{ "Event": { "analysis": "2", "date": "2018-06-15", "extends_uuid": "", "info": "OSINT - New Donut Ransomware", "publish_timestamp": "1540717200", "published": true, "threat_level_id": "3", "timestamp": "1540558659", "uuid": "5b2783ba-57e4-44da-88ee-4c4f950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#2c4f00", "name": "malware_classification:malware-category=\"Ransomware\"" }, { "colour": "#3b7500", "name": "circl:incident-classification=\"malware\"" }, { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" }, { "colour": "#002642", "name": "osint:source-type=\"microblog-post\"" }, { "colour": "#0088cc", "name": "misp-galaxy:ransomware=\"Donut\"" }, { "colour": "#e8007d", "name": "workflow:state=\"complete\"" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529316335", "to_ids": false, "type": "link", "uuid": "5b2783d2-af20-4e83-90ba-4d58950d210f", "value": "https://twitter.com/siri_urz/status/1005438610806583296", "Tag": [ { "colour": "#002642", "name": "osint:source-type=\"microblog-post\"" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529316317", "to_ids": false, "type": "link", "uuid": "5b2783d2-5414-4e5f-834d-49f4950d210f", "value": "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529316489", "to_ids": true, "type": "email-src", "uuid": "5b278489-ce0c-4e19-9d7e-447f950d210f", "value": "donutmmm@tutanota.com" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1529316530", "to_ids": false, "type": "text", "uuid": "5b2784aa-adb0-444f-8bff-9f6f950d210f", "value": "S!Ri found a new ransomware called Donut that appends the .donut extension and uses the email donutmmm@tutanota.com.", "Tag": [ { "colour": "#00223b", "name": "osint:source-type=\"blog-post\"" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "4", "timestamp": "1529316415", "uuid": "5b27843f-ca3c-48c7-8af0-4c29950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1529316415", "to_ids": false, "type": "text", "uuid": "5b27843f-9a24-4869-bfb7-4509950d210f", "value": "#Ransomware Donut E76ECA2F7D0450C84417A8AC242B424C .donut donutmmm@tutanota.com" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1529316415", "to_ids": false, "type": "text", "uuid": "5b27843f-1490-410d-b455-49a8950d210f", "value": "Twitter" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1529316415", "to_ids": true, "type": "url", "uuid": "5b27843f-c050-4923-8097-41a4950d210f", "value": "https://twitter.com/siri_urz/status/1005438610806583296" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "creation-date", "timestamp": "1529316416", "to_ids": false, "type": "datetime", "uuid": "5b278440-040c-4dbf-b857-4426950d210f", "value": "2018-06-09T00:00:00" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1529316416", "to_ids": false, "type": "text", "uuid": "5b278440-8e0c-4ddb-a2a3-40a1950d210f", "value": "@siri_urz" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1529316473", "uuid": "5b278479-f028-47e9-abfa-207f950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1529316473", "to_ids": true, "type": "md5", "uuid": "5b278479-09b4-4836-96a3-207f950d210f", "value": "e76eca2f7d0450c84417a8ac242b424c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "state", "timestamp": "1529316474", "to_ids": false, "type": "text", "uuid": "5b27847a-4d2c-491e-a1c7-207f950d210f", "value": "Malicious" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "11", "timestamp": "1529324465", "uuid": "b673d3aa-4fc7-4820-81cb-2f2a6182d627", "ObjectReference": [ { "comment": "", "object_uuid": "b673d3aa-4fc7-4820-81cb-2f2a6182d627", "referenced_uuid": "8c4f5afe-91b2-4a24-a417-b06dbf115f12", "relationship_type": "analysed-with", "timestamp": "1529324468", "uuid": "5b27a3b4-1dd8-4fe9-8b0e-4b4702de0b81" } ], "Attribute": [] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1529324465", "uuid": "8c4f5afe-91b2-4a24-a417-b06dbf115f12", "Attribute": [] } ] } }