{ "Event": { "analysis": "2", "date": "2018-11-30", "extends_uuid": "", "info": "OSINT - Making a Ransomware Payment? It May Now Violate U.S. Sanctions", "publish_timestamp": "1544041458", "published": true, "threat_level_id": "3", "timestamp": "1544041447", "uuid": "5c04f23f-fd50-4445-ba0b-40b3950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#0088cc", "name": "misp-galaxy:ransomware=\"Samas-Samsam\"" }, { "colour": "#0088cc", "name": "misp-galaxy:malpedia=\"SamSam\"" }, { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#2c4f00", "name": "malware_classification:malware-category=\"Ransomware\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543830329", "to_ids": false, "type": "link", "uuid": "5c04fb39-311c-44cf-ab12-4637950d210f", "value": "https://www.blockchain.com/btc/address/149w62rY42aZBox8fGcmqNsXUzSStKeq8C" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543830329", "to_ids": false, "type": "link", "uuid": "5c04fb39-1a6c-4032-9faa-419e950d210f", "value": "https://www.blockchain.com/btc/address/1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543830329", "to_ids": false, "type": "link", "uuid": "5c04fb39-c988-48c8-9dda-4a05950d210f", "value": "https://www.bleepingcomputer.com/news/security/making-a-ransomware-payment-it-may-now-violate-us-sanctions/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543846924", "to_ids": true, "type": "email-src", "uuid": "5c053c0c-8fd0-477d-8150-4533950d210f", "value": "iranvisacart@yahoo.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543846925", "to_ids": true, "type": "email-src", "uuid": "5c053c0d-bcb0-49ad-bb0a-4bc0950d210f", "value": "alikhorashadi@yahoo.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543846925", "to_ids": true, "type": "email-src", "uuid": "5c053c0d-1e50-4b7f-81cc-41db950d210f", "value": "mastercartaria@yahoo.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543846926", "to_ids": true, "type": "email-src", "uuid": "5c053c0e-c268-4be8-8b67-43f1950d210f", "value": "toppglasses@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543846926", "to_ids": true, "type": "email-src", "uuid": "5c053c0e-a968-4d69-8613-43cf950d210f", "value": "iranian_boy5@yahoo.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543849765", "to_ids": true, "type": "hostname", "uuid": "5c054725-27e8-455c-afbc-4ebc950d210f", "value": "www.enexchanger.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543849766", "to_ids": true, "type": "email-src", "uuid": "5c054726-cec0-4fe0-9e95-4bb4950d210f", "value": "enexchanger@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1543849766", "to_ids": true, "type": "email-src", "uuid": "5c054726-fb24-4a0c-a93d-41fd950d210f", "value": "ensaniyat1365@gmail.com" } ], "Object": [ { "comment": "", "deleted": false, "description": "An address used in a cryptocurrency", "meta-category": "financial", "name": "coin-address", "template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46", "template_version": "4", "timestamp": "1543832646", "uuid": "5c04f529-effc-4355-b816-4174950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5c04f529-effc-4355-b816-4174950d210f", "referenced_uuid": "5c04fb39-1a6c-4032-9faa-419e950d210f", "relationship_type": "related-to", "timestamp": "1543832646", "uuid": "5c050446-17b0-4e64-8f16-4b8b950d210f" } ], "Attribute": [ { "category": "Financial fraud", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "address", "timestamp": "1543828777", "to_ids": true, "type": "btc", "uuid": "5c04f529-1e64-4e83-92ae-453f950d210f", "value": "1AjZPMsnmpdK2Rv9KQNfMurTXinscVro9V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "symbol", "timestamp": "1543828777", "to_ids": false, "type": "text", "uuid": "5c04f529-831c-434b-bdad-4e3e950d210f", "value": "BTC" } ] }, { "comment": "", "deleted": false, "description": "An address used in a