f" ,
"url--56e12ed9-56ec-46fa-829b-42f6950d210f" ,
"observed-data--56e12ed9-eefc-4ed9-9d14-4949950d210f" ,
"url--56e12ed9-eefc-4ed9-9d14-4949950d210f" ,
"indicator--56e12f82-0c54-4c98-a49d-4de7950d210f" ,
"indicator--56e12f83-98e0-490c-9820-4807950d210f" ,
"indicator--56e12f84-d92c-455f-9ecf-4e30950d210f" ,
"x-misp-attribute--56e148f3-461c-4d44-ace6-493f950d210f" ,
"x-misp-attribute--56e1493d-c33c-4e3e-bcdd-4ae7950d210f" ,
"x-misp-attribute--56e1498a-da10-48f7-995e-4fda950d210f" ,
"observed-data--56e149c8-4648-4514-ba41-4f92950d210f" ,
"url--56e149c8-4648-4514-ba41-4f92950d210f" ,
"indicator--56e14a17-4f34-4ffd-8ef8-4990950d210f" ,
"x-misp-attribute--56e14a73-f9ac-4fea-98f4-46e0950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"circl:incident-classification=\"malware\"" ,
"malware_classification:malware-category=\"Ransomware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e12ed8-18e4-4f3b-8767-49f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T08:22:48.000Z" ,
"modified" : "2016-03-10T08:22:48.000Z" ,
"description" : "Payment site" ,
"pattern" : "[url:value = 'decrypttozxybarc.onion']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T08:22:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e12ed9-2378-4c4d-bc31-435b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T08:22:49.000Z" ,
"modified" : "2016-03-10T08:22:49.000Z" ,
"first_observed" : "2016-03-10T08:22:49Z" ,
"last_observed" : "2016-03-10T08:22:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e12ed9-2378-4c4d-bc31-435b950d210f"
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e12ed9-2378-4c4d-bc31-435b950d210f" ,
"value" : "http://ipinfo.io/json"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e12ed9-56ec-46fa-829b-42f6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T08:22:49.000Z" ,
"modified" : "2016-03-10T08:22:49.000Z" ,
"first_observed" : "2016-03-10T08:22:49Z" ,
"last_observed" : "2016-03-10T08:22:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e12ed9-56ec-46fa-829b-42f6950d210f"
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e12ed9-56ec-46fa-829b-42f6950d210f" ,
"value" : "http://freegeoip.net/json/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e12ed9-eefc-4ed9-9d14-4949950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T08:22:49.000Z" ,
"modified" : "2016-03-10T08:22:49.000Z" ,
"first_observed" : "2016-03-10T08:22:49Z" ,
"last_observed" : "2016-03-10T08:22:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e12ed9-eefc-4ed9-9d14-4949950d210f"
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e12ed9-eefc-4ed9-9d14-4949950d210f" ,
"value" : "http://ip-api.com/json"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e12f82-0c54-4c98-a49d-4de7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T08:25:38.000Z" ,
"modified" : "2016-03-10T08:25:38.000Z" ,
"description" : "Cerber executable (created: Fri Feb 26 10:28:56 2016)" ,
