2023-12-14 14:30:15 +00:00
|
|
|
{"Event": {"info": "OSINT - Fallout Exploit Kit Pushing the SAVEfiles Ransomware", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#001d3f", "exportable": true, "name": "riskiq:threat-type=\"exploit-kit\""}, {"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:exploit-kit=\"Fallout\""}], "publish_timestamp": "0", "timestamp": "1540555043", "Object": [{"comment": "Ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5bbdef02-4f74-420d-9e34-4734950d210f", "sharing_group_id": "0", "timestamp": "1539174180", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5bbdef02-9c40-4c96-a9b6-44a7950d210f", "timestamp": "1539174180", "to_ids": true, "value": "!!!SAVE__FILES__INFO!!!.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5bbdef04-7788-4b39-9cc9-4465950d210f", "timestamp": "1539174180", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "0", "Attribute": [{"comment": "", "category": "Network activity", "uuid": "5bbdecd8-d030-4503-82fc-45ac950d210f", "timestamp": "1539173592", "to_ids": true, "value": "http://xxxart.pp.ua/1/get.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "External analysis", "uuid": "5bbdedca-ed94-415e-b26c-413e950d210f", "timestamp": "1539173867", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/fallout-exploit-kit-pushing-the-savefiles-ransomware/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "5bbdeeea-037c-4a2f-af7b-43ff950d210f", "timestamp": "1539174122", "to_ids": true, "value": "bm-2cxonzj9ovn5qdx2mrwmk4j3qcquxbko4h@bitmessage.ch", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5bbdeeeb-2970-440e-a3ca-4465950d210f", "timestamp": "1539174123", "to_ids": true, "value": "savefiles@india.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "ransomnote", "category": "Payload delivery", "uuid": "5bbdef47-8a4c-4a48-912d-49a8950d210f", "timestamp": "1539174215", "to_ids": false, "value": "ransom-note-red.jpg", "data": "/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoXHh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQED/2wBDAREPDxETERUSEhUUERQRFBoUFhYUGiYaGhwaGiYwIx4eHh4jMCsuJycnLis1NTAwNTVAQD9AQEBAQEBAQEBAQED/wgARCAInBA0DASIAAhEBAxEB/8QAGQABAAMBAQAAAAAAAAAAAAAAAAIDBAEF/8QAFwEBAQEBAAAAAAAAAAAAAAAAAAECA//aAAwDAQACEAMQAAABttl3fODvai7yUcOpxOIyBZVaMoOdDsqgn0rJxBPtVrIRx2dVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWsFawVrBWslFK4UpSK05lLia6j2XtNzWLOrEw6L+1ip9NL50fTFFWjp58vRGDVbSYo+qXFHeTDR6owaLx5cvSHkvW4vnQ9UmS60VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRUtFS0VLRRy8UTsGeVvTJdalwVejHHWnNvS0yuq6cpbMepMdtSXb2AzdpuLrabKolQjVPJoqzNfgjQrmTVVHodqnVV+a8kiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiJIiSIkiGLZjuZ7sOuWaOaXWqjm3sd1lyiuXWpjuaOedrL1cIvVdLFEiztEyxT0tVRL2eZa8+3F1donuWPKss9FT5+d+tyrlyhC6WF+ZZsVUGxnmWs3S/tEi1lhWzufOm9ivzq9nyx6TBr3LFaLFYsVixWLFYsVixWLFYsVixWLFYsVixWLFYsVixWLFYsVixWLFYsVixWLFYsVixWLFYsVixWLFYsVix
|
