{"Event":{"info":"OSINT - Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware","Tag":[{"colour":"#ffffff","exportable":true,"name":"tlp:white"},{"colour":"#2c4f00","exportable":true,"name":"malware_classification:malware-category=\"Ransomware\""},{"colour":"#366c00","exportable":true,"name":"circl:incident-classification=\"malware\""},{"colour":"#3b0020","exportable":true,"name":"workflow:todo=\"expansion\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"Ryuk\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:ransomware=\"Ryuk ransomware\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"GRIM SPIDER\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"WIZARD SPIDER\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"INDRIK SPIDER\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:threat-actor=\"MUMMY SPIDER\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"Trick Bot\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"TrickBot\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:banker=\"Trickbot\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:tool=\"Emotet\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:banker=\"Geodo\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"Geodo\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:malpedia=\"Hermes Ransomware\""},{"colour":"#0088cc","exportable":true,"name":"misp-galaxy:ransomware=\"Hermes Ransomware\""}],"publish_timestamp":"0","timestamp":"1547723178","Object":[{"comment":"Ransomnote","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5c3c6597-a1f8-48fd-b501-48b3950d210f","sharing_group_id":"0","timestamp":"1547462039","description":"File object describing a file with meta-information","template_version":"15","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5c3c6597-b78c-4465-9ed5-4b24950d210f","timestamp":"1547462039","to_ids":true,"value":"RyukReadMe.txt","disable_correlation":true,"object_relation":"filename","type":"filename"},{"comment":"","category":"Other","uuid":"5c3c6597-466c-4619-8fa4-48ad950d210f","timestamp":"1547462039","to_ids":false,"value":"Malicious","disable_correlation":true,"object_relation":"state","type":"text"}],"distribution":"5","meta-category":"file","name":"file"},{"comment":"","template_uuid":"d0e6997e-78da-4815-a6a1-cfc1c1cb8a46","uuid":"5c3c68e0-93a0-4538-8457-4175950d210f","sharing_group_id":"0","timestamp":"1547462880","description":"An address used in a cryptocurrency","template_version":"4","Attribute":[{"comment":"","category":"Financial fraud","uuid":"5c3c68e0-dc78-49d0-931e-4680950d210f","timestamp":"1547462880","to_ids":true,"value":"14hVKm7Ft2rxDBFTNkkRC3kGstMGp2A4hk","disable_correlation":false,"object_relation":"address","type":"btc"},{"comment":"","category":"Other","uuid":"5c3c68e0-f500-4181-bb25-478b950d210f","timestamp":"1547462880","to_ids":false,"value":"BTC","disable_correlation":true,"object_relation":"symbol","type":"text"}],"distribution":"5","meta-category":"financial","name":"coin-address"},{"comment":"dropper","template_uuid":"688c46fb-5edb-40a3-8273-1af7923e2215","uuid":"5c3c9879-1ec4-418f-8927-4fbf950d210f","sharing_group_id":"0","timestamp":"1547476140","description":"File object describing a file with meta-information","template_version":"15","Attribute":[{"comment":"","category":"Payload delivery","uuid":"5c3c9879-dfe4-4aa0-b6a8-402d950d210f","timestamp":"1547476140","to_ids":true,"value":"bitsran.exe","disable_correlation":true,"object_relation":"filename","type":"filename"},{"comment":"","category":"Other","uuid":"5c3c987a-4580-4520-ada5-4ae1950d210f","timestamp":"1547476140","to_i