cryptocurrency", "meta-category": "financial", "name": "coin-address", "template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46", "template_version": "4", "timestamp": "1543831366", "uuid": "5c04f61e-f3cc-4c8c-8ae1-4e77950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5c04f61e-f3cc-4c8c-8ae1-4e77950d210f", "referenced_uuid": "5c04fb39-311c-44cf-ab12-4637950d210f", "relationship_type": "related-to", "timestamp": "1543831365", "uuid": "5c04ff45-6aac-40a4-9742-49fa950d210f" } ], "Attribute": [ { "category": "Financial fraud", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "address", "timestamp": "1543829022", "to_ids": true, "type": "btc", "uuid": "5c04f61e-e908-49ae-be5c-4ec7950d210f", "value": "149w62rY42aZBox8fGcmqNsXUzSStKeq8C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "symbol", "timestamp": "1543829023", "to_ids": false, "type": "text", "uuid": "5c04f61f-3e90-41dc-a124-465c950d210f", "value": "BTC" } ] }, { "comment": "", "deleted": false, "description": "An person which describes a person or an identity.", "meta-category": "misc", "name": "person", "template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", "template_version": "3", "timestamp": "1543847140", "uuid": "5c05399d-daac-4062-9269-47a2950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5c05399d-daac-4062-9269-47a2950d210f", "referenced_uuid": "5c04f61e-f3cc-4c8c-8ae1-4e77950d210f", "relationship_type": "uses", "timestamp": "1543846333", "uuid": "5c0539bd-1e38-4cad-b585-46dc950d210f" }, { "comment": "", "object_uuid": "5c05399d-daac-4062-9269-47a2950d210f", "referenced_uuid": "5c053c0c-8fd0-477d-8150-4533950d210f", "relationship_type": "related-to", "timestamp": "1543847109", "uuid": "5c053cc5-5294-4d93-ba1f-4805950d210f" }, { "comment": "", "object_uuid": "5c05399d-daac-4062-9269-47a2950d210f", "referenced_uuid": "5c053c0d-bcb0-49ad-bb0a-4bc0950d210f", "relationship_type": "related-to", "timestamp": "1543847121", "uuid": "5c053cd1-a318-4bbe-b4a6-485f950d210f" }, { "comment": "", "object_uuid": "5c05399d-daac-4062-9269-47a2950d210f", "referenced_uuid": "5c053c0d-1e50-4b7f-81cc-41db950d210f", "relationship_type": "related-to", "timestamp": "1543847129", "uuid": "5c053cd9-97b0-4b04-af6e-43a5950d210f" }, { "comment": "", "object_uuid": "5c05399d-daac-4062-9269-47a2950d210f", "referenced_uuid": "5c053c0e-c268-4be8-8b67-43f1950d210f", "relationship_type": "related-to", "timestamp": "1543847134", "uuid": "5c053cde-b22c-4f57-b998-4d48950d210f" }, { "comment": "", "object_uuid": "5c05399d-daac-4062-9269-47a2950d210f", "referenced_uuid": "5c053c0e-a968-4d69-8613-43cf950d210f", "relationship_type": "related-to", "timestamp": "1543847140", "uuid": "5c053ce4-9850-427c-b72f-4f7d950d210f" } ], "Attribute": [ { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "nationality", "timestamp": "1543846302", "to_ids": false, "type": "nationality", "uuid": "5c05399e-a3c0-4126-b343-4182950d210f", "value": "Iran" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "passport-number", "timestamp": "1543846302", "to_ids": false, "type": "passport-number", "uuid": "5c05399e-1368-44eb-b1ff-4276950d210f", "value": "T14553558" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "passport-country", "timestamp": "1543846302", "to_ids": false, "type": "passport-country", "uuid": "5c05399e-1630-4e0a-997f-4b00950d210f", "value": "Iran" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "passport-expiration", "timestamp": "1543846302", "to_ids": false, "type": "passport-expiration", "uuid": "5c05399e-1ee8-4bcc-be2e-4075950d210f", "value": "29 Oct 2013" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "gender", "timestamp": "1543846302", "to_ids": false, "type": "gender", "uuid": "5c05399e-115c-47e8-b53c-416d950d210f", "value": "Male" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "date-of-birth", "timestamp": "1543846302", "to_ids": false, "type": "date-of-birth", "uuid": "5c05399e-beac-424f-87b4-4c76950d210f", "value": "21 Sep 