misp-circl-feed/feeds/circl/misp/5ad09f32-ce58-47f3-b137-4411950d210f.json

251 lines
64 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2018-04-03",
"extends_uuid": "",
"info": "Vurten Ransomware",
"publish_timestamp": "1523865154",
"published": true,
"threat_level_id": "3",
"timestamp": "1523865150",
"uuid": "5ad09f32-ce58-47f3-b137-4411950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "tlp:white",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#2c4f00",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#002642",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "osint:source-type=\"microblog-post\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
},
{
"colour": "#0088cc",
2023-05-19 09:05:37 +00:00
"local": "0",
"name": "misp-galaxy:ransomware=\"Vurten\"",
"relationship_type": ""
2023-04-21 13:25:09 +00:00
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523622505",
"to_ids": true,
"type": "md5",
"uuid": "5ad0a269-9a68-4e19-82b8-7323950d210f",
"value": "f2be597fc76acc3390ff4cf944008ba5"
},
{
"category": "External analysis",
"comment": "",
"data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAUDBAQEAwUEBAQFBQUGBwwIBwcHBw8LCwkMEQ8SEhEPERETFhwXExQaFRERGCEYGh0dHx8fExciJCIeJBweHx7/2wBDAQUFBQcGBw4ICA4eFBEUHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh7/wgARCAIOAwUDASIAAhEBAxEB/8QAGwABAAMBAQEBAAAAAAAAAAAAAAMEBQYHAgH/xAAYAQEBAQEBAAAAAAAAAAAAAAAAAQIDBP/aAAwDAQACEAMQAAAB6JJZ9XlpLUFnwftfj4gW0/ICwV0sPkfT4L9vqxZVVtKKy0qqtfBAtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtCqtIqtBLntGmRLkUsDQyWpkfxy7zo/vWIHPOc7O1Dq9+GVX2/3F4OXuG7ylDulcFodal5bI9AWcXX7xHAReiGuctbK8/MdTujfI/vWpPPf30Evn/X6K5zmiszmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzmiM5ojOaIzoNiKXK+ddnVOjtfmpm0OiY1QwOurTpxG7qPJ7+P3dOfeOCRuvg7fpuZ3tub08y1nrZmo0bOpmr/Vzg/ubdzq3YpV13L2Xe1jFu/vOZ1v/VX8Prb4/qrLGJochlZ3K0OrYs08mOhv8V1dl/Kv5BuoRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhEyETIRMhE1f6iufHhiejaeZBt0cuRn8unTuX7gz2RnnRx8zsrp/WfSZ3XzTW9HyUp1jAqnU08G8u4myE0XM/h07lJY6KPm9e3T+q2Ez0z5orLPynwdkxtBLLJy5eqcf21kLIz16dy182mXinVSchfOgqYPQ1Yr0c+XoIa3yzro6i33Mfh1DQ56LsnOXK12VlHVOU3y5mfefLvfWVh6z2Nfndeauw1vlnXcN1BotYuS1hktYZLWGS1hktYZLWGS1hkw7lQzoZJd48bEno+hQ6C2O7Qm5df35mpS/UtKxZJ814ifZx94qZ1exEkMEtbVTRyil8V/s25Mq4n1+fmVLa/UVXKmjAVbebcKaT7INehppTm/YZbtGdWdYnyo6DJ0q1Z9v5tFL7l+SpoVrxL9fFCFKOGp9bI0BPnzGleydJMi3VjW1n36cUr1W3WfYuZppQfHwkc8cC2/wAztgikh0ZEE2fbXtULJBdtZxapzSn3Zz6ZNoS04qz6GYt/8p/lzN9/FLOuqh+/jePyldpanjb9XHpN2rqNZfV87a59PrLvXIw9qx9Vn8908hFX0Pw52n09WN7J0YDnP3d+653T0bJzEOvDGVHu6VYGzm7SYWf1MLWZHe0GeU19C2ufHfoxoZmlSrmbe9lke1n/ACdLz2vjRm/XQ5lYcvU48QVNXWq9zet9Ry+5ZuVjbf7JZy2V2jNgztuSsDN7CCTEh6L7t5iLovk5+TpoDOk2oTirvSji7vS2Jeb0tCLWbolAAAAAAAAVLdQ/KdypvHjb6XHpdyrbm6Op9UMb+YfrXjV5eX4qnU7vn4yP2xespv261vc/qzs85U6eksud9fsV9ipVrS1KeSlulZ/Jcyf9/a+dKpEQbmNMlrnukzGotKxQT6y/3Rirr5d22TK6/PZ/K/3ky2K/QaFYmb1qOM+O2WcvP0JQAAAAAAAAAAAAAAAAAAAFS3UPyrarbx44/TPpmlhdjbnfOw59Mb92EYFrVVHT0BifO6MXQtCncEow6iXHs31ZX1pjG+NxGVldUMv901lCntl5bS1xn1NsZXxsDB/d1GLoWlUfjRGRW6AlW0KAAAAAAAAAAAAAAAAAAAAAAAqW6h+VrNLePIkC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqH5RvUd48cFx6N2XG9lbKOXUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUt1D8o3qO8eOC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqH5RvUd48cFx6N2XG9lbKOXUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUt1D8o3qO8eOC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqH5RvUd48cFx6N2XG9lbKOXUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUt1D8o3qO8eOC49G7LjeytlHLqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqW6h+Ub1HePHBcejdlxvZWyjl1