adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5ad059f5-b418-43bc-a901-7c4a950d210f.json

847 lines
No EOL
29 KiB
JSON
Raw Permalink Blame History

{
"Event": {
"analysis": "2",
"date": "2017-10-18",
"extends_uuid": "",
"info": "OSINT - Goodbye Cerber? Hello Magniber Ransomware!",
"publish_timestamp": "1523865222",
"published": true,
"threat_level_id": "3",
"timestamp": "1523865207",
"uuid": "5ad059f5-b418-43bc-a901-7c4a950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": false,
"name": "misp-galaxy:ransomware=\"Magniber Ransomware\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862920",
"to_ids": false,
"type": "link",
"uuid": "5ad05a06-0f9c-4d18-8d45-7ebd950d210f",
"value": "https://www.bleepingcomputer.com/news/security/goodbye-cerber-hello-magniber-ransomware/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862920",
"to_ids": false,
"type": "comment",
"uuid": "5ad05b4f-4c78-4381-975d-7ebe950d210f",
"value": "Magniber is a new ransomware being distributed by the Magnitude Exploit Kit that appears to be the successor to the Cerber Ransomware. While many aspects of the Magniber Ransomware are different than Cerber, the payment system and the files it encrypts are very similar.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523605052",
"to_ids": true,
"type": "sha256",
"uuid": "5ad05e3c-6574-49c4-a873-7310950d210f",
"value": "2e6f9a48d854add9f895a3737fa5fcc9d38d082466765e550cca2dc47a10618e"
},
{
"category": "Network activity",
"comment": "Payment Site",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862920",
"to_ids": true,
"type": "domain",
"uuid": "5ad061ac-07c0-46fe-baed-7c4a950d210f",
"value": "ofotqrmsrdc6c3rz.onion"
},
{
"category": "Network activity",
"comment": "C2 - pattern",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862921",
"to_ids": false,
"type": "domain",
"uuid": "5ad061ee-72fc-47c4-b09f-730a950d210f",
"value": "bankme.date"
},
{
"category": "Network activity",
"comment": "C2 - pattern",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862921",
"to_ids": false,
"type": "domain",
"uuid": "5ad061ee-82b0-4abc-a13e-730a950d210f",
"value": "jobsnot.services"
},
{
"category": "Network activity",
"comment": "C2 - pattern",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862922",
"to_ids": false,
"type": "domain",
"uuid": "5ad061ee-932c-4887-8e64-730a950d210f",
"value": "carefit.agency"
},
{
"category": "Network activity",
"comment": "C2 - pattern",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523862922",
"to_ids": false,
"type": "domain",
"uuid": "5ad061ee-87ec-4ebe-8564-730a950d210f",
"value": "hotdisk.world"
}
],
"Object": [
{
"comment": "c2",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523608381",
"uuid": "5ad06b3d-20b8-4ff8-8190-7d03950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523609258",
"to_ids": false,
"type": "text",
"uuid": "5ad06b3d-4230-48f8-9bd8-7d03950d210f",
"value": "hostname"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523608381",
"to_ids": false,
"type": "text",
"uuid": "5ad06b3d-0c10-442f-b760-7d03950d210f",
"value": "[victim_id].bankme.date"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523608382",
"to_ids": false,
"type": "text",
"uuid": "5ad06b3e-3bb8-4dae-949e-7d03950d210f",
"value": "PCRE"
}
]
},
{
"comment": "c2",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523608923",
"uuid": "5ad06d5b-4948-403b-84e5-71e2950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523608924",
"to_ids": false,
"type": "text",
"uuid": "5ad06d5c-7f48-450b-a85f-71e2950d210f",
"value": "hostname"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523608924",
"to_ids": false,
"type": "text",
"uuid": "5ad06d5c-50c0-418e-8aaa-71e2950d210f",
"value": "[victim_id].jobsnot.services"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523608924",
"to_ids": false,
"type": "text",
"uuid": "5ad06d5c-e4c0-41af-84d8-71e2950d210f",
"value": "PCRE"
}
]
},
{
"comment": "c2",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523609010",
"uuid": "5ad06db2-b1f8-4643-8dc4-71e2950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523609010",