"pattern" : " [ f i l e : c o n t e n t _ r e f . p a y l o a d _ b i n = ' U E s D B B Q A C Q A I A D N D a k j n c N W 5 B + E B A A C w A g A g A B w A M m Y 3 M D U 5 Z D d i M W R k Y T M w O D B l M z k x Z D k 5 N z g 4 Z m Z m M T h V V A k A A 4 I v 4 V a C L + F W d X g L A A E E I Q A A A A Q h A A A A g G / z D c j Q w O Q / 2 y s u h 1 s R S T b 8 n h b a d f 1 D J X Y B O f + 4 / 10 Q u L g / l 4 M t E A B D + a 0 b H i 8 h G w 0 t n V 3 a C Z m 5 W F 9 H X V d N S T L f W G T P 1 P O 1 V 8 E H H Q K H 3 t o C T 4 Q C V c t d 8 C q U Q c A R X X 5 B J G w 63 + x v Y Z z R P 0 c P E 21 L 6 + D i i 5 M a d i x u R V j x c 9 F V i 6 l c 1 d n a m 0 Z F o r x w b F I + P M M a k p O o R z w H S H 4 S Y 8 m m f 5 x v c 0 G 6 g G p x o + 0 4 I N z N Y F 4 G t W y f B + 7 d H n g 8 a g S l z s S n V C 9 c H N 31 V d G x Z D h a g t H k O t i U o I h O U + 0 / B Q 1 + T 8 s M / L k 2 f g i U H W g k C / L 274 n S P 6 W 6 v 65 o k / T V T Q U a g / h d N 8 T w D Y L r D P 1 A S q s c N s o A a M O + S h N i Q a j F m e K 7 l l / E s o O O T Y j q P e W N / J g / D w + / m F O K B c I J 1 R s q M p B i i Y n d r m S G 9 v p J j K H 8 K S E 9 V s M Q J z 9 i 62 F T G F A k a S B b V G 2 w n G K J 8 U r 6 x n R G M e u j 0 6 Y 6 P I e p N H y w m P 5 p 49 u T I q Z y O g H C A L e S 7 Y y j I h j B 0 h t O 8 T x p j B y X N o + A f u 3 s h B E s y 9 F n l z a I p w n 9 v I Z J D F 9 l k H R v r q E a y H b g Y / m c q Y s O m Y 2 U 6 e w / c 5 U I i 3 S J s R a 74 A y g U t + R g G A R p o 75 B J J X A 2 + B 64 X 82 p z x K W m m r P Y n w I Q Y G l 8 p P 8 J j T L 0 2 V J K k P 9 f 0 g S b K x 7 q z i T b k Q Z Y P n n / 0 h L H D p I 8 X L z M U E 344 z F 4 N Z C 7 r f i K U N U J 2 v c E B 2 o p r w f i C c L O u A Z j B J X 3 e r N v H F S r Y a g x 5 g 1 i 8 h D g s Y B B E y b m S S D 1 L N B r p n p 8 G e v o B N h t t 8 l 4 h I R j S A m 9 y e n 1 + 2 D e E i i U + A c B z V j g S 3 p t D n X u p u T 7 k M R w R g m 39 L d v e X h V u p 9 M U g f V v V P / + V 8 / N K P + v / i 7 + 5 y G 1 + m b g o d 0 D s 2 x 5 N h C b o x 6 V s g 0 V Q n Z 8 O v Z 9 D U e y K b D C x f A P e W V T L w r 9 P V a W I Z f O 3 f b C w z 8 b n S X + P x 9 f o Q O F 8 N 3 Z u X H d M k 5 m y X K l 2 U m a e l k c S c S e B j 10 d S t p + j Q H F s B 8 Z a p w U Y l z S n r X X L 1 R c C k G 53 E o W a m p K h 0 x 9 / n V 7 x x c H Y m F N l Y l 4 j N p p v x 7 W a s r 5 w h p 3 G 3 t l e k e v z X N F Y y r Y W x 0 W 1 B 4 v j R E C q o q M k 7 Q d U 1 H l 8 A W x p 7 i 4 z W U o J C C G J W h h h C G 8 U w Y v n Z w m V 5 n o o v + z w H j R j + e Q S A I b N 0 t V 4 A h t o z F 4 t k t i s R p S C b i G g h K R w L h f m H + C a H Y x 79 l 41 T 5 / V p + g h u / 0 M W N M v O 8 B L d 4 x c D P / r C 1 n U L B e X F w E b Q y d S h p c N r V K 8 n 251 L A 5 T X 1 C N 52 j F P b X J h 2 c d k H R g W S n 1 f b 7 M i y u 8 B N N k L R k 7 + Y y x p l G y x W 4 c + C N P H A Y i L i r L b 3 x K w u M 16 V D + r i E 9 m O M d L e 7 o h z X u T U G V h M 2 v A K N T M o 7 I 9 i r H B K t 452 J T S I B s M n w i Z + i 4 F L A P K z 64 N G u 1 e l O / T 9 T 0 s P + c m E t / U U 8 u 4 J P r 24 G P v B t 0 e H 8 V Q Y p + W K o A J Q 6 C X a 5 r O L n X 8 s s o n m v q r g K D 855 U h i 8 a d + 7 r G E 0 P x b T c p L b V k w L L G M u X d 8 t m j c Z u t p F S E G s o P V 9 G U 3 z / v U k m F z 9 w J C x R a 6 o O g + Q 5 l D o R + 82 l g u j D B Y e E T c + y L J X I b 6 n A 5 H X k L 4 y + E M s H q k O Z B z 10 F S E k x 5 N + o E 1 t b h x J A c q A M I z 8 Z O 3 O Q M s d i B c c 2 s P A M K e A C c x T j 0 N / + 4 J D H V 44 X T W r D 7 h 8 m S D J E w y / c P p G P b 8 O 7 P n Y r g S C Y W 9 Y 1 B W + 1 H w k E l h a A f E / l x / 5 u F J D b 3 j 3 Q g i 5 w M q 1 n C T Z 3 M P U 161 P t J m k 5 u R W E d A W O 0 V e P k M 1 Z z t b B m + z a 1 y c s Y G L E R e + C 0 F I h s x g 22 C 4 P 88 V G S e O q 