misp-circl-feed/feeds/circl/misp/582ab037-052c-483d-803c-4174950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2016-11-15",
    "extends_uuid": "",
    "info": "OSINT - Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles",
    "publish_timestamp": "1479192973",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1479192872",
    "uuid": "582ab037-052c-483d-803c-4174950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#006c6c",
        "local": false,
        "name": "ecsirt:malicious-code=\"ransomware\"",
        "relationship_type": ""
      },
      {
        "colour": "#00acd1",
        "local": false,
        "name": "veris:action:malware:variety=\"Ransomware\"",
        "relationship_type": ""
      },
      {
        "colour": "#2c4f00",
        "local": false,
        "name": "malware_classification:malware-category=\"Ransomware\"",
        "relationship_type": ""
      },
      {
        "colour": "#420053",
        "local": false,
        "name": "ms-caro-malware:malware-type=\"Ransom\"",
        "relationship_type": ""
      },
      {
        "colour": "#39b300",
        "local": false,
        "name": "enisa:nefarious-activity-abuse=\"ransomware\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192704",
        "to_ids": false,
        "type": "link",
        "uuid": "582ab080-fe34-4b1d-8239-4978950d210f",
        "value": "https://www.proofpoint.com/us/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192725",
        "to_ids": false,
        "type": "comment",
        "uuid": "582ab095-8cf8-459b-a286-425f950d210f",
        "value": "Ransomware has exploded in the last year, becoming the malware of choice for many threat actors because of its easy monetization and ease of distribution, whether via massive email campaigns or through a variety of exploit kits. Proofpoint research suggests that the number of ransomware variants has grown tenfold since December 2015. While most such malware encrypts a victim's files and demands that a ransom be paid in Bitcoins to decrypt them, Proofpoint researchers recently discovered a new variant that scrapes Skype and social media profiles for personal information while it scans files and torrents for potentially sensitive information. Instead of encrypting files, it threatens victims with fake legal proceedings if they fail to pay the ransom."
      },
      {
        "category": "Network activity",
        "comment": "5.45.86.171 \t  Browlock for IE Windows",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192807",
        "to_ids": true,
        "type": "domain",
        "uuid": "582ab0e7-bdc4-4195-b375-40b2950d210f",
        "value": "cis-criminal-report.com"
      },
      {
        "category": "Network activity",
        "comment": "Browlock for IE Windows",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192808",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "582ab0e8-98e0-4bd3-8148-4518950d210f",
        "value": "5.45.86.171"
      },
      {
        "category": "Network activity",
        "comment": "5.45.86.171 \t  Browlock for IE Windows",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192808",
        "to_ids": true,
        "type": "domain",
        "uuid": "582ab0e8-6d20-4897-8b2a-4f87950d210f",
        "value": "criminal-report.in"
      },
      {
        "category": "Network activity",
        "comment": "5.45.86.171 \t  Browlock for IE Windows",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192808",
        "to_ids": true,
        "type": "domain",
        "uuid": "582ab0e8-0b08-4854-9a4d-4f18950d210f",
        "value": "violation-report.in"
      },
      {
        "category": "Network activity",
        "comment": "78.47.134.204 \t  Intermediate Redirector/TDS",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192808",
        "to_ids": true,
        "type": "domain",
        "uuid": "582ab0e8-ecf4-49ba-9439-4b8b950d210f",
        "value": "latexfetishsex.com"
      },
      {
        "category": "Network activity",
        "comment": "Intermediate Redirector/TDS",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192809",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "582ab0e9-6444-4e74-bc0a-49cc950d210f",
        "value": "78.47.134.204"
      },
      {
        "category": "Network activity",
        "comment": "5.9.86.131 \t  Intermediate Redirector/TDS",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192809",
        "to_ids": true,
        "type": "domain",
        "uuid": "582ab0e9-0808-418b-af49-499b950d210f",
        "value": "italy-girls.mobi"
      },
      {
        "category": "Network activity",
        "comment": "Intermediate Redirector/TDS",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192809",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "582ab0e9-0a44-4930-a673-44ba950d210f",
        "value": "5.9.86.131"
      },
      {
        "category": "Network activity",
        "comment": "IP found in the Ransoc",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192809",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "582ab0e9-76dc-4b25-b066-4236950d210f",
        "value": "5.45.86.148"
      },
      {
        "category": "Payload delivery",
        "comment": "Ransoc PenaltyNotice",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192863",
        "to_ids": true,
        "type": "sha256",
        "uuid": "582ab11f-9020-4af4-994a-4b12950d210f",
        "value": "fee53dc4e165b2aa45c3e7bd100b49c367aa8b7f81757617114ff50a584a1566"
      },
      {
        "category": "Payload delivery",
        "comment": "Ransoc PenaltyNotice - Xchecked via VT: fee53dc4e165b2aa45c3e7bd100b49c367aa8b7f81757617114ff50a584a1566",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192872",
        "to_ids": true,
        "type": "sha1",
        "uuid": "582ab128-13e4-458e-a37c-414e02de0b81",
        "value": "44fd0e2d99d6ccc49db7b48d5fc49e74c54f4463"
      },
      {
        "category": "Payload delivery",
        "comment": "Ransoc PenaltyNotice - Xchecked via VT: fee53dc4e165b2aa45c3e7bd100b49c367aa8b7f81757617114ff50a584a1566",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192872",
        "to_ids": true,
        "type": "md5",
        "uuid": "582ab129-dd7c-4b36-9f3b-422e02de0b81",
        "value": "30bf1d54830eb4223f0f3e68d113ff5d"
      },
      {
        "category": "External analysis",
        "comment": "Ransoc PenaltyNotice - Xchecked via VT: fee53dc4e165b2aa45c3e7bd100b49c367aa8b7f81757617114ff50a584a1566",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1479192873",
        "to_ids": false,
        "type": "link",
        "uuid": "582ab129-58ac-41fd-9807-480502de0b81",
        "value": "https://www.virustotal.com/file/fee53dc4e165b2aa45c3e7bd100b49c367aa8b7f81757617114ff50a584a1566/analysis/1479181529/"
      }
    ]
  }
}