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVLdQ/KN6jvHjguPRuy43srZRy6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKluoflG9R3jxwXHo3Zcb2Vso5dQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS3UPyjeo7x44Lj0bsuN7K2UcuoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACpbqnzR+JN48bFx6N1fKdPbMy9Dl1kRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJEYkRiRGJfnN0T9o2qu8eNi49G6DyOz28/qryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqryoeqvKh6q8qHqv75SPUofM1mY59w9H/8QALhAAAQMDBAIDAAAFBQEAAAAAAwACBAEFExEUFjMGNRIVYAciJCUyISMxQF
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862958",
"to_ids": false,
"type": "attachment",
"uuid": "5ad0a2a4-5178-4f36-a32e-4b40950d210f",
"value": "DZ3kB-QXUAArt0a.jpg:large.jpeg"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "4",
"timestamp": "1523622291",
"uuid": "5ad0a193-a488-4138-9882-436e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1523622291",
"to_ids": false,
"type": "text",
"uuid": "5ad0a193-db90-49d2-bf42-49c4950d210f",
"value": "#Ransomware Vurten .improved F2BE597FC76ACC3390FF4CF944008BA5"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1523622292",
"to_ids": false,
"type": "text",
"uuid": "5ad0a194-ff14-4170-9182-4dc0950d210f",
"value": "Twitter"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1523622292",
"to_ids": true,
"type": "url",
"uuid": "5ad0a194-ca54-4c7f-ae7b-465f950d210f",
"value": "https://twitter.com/siri_urz/status/981191281195044867"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "creation-date",
"timestamp": "1523622292",
"to_ids": false,
"type": "datetime",
"uuid": "5ad0a194-46d8-4612-b316-4610950d210f",
"value": "2018-04-03T00:00:00"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1523622293",
"to_ids": false,
"type": "text",
"uuid": "5ad0a195-ac50-4040-b583-4d67950d210f",
"value": "@siri_urz"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1523862962",
"uuid": "2297d10f-fa36-4cdf-84a4-92586cabcb2b",
"ObjectReference": [
{
"comment": "",
"object_uuid": "2297d10f-fa36-4cdf-84a4-92586cabcb2b",
"referenced_uuid": "644fa57b-273b-455d-aabd-820d13f84808",
"relationship_type": "analysed-with",
"timestamp": "1523862961",
"uuid": "5ad44db1-de20-4150-8f10-43c502de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1523862959",
"to_ids": true,
"type": "md5",
"uuid": "5ad44daf-6df4-418e-aa57-499102de0b81",
"value": "f2be597fc76acc3390ff4cf944008ba5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1523862959",
"to_ids": true,
"type": "sha1",
"uuid": "5ad44daf-8388-421c-8e12-4d3202de0b81",
"value": "e920827ddf406928b94c7ff30b9785c585ad9be0"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1523862960",
"to_ids": true,
"type": "sha256",
"uuid": "5ad44db0-d384-45d5-bedb-4e4d02de0b81",
"value": "583aabffbdb69f611557f8289059792e4ff0aeb7ce6d7dc812dbd3b93079b1c9"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1523862960",
"uuid": "644fa57b-273b-455d-aabd-820d13f84808",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1523862960",
"to_ids": false,
"type": "datetime",
"uuid": "5ad44db0-eb24-47ad-bbbe-4c0802de0b81",
"value": "2018-04-15T07:22:39"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1523862960",
"to_ids": false,
"type": "link",
"uuid": "5ad44db0-65b0-4245-9e66-474f02de0b81",
"value": "https://www.virustotal.com/file/583aabffbdb69f611557f8289059792e4ff0aeb7ce6d7dc812dbd3b93079b1c9/analysis/1523776959/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1523862961",
"to_ids": false,
"type": "text",
"uuid": "5ad44db1-bf8c-4785-a39c-4f3502de0b81",
"value": "37/67"
}
]
}
]
}
}