6 I F Z T T W f V q L j s C e r L w C o 0 v + h H r K 5 l f h r N K 5 C u J r 1 G w V T g N m O E 6 / f k W W 8 S l Y F J 0 1 / v T H e I a O T 6 I R j k k I q z Z 8 g z D 1 + j P m d 1 q 43 L u Y 9 e k 52 y 4 X 5 z U X t N q / o l c y b 4 t f D A V Y x H m X D J V m I C Q M h r h d Z S d 1 u Y o l p x 5 V m J s m m W d Y T S S E e R k J z W h F 5 C e 0 a s v 9 D N R V 82 i O l r J D B N O c 0 C 8 m h J c h N Y Y I F i w I W P Y D i X Y 4 e n I 6 h x A a l W 2 J p R f w 0 f Z V B G E r O W S 2 m c u D L Z V Y B i 5 L R + 8 / 5 u I R f 5 u c n 27 r s 0 m u e 7 R I O 0 t p t u g V + g r c c q o B 5 q S g b M v A 4 d 5 V w 7 G F g q t M f g F + I S Z 5 n s U B I F V d i 5 M / 2 E w F 5 d S r 0 T R j A 6 R k J q 5 A N J l A i 5 P d 3 A F w g O A W t 0 3 R G / b F x r 8 P A k N + N p N H 5 i P h q b v + 1 X l j 5 / m 6 H o V O 4 S k z U f O + 4 F i i J V W c C G 0 G r q P i l L b / P C o J w Z n J 1 M r 1 j i O E z 8 B j l k R W Q W X 9 m Y M h 2 V j a T s 6 F f W s X x j F 4 V 7 H M B u K e t O + 0 i N J 5 o Z S 29 w Y + n M p B w p 0 3 D n 0 T n G S Q 13 A P n A s u Z m q V m a T 0 0 4 C 6 m G T A i 8 L 9 w Q E b Q J y J X C T P w P P e Z H c Q v O c H M k u 2 E C z g Z 2 w L + u y s S d T K E T W x F 4 M K 4 T A H l M X s g o o t i + h b P a k Z 8 M 2 d j v M q L + a X B R y + S c y 65294 H q A X 3 C w m v 6 X z c f c y w 1 i 3 N H / g x 9 E Y / H a l W l c 5 U F r 2 F 9 T C U k 1 M S s / k j t 96 S P 5 C U 2 d 75 g Y e A 2 Q z G I B U y u k S r V R A G a j O Q 9 r i y G Z 4 R F P p W Q B P 1 t G G L v 6 W V e 5 i i U s J i x P v j M 2 e T C U r d 3 H 3 x / 6 i u 6 a 5 F Q n P T B E h W W / K f 3 p b 8 N r h J 0 n l U R 6 w i s C Q Z Q K C L K g 3 z D K / b 5 s S T l b 2 D b X C p o T j t y m A 2 u u g 5 A J 87 Q V Z h k Y Y 87 b Q E o i 0 k x h s 7 s Q 53 S V I s I D b e Y p K Y 19 H Z a c B / U Y S s w 99 N w k j r z b H q Q R 9 V J Q E t Z c x m x M x w y P s g v a 0 F x n V H U u V O 98 s 0 d x G Z U j j 6 y Y Q b v O f k H e L x w N P F C S V T k V x p J 9 t D n m p + u w h g / o Z u S D U x 705 O z u 1 a o f 5 e o j N g Q Q v T l 8 U f 91 P t x W o 2 G v q M u c 8 M U M W G I s P C 9 Z r y A j S R L r t Y l 0 C 6 A U 2 R f S m r E G m 607 s 1 f d i 7 k J r D P 7 + P 5 f r K G 46 P 4 d / c + N q v 4 h s N 6 + 6 U o 5 D w 2 D y g Z c F x Y P X i T f E P 4 O q n f m V E k C Q Q s x H 0 b z a q R n n q U d + / z 77 y q m v 1 G + D 58 X a z p z K U C k S 2 F U Z H l T n N 48 j 79 + J 213 J c 2 o 7 a H a R 0 B 1 g v O T Q A 3 Y K Q X Z Z / V u r p M x F o s H U A s o V Y U E B 73 U / A L f r s z q e f R V d s o T n P W n W o G w H S K 0 8 u r D n I Y N x i 3 d A T 1 z 4 R Q y i U d Y 9 g a p F / 6 m H T 8 Z 8 Q O + R Q H V O 4 E U U I H i s N P h l l P V t d W 1 W D R M 4 U F T l 5 I t 5 k F F w 0 K Q S F e A U R 2 g O Y O n R 7 z 46 j i 7 a i o R 6 C G c F T + w X C L 7 v 1 m A T F B U W a a X c k / u i k f h J 0 g k S n 5 h W j O G w F A K 3 i 5 q n e 9 c h o E V Z b p 1 / C 7E2 T i v 1 s G m P J j F A 4 o x 933 L v W 0 p 6 C g + D S t 4 b 3 r 0 P Z n Z 7 / I i o d P i t T A 5 i K z C 6 + p w K W l 3 K d m Q Z e W B o J A c M o / 5 H f m u 2 R w i I V X h P P J P x M Y n q C 7 R q v S s f h R X 0 A p k w U X H L v b n B 9 z b Q a 9 / K E f k 2 J U y T g r d l C G x R 0 X Q m H u / p m V 6 s 0 d o g i h O A l O x J 5 n 0 7 Z a 1 b Y 6 Q U E e h N g + O p x L H 6 d n x S e 6 Y L E 0 y A a g Z 87 u y y x E S e 9 A d 9 t n U k l e 