1 line
No EOL
4 KiB
JSON
1 line
No EOL
4 KiB
JSON
{"Event": {"info": "OSINT - Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code", "Tag": [{"colour": "#2c4f00", "exportable": true, "name": "malware_classification:malware-category=\"Ransomware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}], "publish_timestamp": "0", "timestamp": "1557210146", "Object": [{"comment": "", "template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46", "uuid": "5cd02519-04f4-4ea7-9e04-d279950d210f", "sharing_group_id": "0", "timestamp": "1557144857", "description": "An address used in a cryptocurrency", "template_version": "4", "Attribute": [{"comment": "", "category": "Financial fraud", "uuid": "5cd02519-af18-485c-9492-d279950d210f", "timestamp": "1557144857", "to_ids": true, "value": "1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA", "disable_correlation": false, "object_relation": "address", "type": "btc"}, {"comment": "", "category": "Other", "uuid": "5cd02519-d1ac-4e5b-83d4-d279950d210f", "timestamp": "1557144857", "to_ids": false, "value": "BTC", "disable_correlation": true, "object_relation": "symbol", "type": "text"}], "distribution": "5", "meta-category": "financial", "name": "coin-address"}], "analysis": "0", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5cd023ae-1230-4bf2-810a-9a7b950d210f", "timestamp": "1557144494", "to_ids": false, "value": "https://brica.de/alerts/alert/public/1257622/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5cd023ae-72c0-4b5c-9ba6-9a7b950d210f", "timestamp": "1557144494", "to_ids": false, "value": "https://www.theregister.co.uk/AMP/2019/05/03/git_ransomware_bitcoin/?utm_source=share&utm_medium=ios_app", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5cd023ae-a600-46e5-b1b9-9a7b950d210f", "timestamp": "1557144494", "to_ids": false, "value": "https://security.stackexchange.com/questions/209448/gitlab-account-hacked-and-repo-wiped", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5cd023ae-f948-45bf-8d88-9a7b950d210f", "timestamp": "1557144494", "to_ids": false, "value": "https://au.pcmag.com/news-1/61982/hacker-tries-to-ransom-github-code-repositories-for-bitcoin", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5cd023ae-6f54-4d56-ac08-9a7b950d210f", "timestamp": "1557144494", "to_ids": false, "value": "https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "5cd0253b-cc70-40ec-bb1c-bdd1950d210f", "timestamp": "1557144891", "to_ids": true, "value": "admin@gitsbackup.com", "disable_correlation": false, "object_relation": null, "type": "email-src"}, {"comment": "Ransomnote", "category": "Artifacts dropped", "uuid": "5cd0268d-a704-4d9b-99df-cbbf950d210f", "timestamp": "1557145229", "to_ids": false, "value": "To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by Email at admin@gitsbackup.com with your Git login and a Proof of Payment. If you are unsure if we have your data, contact us and we will send you a proof. Your code is downloaded and backed up on our servers. If we dont receive your payment in the next 10 Days, we will make your code public or use them otherwise.", "disable_correlation": false, "object_relation": null, "type": "text"}], "extends_uuid": "", "published": false, "date": "2019-05-03", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5cd01261-afe0-4ce0-b11a-45f9950d210f"}} |