misp-circl-feed/feeds/circl/misp/5c51800b-4054-4a1d-9f2d-4810950d210f.json

{"Event": {"info": "OSINT - New LockerGoga Ransomware Allegedly Used in Altran Attack", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#0071c3", "exportable": true, "name": "osint:lifetime=\"perpetual\""}, {"colour": "#0087e8", "exportable": true, "name": "osint:certainty=\"50\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#000000", "exportable": true, "name": "dnc:malware-type=\"Ransomware\""}, {"colour": "#39b300", "exportable": true, "name": "enisa:nefarious-activity-abuse=\"ransomware\""}, {"colour": "#006c6c", "exportable": true, "name": "ecsirt:malicious-code=\"ransomware\""}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00acd1", "exportable": true, "name": "veris:action:malware:variety=\"Ransomware\""}, {"colour": "#000000", "exportable": true, "name": "Ransomware"}, {"colour": "#420053", "exportable": true, "name": "ms-caro-malware:malware-type=\"Ransom\""}, {"colour": "#001739", "exportable": true, "name": "ms-caro-malware-full:malware-type=\"Ransom\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}], "publish_timestamp": "0", "timestamp": "1548849757", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c51852f-de8c-4a99-a0f9-4c01950d210f", "sharing_group_id": "0", "timestamp": "1548846383", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c51852f-f300-42ee-824e-468e950d210f", "timestamp": "1548846383", "to_ids": true, "value": "X:\\work\\Projects\\LockerGoga\\cl-src-last\\cryptopp\\src\\rijndael_simd.cpp", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c51852f-ecec-4705-bc0c-4590950d210f", "timestamp": "1548846383", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5c518643-345c-473f-a3b4-1746950d210f", "sharing_group_id": "0", "timestamp": "1548846659", "description": "File object describing a file with meta-information", "template_version": "15", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5c518643-a490-4e85-bb4d-1746950d210f", "timestamp": "1548846659", "to_ids": true, "value": "README-NOW.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5c518643-9d38-45c6-a0d4-1746950d210f", "timestamp": "1548846659", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5c5180b6-03ec-477c-b914-1747950d210f", "timestamp": "1548845370", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5c518120-9f24-4cae-8aca-4485950d210f", "timestamp": "1548845369", "to_ids": false, "value": "Hackers have infected the systems of Altran Technologies with malware that spread through the company network, affecting operations in some European countries. To protect client data and their own assets, Altran decided to shu