2 T r F p / 6 t v d W o a n F 0 2 o C 8 Z K N T F 5 H b a m j n H D B 1 X K f J o u p E S p Q i u t K D Y r k q K 8 b 9 U v V Q e z c x + M p f j A j L v 3 Y 6 J b a f I r K 84 N d 0 L F V Z 8 D 1 S a j I R C 1 C d i 398 r / f K 0 i X 9 s e P N T G U P Z L Z l + r u o y m w R A v P 99 F 9 V A Q d 67 r + x a m Z O g S H 87 Q 7 Z q t 5 L H 8 i 5 X E x w l P S F 0 q q I 4 h Z 9 D r C M 0 p Q n x 6 / c j M K v R p F N 6 S 4 f j G K x O Z x V Q Y K N k / F Q 64 v R 2 a q d q R t A c n G x u e f 0 2 p u A F d 0 s d 9 k 5 D R 6 d u l R M g F n f c 9 r O c u 3 m Q 9 X r P Z X C w X t M J Q u r F k J p l C 0 b 9 w a j R p Z e D h i Y Z 2 O n F + j z G Y A g d t Q C t 9 l r 7 C / 8 Q k 2 Z 3 g X t k 5 O Q d 18 k r Y o b r x h r S 2 X Z C 2 T A j 7 c g K T d b 9 p N b t I Q H p 6 D K H F 9 g M M j 5 t e P i v h
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T08:25:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"malware-sample\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e12f83-98e0-490c-9820-4807950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T08:25:39.000Z" ,
"modified" : "2016-03-10T08:25:39.000Z" ,
"description" : "Cerber executable (created: Fri Feb 26 10:28:56 2016)" ,
"pattern" : "[file:name = 'a5ff5f.exe' AND file:hashes.SHA1 = '0af6bde11eaa699604aa92cce9a6210dfce70f42']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T08:25:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e12f84-d92c-455f-9ecf-4e30950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T08:25:40.000Z" ,
"modified" : "2016-03-10T08:25:40.000Z" ,
"description" : "Cerber executable (created: Fri Feb 26 10:28:56 2016)" ,
"pattern" : "[file:name = 'a5ff5f.exe' AND file:hashes.SHA256 = 'a5ff5f861bbb1ac7c6fd44f303f735fac01273ce2ae43a8acb683076192fcfcc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T08:25:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename|sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--56e148f3-461c-4d44-ace6-493f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:14:11.000Z" ,
"modified" : "2016-03-10T10:14:11.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Payload installation\""
] ,
"x_misp_category" : "Payload installation" ,
"x_misp_comment" : "# DECRYPT MY FILES #.vbs" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Set SAPI = CreateObject(\"SAPI.SpVoice\")\r\nSAPI.Speak \"Attention! Attention! Attention!\"\r\nFor i = 1 to 5\r\nSAPI.Speak \"Your documents, photos, databases and other important files have been encrypted!\"\r\nNext"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--56e1493d-c33c-4e3e-bcdd-4ae7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:15:25.000Z" ,
"modified" : "2016-03-10T10:15:25.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Payload installation\""
] ,
"x_misp_category" : "Payload installation" ,
"x_misp_comment" : "# DECRYPT MY FILES #.txt" ,
"x_misp_type" : "text" ,
"x_misp_value" : "C E R B E R\r\n -----------\r\n\r\n\r\n Your documents, photos, databases and other important files have been encrypted!\r\n\r\n\r\n To decrypt your files follow the instructions:\r\n\r\n\r\n ---------------------------------------------------------------------------------------\r\n\r\n\r\n 1. Download and install the \"Tor Browser\" from https://www.torproject.org/\r\n\r\n\r\n 2. Run it\r\n\r\n\r\n 3. In the \"Tor Browser\" open website:\r\n\r\n http://decrypttozxybarc.onion/F97F-EFC0-B07D-003F-3EA6\r\n\r\n\r\n 4. Follow the instructions at this website\r\n\r\n\r\n ---------------------------------------------------------------------------------------\r\n\r\n\r\n \u00c2\u00ab...Quod me non necat me fortiorem facit.\u00c2\u00bb"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--56e1498a-da10-48f7-995e-4fda950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:16:42.000Z" ,
