{"Event":{"info":"OSINT - Aurora / Zorro Ransomware Actively Being Distributed","Tag":[{"colour":"#3b0020","exportable":true,"name":"workflow:todo=\"expansion\""},{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#2c4f00","exportable":true,"name":"malware_classification:malware-category=\"Ransomware\""},{"colour":"#366c00","exportable":true,"name":"circl:incident-classification=\"malware\""},{"colour":"#00223b","exportable":true,"name":"osint:source-type=\"blog-post\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:ransomware=\"Aurora Ransomware\""}],"publish_timestamp":"0","timestamp":"1543222498","Object":[{"comment":"","template_uuid":"d0e6997e-78da-4815-a6a1-cfc1c1cb8a46","uuid":"5bfba696-7a10-46db-8e0b-4c9f950d210f","sharing_group_id":"0","timestamp":"1543218838","description":"An address used in a cryptocurrency","template_version":"4","Attribute":[{"comment":"","category":"Financial fraud","uuid":"5bfba696-2460-4afb-ae36-4b96950d210f","timestamp":"1543218838","to_ids":true,"value":"18sj1xr86c3YHK44Mj2AXAycEsT2QLUFac","disable_correlation":false,"object_relation":"address","type":"btc"},{"comment":"","category":"Other","uuid":"5bfba697-a9f8-4af6-ba2b-4ce9950d210f","timestamp":"1543218839","to_ids":false,"value":"BTC","disable_correlation":true,"object_relation":"symbol","type":"text"}],"distribution":"5","meta-category":"financial","name":"coin-address"},{"comment":"Ransomnote","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5bfba948-d188-4b1a-b11e-406d950d210f","sharing_group_id":"0","timestamp":"1543219528","description":"File object describing a file with meta-information","template_version":"15","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5bfba948-c420-443e-a091-4132950d210f","timestamp":"1543219528","to_ids":true,"value":"!-GET_MY_FILES-!.txt","disable_correlation":true,"object_relation":"filename","type":"filename"},{"comment":"","category":"Other","uuid":"5bfba94a-c67c-463e-8fd7-4b6f950d210f","timestamp":"1543219530","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"Ransomnote","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5bfba95f-ec48-46b9-ad7b-4a10950d210f","sharing_group_id":"0","timestamp":"1543219551","description":"File object describing a file with meta-information","template_version":"15","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5bfba95f-00d8-49b9-a78a-4509950d210f","timestamp":"1543219551","to_ids":true,"value":"#RECOVERY-PC#.txt","disable_correlation":true,"object_relation":"filename","type":"filename"},{"comment":"","category":"Other","uuid":"5bfba960-f634-4f97-93e6-4402950d210f","timestamp":"1543219552","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"Ransomnote","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5bfba976-5148-4a25-8b94-4467950d210f","sharing_group_id":"0","timestamp":"1543219574","description":"File object describing a file with meta-information","template_version":"15","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5bfba977-32c8-4364-9f18-4364950d210f","timestamp":"1543219575","to_ids":true,"value":"@_RESTORE-FILES_@.txt","disable_correlation":true,"object_relation":"filename","type":"filename"},{"comment":"","category":"Other","uuid":"5bfba977-f284-4728-ba45-48cc950d210f","timestamp":"1543219575","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"Wallpapaer ransomnote","template_uuid":"688c46fb-5edb-40a3-82