"to_ids": false,
"type": "text",
"uuid": "5ad06db2-aea4-4927-b6f3-71e2950d210f",
"value": "hostname"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523609011",
"to_ids": false,
"type": "text",
"uuid": "5ad06db3-0498-4e9a-97cd-71e2950d210f",
"value": "[victim_id].carefit.agency"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523609011",
"to_ids": false,
"type": "text",
"uuid": "5ad06db3-8f90-4577-bcfc-71e2950d210f",
"value": "PCRE"
}
]
},
{
"comment": "c2",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523609131",
"uuid": "5ad06e2b-d768-4900-bdaf-7105950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523609132",
"to_ids": false,
"type": "text",
"uuid": "5ad06e2c-329c-4cfa-8e7e-7105950d210f",
"value": "hostname"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523609132",
"to_ids": false,
"type": "text",
"uuid": "5ad06e2c-6bb4-481c-9cc9-7105950d210f",
"value": "[victim_id].hotdisk.world"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523609132",
"to_ids": false,
"type": "text",
"uuid": "5ad06e2c-4ce4-4a24-bf1e-7105950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523610687",
"uuid": "5ad0743f-291c-4371-a8b7-a2c7950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523610687",
"to_ids": false,
"type": "text",
"uuid": "5ad0743f-bf28-435c-a5ed-a2c7950d210f",
"value": "filename"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523610688",
"to_ids": false,
"type": "text",
"uuid": "5ad07440-8f68-4879-99dc-a2c7950d210f",
"value": "%Temp%\\[extension].exe"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523610688",
"to_ids": false,
"type": "text",
"uuid": "5ad07440-8c70-4537-9272-a2c7950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523610717",
"uuid": "5ad0745d-b16c-43e3-af6a-7103950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523610718",
"to_ids": false,
"type": "text",
"uuid": "5ad0745e-1340-4143-b76c-7103950d210f",
"value": "filename"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523610718",
"to_ids": false,
"type": "text",
"uuid": "5ad0745e-676c-404a-9ee9-7103950d210f",
"value": "%Temp%\\[victim_id].[extension]"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523610719",
"to_ids": false,
"type": "text",
"uuid": "5ad0745f-c71c-4fdb-8532-7103950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523610740",
"uuid": "5ad07474-6b50-4622-a197-7ebd950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523610740",
"to_ids": false,
"type": "text",
"uuid": "5ad07474-dd24-480f-bc42-7ebd950d210f",
"value": "filename"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523610740",
"to_ids": false,
"type": "text",
"uuid": "5ad07474-9e4c-40d7-a1c8-7ebd950d210f",
"value": "READ_ME_FOR_DECRYPT_[victim_id]_.txt"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523610741",
"to_ids": false,
"type": "text",
"uuid": "5ad07475-b838-4008-a1e9-7ebd950d210f",
"value": "PCRE"
}
]
},
{
"comment": "personal page",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523610847",
"uuid": "5ad074df-efc0-4a3d-a21c-a35f950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523610847",
"to_ids": false,
"type": "text",
"uuid": "5ad074df-e2a8-4811-b5b9-a35f950d210f",
"value": "url"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523610848",
"to_ids": false,
"type": "text",
"uuid": "5ad074e0-ecf8-4fa9-b0c5-a35f950d210f",
"value": "http://[victim_id].ofotqrmsrdc6c3rz.onion/EP866p5M93wDS513"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523610848",
"to_ids": false,
"type": "text",
"uuid": "5ad074e0-9b60-4cf3-a5ad-a35f950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523610895",
"uuid": "5ad0750f-5048-4873-a2c3-4a7e950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523610895",
"to_ids": false,
"type": "text",
"uuid": "5ad0750f-0d14-42a6-be72-499c950d210f",
"value": "url"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523610896",
"to_ids": false,
"type": "text",
"uuid": "5ad07510-4254-4007-8cde-4843950d210f",
"value": "http://[victim_id].bankme.date/EP866p5M93wDS513"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523610896",
"to_ids": false,
