misp-circl-feed/feeds/circl/misp/58e60bd5-6874-4210-9419-533c950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-04-06",
    "extends_uuid": "",
    "info": "OSINT - LMAOxUS Ransomware: Another Case of Weaponized Open Source Ransomware",
    "publish_timestamp": "1491501592",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1491501555",
    "uuid": "58e60bd5-6874-4210-9419-533c950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#2c4f00",
        "local": false,
        "name": "malware_classification:malware-category=\"Ransomware\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": false,
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501555",
        "to_ids": false,
        "type": "link",
        "uuid": "58e60be4-3eb8-438c-b619-4e84950d210f",
        "value": "https://www.bleepingcomputer.com/news/security/lmaoxus-ransomware-another-case-of-weaponized-open-source-ransomware/",
        "Tag": [
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "Binary for first Stolich",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501496",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58e60c30-da20-46db-b6b8-193c950d210f",
        "value": "d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "Binary for LMAUxUS binary",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501496",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58e60c31-fd58-465b-8df0-193c950d210f",
        "value": "d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "Email address used in LMAOxUS ransom note",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501496",
        "to_ids": true,
        "type": "email-src",
        "uuid": "58e60c32-f300-43d9-8683-193c950d210f",
        "value": "lmfaoxus@safe-mail.net"
      },
      {
        "category": "Payload delivery",
        "comment": "Text-based ransom note",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501496",
        "to_ids": true,
        "type": "filename",
        "uuid": "58e60c33-dd44-4b36-902d-193c950d210f",
        "value": "LMAO_READ_ME.txt"
      },
      {
        "category": "Payload delivery",
        "comment": "Binary for LMAUxUS binary - Xchecked via VT: d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501501",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58e681bd-b1d4-49f1-bffe-4b7202de0b81",
        "value": "39691193f80bef53901d1f6589d66e1b35c201fa",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "Binary for LMAUxUS binary - Xchecked via VT: d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501502",
        "to_ids": true,
        "type": "md5",
        "uuid": "58e681be-7efc-4fcc-abb8-48d102de0b81",
        "value": "7083de4397b81eca6d1900133700e89c",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "Binary for LMAUxUS binary - Xchecked via VT: d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501503",
        "to_ids": false,
        "type": "link",
        "uuid": "58e681bf-904c-417e-8181-40bc02de0b81",
        "value": "https://www.virustotal.com/file/d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2/analysis/1490307927/",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "Binary for first Stolich - Xchecked via VT: d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501504",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58e681c0-bbc4-4c2f-8d97-483502de0b81",
        "value": "ce5d8e0ece4c413757aeb2671e79280d133e30ac",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "Binary for first Stolich - Xchecked via VT: d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501505",
        "to_ids": true,
        "type": "md5",
        "uuid": "58e681c1-e104-4aa3-9692-404a02de0b81",
        "value": "2de1f14d07370b9867f252c07637ab40",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "Binary for first Stolich - Xchecked via VT: d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1491501506",
        "to_ids": false,
        "type": "link",
        "uuid": "58e681c2-db90-4f5b-b88f-4f6b02de0b81",
        "value": "https://www.virustotal.com/file/d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da/analysis/1491230187/",
        "Tag": [
          {
            "colour": "#2c4f00",
            "local": false,
            "name": "malware_classification:malware-category=\"Ransomware\"",
            "relationship_type": ""
          }
        ]
      }
    ]
  }
}