adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/58e743e1-3008-4198-a310-4c82950d210f.json

217 lines
No EOL
7.1 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-04-05",
"extends_uuid": "",
"info": "OSINT - Off-the-shelf Ransomware Used to Target the Healthcare Sector",
"publish_timestamp": "1491560447",
"published": true,
"threat_level_id": "3",
"timestamp": "1491560428",
"uuid": "58e743e1-3008-4198-a310-4c82950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560407",
"to_ids": false,
"type": "link",
"uuid": "58e743f1-872c-4a07-bbfd-4cdd950d210f",
"value": "https://blogs.forcepoint.com/security-labs/shelf-ransomware-used-target-healthcare-sector",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Network activity",
"comment": "Download links",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560331",
"to_ids": true,
"type": "url",
"uuid": "58e744b0-d9c8-434f-8e60-41ae950d210f",
"value": "https://kaspersky.dattodrive.com/index.php/s/lhodbNAIcoNF6yb/download"
},
{
"category": "Network activity",
"comment": "Download links",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560331",
"to_ids": true,
"type": "url",
"uuid": "58e744b1-3374-4ccd-8bae-49d8950d210f",
"value": "http://87i03clk4zcw06uy1cv5.nl/mass/hospital/spam/payload/WINWORD.exe"
},
{
"category": "Network activity",
"comment": "Ransomware C2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560331",
"to_ids": true,
"type": "url",
"uuid": "58e744b2-3a74-46e3-a772-4ab4950d210f",
"value": "http://87i03clk4zcw06uy1cv5.nl/mass/hospital/spam/index.php"
},
{
"category": "Payload delivery",
"comment": "DOCX file",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560331",
"to_ids": true,
"type": "sha256",
"uuid": "58e744b3-c92c-4f2c-b650-4242950d210f",
"value": "0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483"
},
{
"category": "Payload delivery",
"comment": "Philadelphia",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560331",
"to_ids": true,
"type": "sha256",
"uuid": "58e744b4-8af0-4217-a0ea-49c1950d210f",
"value": "2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c",
"Tag": [
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Philadelphia - Xchecked via VT: 2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560337",
"to_ids": true,
"type": "sha1",
"uuid": "58e76791-9968-48b8-a6fb-44bf02de0b81",
"value": "448c93e79bf0741798ed99bb3108d1ceb90b6901",
"Tag": [
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "Philadelphia - Xchecked via VT: 2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560338",
"to_ids": true,
"type": "md5",
"uuid": "58e76792-8910-4731-b851-427b02de0b81",
"value": "0a380f789a882f7c4e11a1b4f87bb4fd",
"Tag": [
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "Philadelphia - Xchecked via VT: 2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560339",
"to_ids": false,
"type": "link",
"uuid": "58e76793-77e8-406c-b283-409402de0b81",
"value": "https://www.virustotal.com/file/2f5b4ad81d358d57b8076a9b432be0e41ddff729c596b5b8ce5a01039dfaac3c/analysis/1491192472/",
"Tag": [
{
"colour": "#2c4f00",
"local": false,
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "DOCX file - Xchecked via VT: 0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560340",
"to_ids": true,
"type": "sha1",
"uuid": "58e76794-df5c-430e-966c-467302de0b81",
"value": "7807eecce4b89564901caa1d3abd827f6438fcd5"
},
{
"category": "Payload delivery",
"comment": "DOCX file - Xchecked via VT: 0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560341",
"to_ids": true,
"type": "md5",
"uuid": "58e76795-6f78-481f-a454-4f9802de0b81",
"value": "9f86684abeb100455295a9a3f86e0d99"
},
{
"category": "External analysis",
"comment": "DOCX file - Xchecked via VT: 0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491560342",
"to_ids": false,
"type": "link",
"uuid": "58e76796-0eb0-4f71-8fd8-47fa02de0b81",
"value": "https://www.virustotal.com/file/0e53d65ecd1d6ae5f77500c535b8916f43a1da04b59efde63c1ca593d8363483/analysis/1491275798/"
}
]
}
}
Reference in a new issue View git blame Copy permalink