137 lines
No EOL
4.5 KiB
JSON
137 lines
No EOL
4.5 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-08-28",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - New Nuclear BTCWare Ransomware Released",
|
|
"publish_timestamp": "1504022249",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1504013598",
|
|
"uuid": "59a516e2-a578-44e4-9689-4fe1950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"name": "type:OSINT"
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#2c4f00",
|
|
"name": "malware_classification:malware-category=\"Ransomware\""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59a5171c-2494-412d-a8db-449d950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/new-nuclear-btcware-ransomware-released/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "59a51730-937c-4441-b40b-4796950d210f",
|
|
"value": "A new variant of the BTCWare ransomware was discovered by ID-Ransomware's Michael Gillespie that appends the .[affiliate_email].nuclear extension to encrypted files. The BTCWare family of ransomware is distributed by the developers hacking into remote computers with weak passwords using Remote Desktop services. Once they are able to gain access to a computer, they will install the ransomware and encrypt the victim's files.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "59a5175b-4ce4-475f-8b98-470b950d210f",
|
|
"value": "d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "59a517b0-ee14-4ba8-a01d-499c950d210f",
|
|
"value": "Help.hta"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "59a517eb-62cc-48b3-b60c-4a26950d210f",
|
|
"value": "black.world@tuta.io"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "59a56d1a-c994-47da-bc97-1ab802de0b81",
|
|
"value": "3dcaa81e30d0fb389f95f8af114b0846b28fcc26"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "59a56d1a-09b4-4e85-9f31-1ab802de0b81",
|
|
"value": "f55f84089c903777e00194b1407df417"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1504013594",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "59a56d1a-699c-4782-a236-1ab802de0b81",
|
|
"value": "https://www.virustotal.com/file/d5397a05b745f64ab16ff921fb4571e9072b54437080bc9630047465e6b06a41/analysis/1503992287/"
|
|
}
|
|
]
|
|
}
|
|
} |