{"Event": {"info": "OSINT - The Week in Ransomware - June 15th 2018 - DBGer, Scarab, and More", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Donut\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"NemeS1S Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Paradise Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"B2DR Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Scarab\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"YYTO Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Xorist\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"DBGer Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Unnamed ramsomware 2\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Everbe Ransomware\""}], "publish_timestamp": "0", "timestamp": "1537775242", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5b27bc4b-aaf8-4f92-ac83-49c5950d210f", "timestamp": "1529330776", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-15th-2018-dbger-scarab-and-more/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "B2DR Ransomware Ransomnote", "category": "Payload delivery", "uuid": "5b27bc9a-f144-45a4-bd58-c52c950d210f", "timestamp": "1529330842", "to_ids": true, "value": "ScrewYou.txt", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "YYTO Ransomware", "category": "Payload delivery", "uuid": "5b28a8be-3360-4a66-93b5-493f950d210f", "timestamp": "1529391324", "to_ids": true, "value": "codyprince92@mail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "YYTO Ransomware", "category": "Network activity", "uuid": "5b28a8be-4208-4cc4-88d6-44ad950d210f", "timestamp": "1529391324", "to_ids": true, "value": "https://www.torproject.org/download/download-easy.html.en", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "YYTO Ransomware", "category": "Network activity", "uuid": "5b28a8bf-8898-4434-ab42-4719950d210f", "timestamp": "1529391324", "to_ids": true, "value": "torbox3uiot6wchz.onion", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "YYTO Ransomware", "category": "Payload delivery", "uuid": "5b28a8bf-cd38-4eb7-982c-4630950d210f", "timestamp": "1529391324", "to_ids": true, "value": "codyprince@torbox3uiot6wchz.onion", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "B2DR Ransomware", "category": "Payload delivery", "uuid": "5b28b323-83e4-4492-a760-4f4e950d210f", "timestamp": "1529393955", "to_ids": true, "value": "ssananunak1987@protonmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "B2DR Ransomware", "category": "Payload delivery", "uuid": "5b28b324-f6ec-47e8-a3a6-4e10950d210f", "timestamp": "1529393956", "to_ids": true, "value": "ssananunak1987@torbox3uiot6wchz.onion", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Everbe", "category": "Payload delivery", "uuid": "5b28cc3c-df58-41f5-8416-4134950d210f", "timestamp": "1529400380", "to_ids": true, "value": "everbe@airmail.cc", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Everbe", "category": "Payload delivery", "uuid": "5b28cc3c-05d0-4539-8e15-4116950d210f", "timestamp": "1529400380", "to_ids": true, "value": "!=How_recovery_files=!.txt", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Scarab ransomware", "category": "Payload delivery", "uuid": "5b28cea4-fab4-46e5-b593-4efb950d210f", "timestamp": "1529400996", "to_ids": true, "value": "mr.leen@protonmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Scarab ransomware", "category": "Payload delivery", "uuid": "5b28cea5-0318-42a6-b336-49bc950d210f", "timestamp": "1529400997", "to_ids": true, "value": "INSTRUCTIONS FOR RESTORING FILES.TXT", "disable_correlation": false, "object_relation": null, "type": "filename"}], "extends_uuid": "", "published": false, "date": "2018-06-15", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5b27bbde-0ba0-4bd3-ad7d-469c950d210f"}}