misp-circl-feed/feeds/circl/misp/5b238476-4fbc-480c-9c86-48ab950d210f.json

{"Event": {"info": "OSINT - The Week in Ransomware - June 8th 2018 - CryBrazil, CryptConsole, and Magniber", "Tag": [{"colour": "#72003d", "exportable": true, "name": "workflow:todo=\"add-missing-misp-galaxy-cluster-values\""}, {"colour": "#7a0042", "exportable": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"CryBrazil\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"Magniber\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Pedcont\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"DiskDoctor\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Magniber Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"XiaoBa ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"CryptConsole\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"RedEye\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Aurora Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Fake Globe Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:malpedia=\"GlobeImposter\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"PGPSnippet Ransomware\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:ransomware=\"Spartacus Ransomware\""}, {"colour": "#d00070", "exportable": true, "name": "workflow:todo=\"additional-task\""}], "publish_timestamp": "0", "timestamp": "1540555274", "Object": [{"comment": "Scarab Ransomware variant, DiskDoctor, Ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b23a361-fe98-4450-9fb8-4703950d210f", "sharing_group_id": "0", "timestamp": "1529062241", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5b23a361-ebe4-4612-9e22-42cf950d210f", "timestamp": "1529062241", "to_ids": true, "value": "HOW TO RECOVER ENCRYPTED FILES.TXT", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5b23a361-0318-41d2-8a9e-4a94950d210f", "timestamp": "1529062241", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "XiaoBa Ransomware ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b23a3de-2368-473b-be4a-4ecb950d210f", "sharing_group_id": "0", "timestamp": "1529062366", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5b23a3de-e258-463b-9557-47c0950d210f", "timestamp": "1529062366", "to_ids": true, "value": "# # DECRYPT MY FILE # #.bmp", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5b23a3de-d278-496c-9165-42e2950d210f", "timestamp": "1529062366", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "Aurora ransomware ransomnote", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5b23a70c-cb38-42dd-a922-47b9950d210f", "sharing_group_id": "0", "timestamp": "1529063180", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5b23a70c-6f14-4bc0-9d63-4750950d210f", "timestamp": "1529063180", "to_ids": true, "value": "#RECOVERY-PC#.txt", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5b23a70c-84c8-44e8-918a-4a92950d210f", "timestamp": "1529063180", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5b23848a-10e0-4b5d-88ec-47f6950d210f", "timestamp": "1529065560", "to_ids": false, "value": "https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-june-8th-2018-crybrazil-cryptconsole-and-magniber/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5b238497-f7d8-4ab2-bfff-4520950d210f", "timestamp": "1529065567", "to_ids": false, "value": "This week we have seen a lot of CryptConsole variants, Magniber activity, and smaller variants released. Ransomware continues to decline as malware developers move toward more profitable miners and information stealing Trojans. Ransomware is not going away, but is instead moving away from mass malspam campaigns to targeted network attacks where a ransom payment may be more likely.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "comment"}, {"comment": "CryptConsole contact mail", "category": "Payload delivery", "uuid": "5b23a6f6-3a8c-4e59-9211-42a0950d210f", "timestamp": "1529063158", "to_ids": true, "value": "xser@tutanota.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "CryptConsole contact email", "category": "Payload delivery", "uuid": "5b23a946-76f4-4ae8-949e-4602950d210f", "timestamp": "1529063750", "to_ids": true, "value": "redbul@tutanota.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "CryptConsole contact email", "category": "Payload delivery", "uuid": "5b23a946-948c-4e4f-bf0c-4a44950d210f", "timestamp": "1529063750", "to_ids": true, "value": "heineken@tuta.io", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "PGPSnippet Ransomware contact email", "category": "Payload delivery", "uuid": "5b23ab64-dad0-40fd-a7f8-18a9950d210f", "timestamp": "1529064292", "to_ids": true, "value": "digiworldhack@tutanota.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Spartacus ransomware contact email", "category": "Payload delivery", "uuid": "5b23acf4-92f8-423f-9fcd-43bc950d210f", "timestamp": "1529064692", "to_ids": true, "value": "example@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Spartacus ransomware contact email", "category": "Payload delivery", "uuid": "5b23acf5-e9b0-49b6-924a-4b28950d210f", "timestamp": "1529064693", "to_ids": true, "value": "example1@gmail.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "", "category": "Other", "uuid": "5bd301b9-461c-4001-8aa4-4122950d210f", "timestamp": "1540555274", "to_ids": false, "value": "Missing cluster : Ransomware>Princess Ransomware", "Tag": [{"colour": "#d00070", "exportable": true, "name": "workflow:todo=\"additional-task\""}], "disable_correlation": false, "object_relation": null, "type": "comment"}], "extends_uuid": "", "published": false, "date": "2018-06-08", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5b238476-4fbc-480c-9c86-48ab950d210f"}}