1979" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-name", "timestamp": "1543846303", "to_ids": false, "type": "last-name", "uuid": "5c05399f-c6fc-4446-958c-4091950d210f", "value": "KHORASHADIZADEH" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-name", "timestamp": "1543846303", "to_ids": false, "type": "first-name", "uuid": "5c05399f-27bc-4fec-a652-43a2950d210f", "value": "Ali" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "alias", "timestamp": "1543846303", "to_ids": false, "type": "text", "uuid": "5c05399f-0170-47df-b228-417c950d210f", "value": "Mastercartaria" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "alias", "timestamp": "1543846304", "to_ids": false, "type": "text", "uuid": "5c0539a0-a534-4b5a-97b2-4290950d210f", "value": "Iranvisacart" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "place-of-birth", "timestamp": "1543846304", "to_ids": false, "type": "place-of-birth", "uuid": "5c0539a0-a540-4ad6-a5de-4480950d210f", "value": "Tehran, Iran" } ] }, { "comment": "", "deleted": false, "description": "An person which describes a person or an identity.", "meta-category": "misc", "name": "person", "template_uuid": "a15b0477-e9d1-4b9c-9546-abe78a4f4248", "template_version": "3", "timestamp": "1543850397", "uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f", "ObjectReference": [ { "comment": "", "object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f", "referenced_uuid": "5c04f529-effc-4355-b816-4174950d210f", "relationship_type": "uses", "timestamp": "1543849790", "uuid": "5c05473e-3c04-43d5-a923-4f20950d210f" }, { "comment": "", "object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f", "referenced_uuid": "5c054725-27e8-455c-afbc-4ebc950d210f", "relationship_type": "related-to", "timestamp": "1543850355", "uuid": "5c054973-e7cc-470b-a38c-4872950d210f" }, { "comment": "", "object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f", "referenced_uuid": "5c054726-cec0-4fe0-9e95-4bb4950d210f", "relationship_type": "related-to", "timestamp": "1543850391", "uuid": "5c054997-6bf8-43fe-a3ce-4a11950d210f" }, { "comment": "", "object_uuid": "5c054301-3b28-4b5c-bfe1-4083950d210f", "referenced_uuid": "5c054726-fb24-4a0c-a93d-41fd950d210f", "relationship_type": "related-to", "timestamp": "1543850397", "uuid": "5c05499d-c1ac-48f5-9bc0-4c72950d210f" } ], "Attribute": [ { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "nationality", "timestamp": "1543848705", "to_ids": false, "type": "nationality", "uuid": "5c054301-9804-4513-874c-4514950d210f", "value": "Iran" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "gender", "timestamp": "1543848706", "to_ids": false, "type": "gender", "uuid": "5c054302-6db0-4a39-ad39-4c11950d210f", "value": "Male" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "date-of-birth", "timestamp": "1543848706", "to_ids": false, "type": "date-of-birth", "uuid": "5c054302-2728-4053-8f6f-4ecc950d210f", "value": "09 Mar 1987" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-name", "timestamp": "1543848707", "to_ids": false, "type": "last-name", "uuid": "5c054303-6418-4cda-a44e-4783950d210f", "value": "GHORBANIYAN" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "first-name", "timestamp": "1543848707", "to_ids": false, "type": "first-name", "uuid": "5c054303-ea40-4920-a0be-467e950d210f", "value": "Mohammad" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "alias", "timestamp": "1543848707", "to_ids": false, "type": "text", "uuid": "5c054303-f09c-40cc-8386-4bfb950d210f", "value": "GHORBANIAN, Mohammad" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "alias", "timestamp": "1543848708", "to_ids": false, "type": "text", "uuid": "5c054304-a1c0-4fa5-9070-4e1e950d210f", "value": "Ensaniyat_Exchanger" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "alias", "timestamp": "1543848708", "to_ids": false, "type": "text", "uuid": "5c054304-d670-4a4c-8b21-4331950d210f", "value": "Ensaniyat" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "alias", "timestamp": "1543848709", "to_ids": false, "type": "text", "uuid": "5c054305-5f20-4c83-addd-4fe0950d210f", "value": "EnExchanger" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "place-of-birth", "timestamp": "1543848709", "to_ids": false, "type": "place-of-birth", "uuid": "5c054305-ba88-471f-86aa-42ef950d210f", "value": "Tehran, Iran" } ] } ] } }