2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5ac5d6b1-3848-4918-9e42-4206950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:39.000Z" ,
"modified" : "2018-04-08T15:09:39.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5ac5d6b1-3848-4918-9e42-4206950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:39.000Z" ,
"modified" : "2018-04-08T15:09:39.000Z" ,
"name" : "OSINT - Mole66 Cryptomix Ransomware Variant Released" ,
"published" : "2018-04-08T15:10:04Z" ,
"object_refs" : [
"observed-data--5ac5d6c4-f19c-457b-9864-4f5e950d210f" ,
"url--5ac5d6c4-f19c-457b-9864-4f5e950d210f" ,
"x-misp-attribute--5ac5d6df-5068-407a-98ca-4a59950d210f" ,
"indicator--5ac5de76-ba98-41ac-b403-4f6b950d210f" ,
"indicator--5ac5de77-5a7c-421e-ab52-4a87950d210f" ,
"indicator--5ac5de77-7a00-4741-b859-48ac950d210f" ,
"indicator--5ac5de78-c99c-471b-a1a7-4098950d210f" ,
"indicator--aa6231bd-cf24-43c7-9a74-b33d36b2ea23" ,
"x-misp-object--339584d7-03bd-43aa-8bee-082050d98159" ,
2023-05-19 09:05:37 +00:00
"relationship--d6bc0214-c0c4-4b70-8216-91d99e513ea8"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\"" ,
"circl:incident-classification=\"malware\"" ,
"malware_classification:malware-category=\"Ransomware\"" ,
"misp-galaxy:ransomware=\"CryptoMix\"" ,
"misp-galaxy:ransomware=\"Zeta\"" ,
"workflow:state=\"complete\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5ac5d6c4-f19c-457b-9864-4f5e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:25.000Z" ,
"modified" : "2018-04-08T15:09:25.000Z" ,
"first_observed" : "2018-04-08T15:09:25Z" ,
"last_observed" : "2018-04-08T15:09:25Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5ac5d6c4-f19c-457b-9864-4f5e950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5ac5d6c4-f19c-457b-9864-4f5e950d210f" ,
"value" : "https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5ac5d6df-5068-407a-98ca-4a59950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:26.000Z" ,
"modified" : "2018-04-08T15:09:26.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new Cryptomix variants a few times a month, but this time it has been almost 2 months since the previous System variant was released."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ac5de76-ba98-41ac-b403-4f6b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-05T08:29:42.000Z" ,
"modified" : "2018-04-05T08:29:42.000Z" ,
"pattern" : "[file:hashes.SHA256 = '15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-05T08:29:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ac5de77-5a7c-421e-ab52-4a87950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:26.000Z" ,
"modified" : "2018-04-08T15:09:26.000Z" ,
"pattern" : "[file:name = '_HELP_INSTRUCTIONS_.TXT']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-08T15:09:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ac5de77-7a00-4741-b859-48ac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:26.000Z" ,
"modified" : "2018-04-08T15:09:26.000Z" ,
"pattern" : "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\[random].exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-08T15:09:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5ac5de78-c99c-471b-a1a7-4098950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:27.000Z" ,
"modified" : "2018-04-08T15:09:27.000Z" ,
"pattern" : "[email-message:from_ref.value = 'alpha2018a@aol.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-08T15:09:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--aa6231bd-cf24-43c7-9a74-b33d36b2ea23" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:30.000Z" ,
"modified" : "2018-04-08T15:09:30.000Z" ,
"pattern" : "[file:hashes.MD5 = 'c3294c90474063dfb0d28ef8a693a6cb' AND file:hashes.SHA1 = 'f339b703192a562dde82596319e8720c30aaa5ed' AND file:hashes.SHA256 = '15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2018-04-08T15:09:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--339584d7-03bd-43aa-8bee-082050d98159" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2018-04-08T15:09:29.000Z" ,
"modified" : "2018-04-08T15:09:29.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91/analysis/1522854946/" ,
"category" : "External analysis" ,
"uuid" : "5aca30a9-d1bc-423c-b3bf-637702de0b81"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "48/67" ,
"category" : "Other" ,
"uuid" : "5aca30a9-7168-43f7-aa66-637702de0b81"
} ,
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2018-04-04T15:15:46" ,
"category" : "Other" ,
"uuid" : "5aca30a9-2f54-4ac7-b884-637702de0b81"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--d6bc0214-c0c4-4b70-8216-91d99e513ea8" ,
2023-04-21 14:44:17 +00:00
"created" : "2018-04-08T15:09:30.000Z" ,
"modified" : "2018-04-08T15:09:30.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--aa6231bd-cf24-43c7-9a74-b33d36b2ea23" ,
"target_ref" : "x-misp-object--339584d7-03bd-43aa-8bee-082050d98159"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}