misp-circl-feed/feeds/circl/misp/58e60bd5-6874-4210-9419-533c950d210f.json

212 lines
No EOL
6.9 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2017-04-06",
"extends_uuid": "",
"info": "OSINT - LMAOxUS Ransomware: Another Case of Weaponized Open Source Ransomware",
"publish_timestamp": "1491501592",
"published": true,
"threat_level_id": "3",
"timestamp": "1491501555",
"uuid": "58e60bd5-6874-4210-9419-533c950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#004646",
"name": "type:OSINT"
},
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501555",
"to_ids": false,
"type": "link",
"uuid": "58e60be4-3eb8-438c-b619-4e84950d210f",
"value": "https://www.bleepingcomputer.com/news/security/lmaoxus-ransomware-another-case-of-weaponized-open-source-ransomware/",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
}
]
},
{
"category": "Payload delivery",
"comment": "Binary for first Stolich",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501496",
"to_ids": true,
"type": "sha256",
"uuid": "58e60c30-da20-46db-b6b8-193c950d210f",
"value": "d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
},
{
"category": "Payload delivery",
"comment": "Binary for LMAUxUS binary",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501496",
"to_ids": true,
"type": "sha256",
"uuid": "58e60c31-fd58-465b-8df0-193c950d210f",
"value": "d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
},
{
"category": "Payload delivery",
"comment": "Email address used in LMAOxUS ransom note",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501496",
"to_ids": true,
"type": "email-src",
"uuid": "58e60c32-f300-43d9-8683-193c950d210f",
"value": "lmfaoxus@safe-mail.net"
},
{
"category": "Payload delivery",
"comment": "Text-based ransom note",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501496",
"to_ids": true,
"type": "filename",
"uuid": "58e60c33-dd44-4b36-902d-193c950d210f",
"value": "LMAO_READ_ME.txt"
},
{
"category": "Payload delivery",
"comment": "Binary for LMAUxUS binary - Xchecked via VT: d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501501",
"to_ids": true,
"type": "sha1",
"uuid": "58e681bd-b1d4-49f1-bffe-4b7202de0b81",
"value": "39691193f80bef53901d1f6589d66e1b35c201fa",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
},
{
"category": "Payload delivery",
"comment": "Binary for LMAUxUS binary - Xchecked via VT: d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501502",
"to_ids": true,
"type": "md5",
"uuid": "58e681be-7efc-4fcc-abb8-48d102de0b81",
"value": "7083de4397b81eca6d1900133700e89c",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
},
{
"category": "External analysis",
"comment": "Binary for LMAUxUS binary - Xchecked via VT: d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501503",
"to_ids": false,
"type": "link",
"uuid": "58e681bf-904c-417e-8181-40bc02de0b81",
"value": "https://www.virustotal.com/file/d0d16bb28ed263038358db5c1ae784c43d6ea7993118cf390cb2e7a7466969c2/analysis/1490307927/",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
},
{
"category": "Payload delivery",
"comment": "Binary for first Stolich - Xchecked via VT: d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501504",
"to_ids": true,
"type": "sha1",
"uuid": "58e681c0-bbc4-4c2f-8d97-483502de0b81",
"value": "ce5d8e0ece4c413757aeb2671e79280d133e30ac",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
},
{
"category": "Payload delivery",
"comment": "Binary for first Stolich - Xchecked via VT: d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501505",
"to_ids": true,
"type": "md5",
"uuid": "58e681c1-e104-4aa3-9692-404a02de0b81",
"value": "2de1f14d07370b9867f252c07637ab40",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
},
{
"category": "External analysis",
"comment": "Binary for first Stolich - Xchecked via VT: d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da",
"deleted": false,
"disable_correlation": false,
"timestamp": "1491501506",
"to_ids": false,
"type": "link",
"uuid": "58e681c2-db90-4f5b-b88f-4f6b02de0b81",
"value": "https://www.virustotal.com/file/d3a00a1101f2fa37b0b01bbee1b3c7f683ccf27fa224611721a863573d6e99da/analysis/1491230187/",
"Tag": [
{
"colour": "#2c4f00",
"name": "malware_classification:malware-category=\"Ransomware\""
}
]
}
]
}
}