"modified" : "2016-03-10T10:16:42.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"Payload installation\""
] ,
"x_misp_category" : "Payload installation" ,
"x_misp_comment" : "# DECRYPT MY FILES #.html" ,
"x_misp_type" : "text" ,
"x_misp_value" : "<!DOCTYPE html>\r\n<html lang=\"en\">\r\n <head>\r\n <link href=\"http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css\" rel=\"stylesheet\">\r\n <meta charset=\"utf-8\">\r\n <meta content=\"IE=edge\" http-equiv=\"X-UA-Compatible\">\r\n <meta content=\"width=device-width, initial-scale=1\" name=\"viewport\">\r\n <title>C E R B E R</title>\r\n </head>\r\n <body>\r\n <div class=\"container\">\r\n <h3 align=\"center\">C E R B E R</h3>\r\n <br />\r\n <h4>Your documents, photos, databases and other important files have been encrypted!<br /><br />To decrypt your files follow the instructions:</h4>\r\n <br />\r\n <div class=\"well\">\r\n <h4>1. Download and install the «Tor Browser» from <a href=\"https://www.torproject.org/download/download-easy.html.en\" target=\"_blank\">https://www.torproject.org/</a></h4>\r\n <br />\r\n <h4>2. Run it</h4>\r\n <br />\r\n <h4>3. In the «Tor Browser» open website:<br /><br /><div class=\"form-group\" style=\"margin: 0 32px 36px 32px;\"><input class=\"form-control\" style=\"color: #c24; font-size: 22px; height: 50px; text-align: center;\" type=\"text\" value=\"http://decrypttozxybarc.onion/F97F-EFC0-B07D-003F-3EA6\" readonly></div></h4>\r\n <h4>4. Follow the instructions at this website</h4>\r\n </div>\r\n <br />\r\n <p style=\"color: #ccc;\">«...Quod me non necat me fortiorem facit.»</p>\r\n <br />\r\n </div>\r\n </body>\r\n</html>"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56e149c8-4648-4514-ba41-4f92950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:17:44.000Z" ,
"modified" : "2016-03-10T10:17:44.000Z" ,
"first_observed" : "2016-03-10T10:17:44Z" ,
"last_observed" : "2016-03-10T10:17:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56e149c8-4648-4514-ba41-4f92950d210f"
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56e149c8-4648-4514-ba41-4f92950d210f" ,
"value" : "http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56e14a17-4f34-4ffd-8ef8-4990950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:19:03.000Z" ,
"modified" : "2016-03-10T10:19:03.000Z" ,
"description" : "Onion server for payment" ,
"pattern" : "[domain-name:value = 'decrypttozxybarc.onion']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-10T10:19:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--56e14a73-f9ac-4fea-98f4-46e0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-10T10:20:35.000Z" ,
"modified" : "2016-03-10T10:20:35.000Z" ,
"labels" : [
"misp:type=\"btc\"" ,
"misp:category=\"Financial fraud\""
] ,
"x_misp_category" : "Financial fraud" ,
"x_misp_comment" : "Bitcoin address" ,
"x_misp_type" : "btc" ,
"x_misp_value" : "1GCaWA685Nj2PqqG7P2ZBACYZB8ZtpQuQ9"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