"type": "text",
"uuid": "5ad07510-de88-41dd-ab02-4b13950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523610940",
"uuid": "5ad0753c-a3dc-48b9-9020-7ebd950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523610940",
"to_ids": false,
"type": "text",
"uuid": "5ad0753c-4cf0-4101-8d26-7ebd950d210f",
"value": "url"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523610940",
"to_ids": false,
"type": "text",
"uuid": "5ad0753c-974c-4cda-bce8-7ebd950d210f",
"value": "http://[victim_id].jobsnot.services/EP866p5M93wDS513"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523610941",
"to_ids": false,
"type": "text",
"uuid": "5ad0753d-fba4-4d17-b31e-7ebd950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523610983",
"uuid": "5ad07567-af78-4892-86e8-4cb8950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523610984",
"to_ids": false,
"type": "text",
"uuid": "5ad07568-782c-4ba4-8fac-49a5950d210f",
"value": "url"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523610984",
"to_ids": false,
"type": "text",
"uuid": "5ad07568-d274-478b-a229-4c67950d210f",
"value": "http://[victim_id].carefit.agency/EP866p5M93wDS513"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523610985",
"to_ids": false,
"type": "text",
"uuid": "5ad07569-c344-41d4-87d1-433f950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "An object describing a regular expression (regex or regexp). The object can be linked via a relationship to other attributes or objects to describe how it can be represented as a regular expression.",
"meta-category": "misc",
"name": "regexp",
"template_uuid": "ceffad66-71e5-4e20-9370-1b3fb694c648",
"template_version": "3",
"timestamp": "1523611009",
"uuid": "5ad07581-3b9c-4e94-b6eb-7323950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "type",
"timestamp": "1523611009",
"to_ids": false,
"type": "text",
"uuid": "5ad07581-bfc0-42c0-9b04-7323950d210f",
"value": "url"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "regexp",
"timestamp": "1523611010",
"to_ids": false,
"type": "text",
"uuid": "5ad07582-d124-456a-9d89-7323950d210f",
"value": "http://[victim_id].hotdisk.world/EP866p5M93wDS513"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "regexp-type",
"timestamp": "1523611010",
"to_ids": false,
"type": "text",
"uuid": "5ad07582-aef8-4138-aced-7323950d210f",
"value": "PCRE"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1523862925",
"uuid": "54409a9c-5223-45fe-a1ef-961fbf04376e",
"ObjectReference": [
{
"comment": "",
"object_uuid": "54409a9c-5223-45fe-a1ef-961fbf04376e",
"referenced_uuid": "13173e52-49f5-4574-8a1e-405f28c276d9",
"relationship_type": "analysed-with",
"timestamp": "1523862925",
"uuid": "5ad44d8d-1570-45e5-bb63-44e602de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1523862922",
"to_ids": true,
"type": "md5",
"uuid": "5ad44d8a-771c-4c91-b38a-4a5b02de0b81",
"value": "59ef984c16a5c1723d9958fbeb1b7450"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1523862923",
"to_ids": true,
"type": "sha1",
"uuid": "5ad44d8b-6898-4c69-88ef-4b2302de0b81",
"value": "a7bcd0188e3fd0f16226ab44477a04662a5c5450"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1523862923",
"to_ids": true,
"type": "sha256",
"uuid": "5ad44d8b-3d84-41b1-b89c-4a8f02de0b81",
"value": "2e6f9a48d854add9f895a3737fa5fcc9d38d082466765e550cca2dc47a10618e"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1523862924",
"uuid": "13173e52-49f5-4574-8a1e-405f28c276d9",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1523862924",
"to_ids": false,
"type": "datetime",
"uuid": "5ad44d8c-5588-4838-95c8-4dfe02de0b81",
"value": "2018-03-26T17:29:48"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1523862924",
"to_ids": false,
"type": "link",
"uuid": "5ad44d8c-a0e8-4a89-b42a-436b02de0b81",
"value": "https://www.virustotal.com/file/2e6f9a48d854add9f895a3737fa5fcc9d38d082466765e550cca2dc47a10618e/analysis/1522085388/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1523862925",
"to_ids": false,
"type": "text",
"uuid": "5ad44d8d-758c-4cdc-a4e9-453a02de0b81",
"value": "56/66"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink