adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a8aea46-0ad4-4b8a-9cfd-445b950d210f.json

400 lines
No EOL
13 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2018-01-29",
"extends_uuid": "",
"info": "OSINT - GandCrab Ransomware Distributed by Exploit Kits, Appends GDCB Extension",
"publish_timestamp": "1519121276",
"published": true,
"threat_level_id": "3",
"timestamp": "1519121264",
"uuid": "5a8aea46-0ad4-4b8a-9cfd-445b950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
},
{
"colour": "#75003f",
"local": false,
"name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121248",
"to_ids": false,
"type": "link",
"uuid": "5a8aea94-20d8-420b-a52b-4155950d210f",
"value": "https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-distributed-by-exploit-kits-appends-gdcb-extension/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121249",
"to_ids": true,
"type": "filename",
"uuid": "5a8aebb2-8d38-4b51-8a0f-49bf950d210f",
"value": "bleepingcomputer.bit"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121249",
"to_ids": true,
"type": "filename",
"uuid": "5a8aebb3-46cc-4143-bc91-4a17950d210f",
"value": "nomoreransom.bit"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121250",
"to_ids": true,
"type": "filename",
"uuid": "5a8aebb3-909c-4690-9520-4e50950d210f",
"value": "esetnod32.bit"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121250",
"to_ids": true,
"type": "filename",
"uuid": "5a8aebb3-6b9c-4da9-b7d7-4c08950d210f",
"value": "emsisoft.bit"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121250",
"to_ids": true,
"type": "filename",
"uuid": "5a8aebb4-97e8-480d-be52-4cd7950d210f",
"value": "gandcrab.bit"
},
{
"category": "Payload delivery",
"comment": "ransomnote",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121251",
"to_ids": true,
"type": "filename",
"uuid": "5a8aec25-f770-4bdf-a543-4f23950d210f",
"value": "GDCB-DECRYPT.txt"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519053876",
"to_ids": true,
"type": "md5",
"uuid": "5a8aec34-8204-4027-9e22-4d3c950d210f",
"value": "aedf80c426fb649bb258e430a3830d85"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519053876",
"to_ids": true,
"type": "md5",
"uuid": "5a8aec34-1638-4675-872a-4e64950d210f",
"value": "6866d8d8bf8565d94e0e1479978cf1e5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519053877",
"to_ids": true,
"type": "md5",
"uuid": "5a8aec35-1e64-4c86-b38d-4890950d210f",
"value": "379e149517f4119f2edb9676ec456ed4"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1519121251",
"to_ids": false,
"type": "comment",
"uuid": "5a8bd3ad-2570-4490-bfe3-4ec0950d210f",
"value": "A new ransomware called GandCrab was released towards the end of last week that is currently being distributed via exploit kits. GandCrab has some interesting features not seen before in a ransomware, such as being the first to accept the DASH currency and the first to utilize the Namecoin powered .BIT tld.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1519121257",
"uuid": "fdc7c223-2171-45ac-b03d-9aaf289e0612",
"ObjectReference": [
{
"comment": "",
"object_uuid": "fdc7c223-2171-45ac-b03d-9aaf289e0612",
"referenced_uuid": "7c7e6c58-6dbb-4189-982d-3aa8636c352f",
"relationship_type": "analysed-with",
"timestamp": "1519121259",
"uuid": "5a8bf36b-84b4-4d90-becf-48e002de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1519121254",
"to_ids": true,
"type": "sha1",
"uuid": "5a8bf366-44d8-41b4-be9d-464902de0b81",
"value": "2245bd90b753b7fd29b7218a0ef50435c64f8767"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1519121255",
"to_ids": true,
"type": "sha256",
"uuid": "5a8bf367-ea98-415f-ac9e-466802de0b81",
"value": "3e2e881ec6fcfb6329cad95c15de4a90aef1032550176c7c7729c0a0e383c615"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1519121255",
"to_ids": true,
"type": "md5",
"uuid": "5a8bf367-cf20-4ee9-bc10-4dfe02de0b81",
"value": "6866d8d8bf8565d94e0e1479978cf1e5"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1519121255",
"uuid": "7c7e6c58-6dbb-4189-982d-3aa8636c352f",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1519121255",
"to_ids": false,
"type": "link",
"uuid": "5a8bf367-52dc-44ee-9641-4b8a02de0b81",
"value": "https://www.virustotal.com/file/3e2e881ec6fcfb6329cad95c15de4a90aef1032550176c7c7729c0a0e383c615/analysis/1518976209/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1519121256",
"to_ids": false,
"type": "text",
"uuid": "5a8bf368-5744-4b42-9759-444302de0b81",
"value": "55/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1519121256",
"to_ids": false,
"type": "datetime",
"uuid": "5a8bf368-c0ac-437c-b853-431f02de0b81",
"value": "2018-02-18T17:50:09"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1519121260",
"uuid": "cd7071df-c409-4094-968c-c3c144a2a380",
"ObjectReference": [
{
"comment": "",
"object_uuid": "cd7071df-c409-4094-968c-c3c144a2a380",
"referenced_uuid": "1317f7cd-64b0-471b-be2d-fc2cd3fd851b",
"relationship_type": "analysed-with",
"timestamp": "1519121259",
"uuid": "5a8bf36b-bbfc-4294-b2bb-4bed02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1519121257",
"to_ids": true,
"type": "sha1",
"uuid": "5a8bf369-1e34-4201-b10c-421902de0b81",
"value": "0876ad729d79da65ed4e72966d9f9d209394ebfa"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1519121257",
"to_ids": true,
"type": "sha256",
"uuid": "5a8bf369-074c-4c57-8e9f-417c02de0b81",
"value": "03d68025f52d0930a99a67264a3ddad43d0a8bc9ffa0503e603311a43da1ca28"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1519121258",
"to_ids": true,
"type": "md5",
"uuid": "5a8bf36a-1080-41c3-ae9a-41c202de0b81",
"value": "aedf80c426fb649bb258e430a3830d85"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1519121258",
"uuid": "1317f7cd-64b0-471b-be2d-fc2cd3fd851b",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1519121258",
"to_ids": false,
"type": "link",
"uuid": "5a8bf36a-16d0-4cb0-a81e-4c2f02de0b81",
"value": "https://www.virustotal.com/file/03d68025f52d0930a99a67264a3ddad43d0a8bc9ffa0503e603311a43da1ca28/analysis/1518976703/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1519121259",
"to_ids": false,
"type": "text",
"uuid": "5a8bf36b-fd30-42a3-b727-4db202de0b81",
"value": "49/68"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1519121259",
"to_ids": false,
"type": "datetime",
"uuid": "5a8bf36b-b100-45cf-8bdb-40ee02de0b81",
"value": "2018-02-18T17:58:23"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink