199 lines
No EOL
6.1 KiB
JSON
199 lines
No EOL
6.1 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2017-11-17",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - 0000 Cryptomix Ransomware Variant Released",
|
|
"publish_timestamp": "1511380245",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1511360400",
|
|
"uuid": "5a142fcd-cb4c-4b8b-99c5-0efd950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#004646",
|
|
"local": "0",
|
|
"name": "type:OSINT",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#2c4f00",
|
|
"local": "0",
|
|
"name": "malware_classification:malware-category=\"Ransomware\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:ransomware=\"CryptoMix\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5a14304e-d2f4-4c56-aefa-0e94950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/0000-cryptomix-ransomware-variant-released/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "5a14322a-c1fc-4da1-a612-531a950d210f",
|
|
"value": "Yesterday, MalwareHunterTeam discovered another variant of the CryptoMix ransomware, which puts it at two releases of new variants this week. This variant appends the .0000 extension to encrypted files and changes the contact emails used by the ransomware.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "5a143471-8128-4796-8508-52fe950d210f",
|
|
"value": "y0000@tuta.io"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "5a143472-2628-4ccc-8568-52fe950d210f",
|
|
"value": "y0000@protonmail.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "5a143472-6984-4ba2-8331-52fe950d210f",
|
|
"value": "y0000z@yandex.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "5a143472-b188-4823-943a-52fe950d210f",
|
|
"value": "y0000s@yandex.com"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ransomnote",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5a143472-a184-4a18-9349-52fe950d210f",
|
|
"value": "_HELP_INSTRUCTION.TXT"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "Ransomnote",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5a143472-7340-4b78-b95a-52fe950d210f",
|
|
"value": "%ALLUSERSPROFILE%\\[random].exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5a143472-cc54-4e2c-903c-52fe950d210f",
|
|
"value": "7bbd1d047b5cb3d7f073e3a5cfbf81cdb8fee970fe62ee4135f56e68245eba2f"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 7bbd1d047b5cb3d7f073e3a5cfbf81cdb8fee970fe62ee4135f56e68245eba2f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5a15878a-c77c-469b-ae6a-434402de0b81",
|
|
"value": "0b79a93d4a57cfd2d1f9d328c90e04136edd80c0"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "- Xchecked via VT: 7bbd1d047b5cb3d7f073e3a5cfbf81cdb8fee970fe62ee4135f56e68245eba2f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5a15878a-e380-4c76-98e8-45b402de0b81",
|
|
"value": "7f3f613651f070bca3e212ecddf84e1f"
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "- Xchecked via VT: 7bbd1d047b5cb3d7f073e3a5cfbf81cdb8fee970fe62ee4135f56e68245eba2f",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1511360394",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5a15878a-da1c-45e1-a2a8-450202de0b81",
|
|
"value": "https://www.virustotal.com/file/7bbd1d047b5cb3d7f073e3a5cfbf81cdb8fee970fe62ee4135f56e68245eba2f/analysis/1511335852/"
|
|
}
|
|
]
|
|
}
|
|
} |