255 lines
No EOL
8 KiB
JSON
255 lines
No EOL
8 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2018-03-29",
|
|
"extends_uuid": "",
|
|
"info": "OSINT - Mole66 Cryptomix Ransomware Variant Released",
|
|
"publish_timestamp": "1523200204",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1523200179",
|
|
"uuid": "5ac5d6b1-3848-4918-9e42-4206950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#3b7500",
|
|
"local": "0",
|
|
"name": "circl:incident-classification=\"malware\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#ffffff",
|
|
"local": "0",
|
|
"name": "tlp:white",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#2c4f00",
|
|
"local": "0",
|
|
"name": "malware_classification:malware-category=\"Ransomware\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:ransomware=\"CryptoMix\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"local": "0",
|
|
"name": "misp-galaxy:ransomware=\"Zeta\"",
|
|
"relationship_type": ""
|
|
},
|
|
{
|
|
"colour": "#e8007d",
|
|
"local": "0",
|
|
"name": "workflow:state=\"complete\"",
|
|
"relationship_type": ""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1523200165",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5ac5d6c4-f19c-457b-9864-4f5e950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1523200166",
|
|
"to_ids": false,
|
|
"type": "comment",
|
|
"uuid": "5ac5d6df-5068-407a-98ca-4a59950d210f",
|
|
"value": "Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new Cryptomix variants a few times a month, but this time it has been almost 2 months since the previous System variant was released.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"local": "0",
|
|
"name": "osint:source-type=\"blog-post\"",
|
|
"relationship_type": ""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1522916982",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5ac5de76-ba98-41ac-b403-4f6b950d210f",
|
|
"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1523200166",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ac5de77-5a7c-421e-ab52-4a87950d210f",
|
|
"value": "_HELP_INSTRUCTIONS_.TXT"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1523200166",
|
|
"to_ids": true,
|
|
"type": "filename",
|
|
"uuid": "5ac5de77-7a00-4741-b859-48ac950d210f",
|
|
"value": "%ALLUSERSPROFILE%\\[random].exe"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1523200167",
|
|
"to_ids": true,
|
|
"type": "email-src",
|
|
"uuid": "5ac5de78-c99c-471b-a1a7-4098950d210f",
|
|
"value": "alpha2018a@aol.com"
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "File object describing a file with meta-information",
|
|
"meta-category": "file",
|
|
"name": "file",
|
|
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
|
|
"template_version": "7",
|
|
"timestamp": "1523200170",
|
|
"uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
|
|
"ObjectReference": [
|
|
{
|
|
"comment": "",
|
|
"object_uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
|
|
"referenced_uuid": "339584d7-03bd-43aa-8bee-082050d98159",
|
|
"relationship_type": "analysed-with",
|
|
"timestamp": "1523200170",
|
|
"uuid": "5aca30aa-e498-4664-91dd-637702de0b81"
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha1",
|
|
"timestamp": "1523200167",
|
|
"to_ids": true,
|
|
"type": "sha1",
|
|
"uuid": "5aca30a7-922c-43aa-87fd-637702de0b81",
|
|
"value": "f339b703192a562dde82596319e8720c30aaa5ed"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "sha256",
|
|
"timestamp": "1523200168",
|
|
"to_ids": true,
|
|
"type": "sha256",
|
|
"uuid": "5aca30a8-89c8-45dc-878c-637702de0b81",
|
|
"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
|
|
},
|
|
{
|
|
"category": "Payload delivery",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "md5",
|
|
"timestamp": "1523200168",
|
|
"to_ids": true,
|
|
"type": "md5",
|
|
"uuid": "5aca30a8-d1c4-45fe-a608-637702de0b81",
|
|
"value": "c3294c90474063dfb0d28ef8a693a6cb"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "VirusTotal report",
|
|
"meta-category": "misc",
|
|
"name": "virustotal-report",
|
|
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
|
|
"template_version": "1",
|
|
"timestamp": "1523200169",
|
|
"uuid": "339584d7-03bd-43aa-8bee-082050d98159",
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "permalink",
|
|
"timestamp": "1523200169",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5aca30a9-d1bc-423c-b3bf-637702de0b81",
|
|
"value": "https://www.virustotal.com/file/15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91/analysis/1522854946/"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": true,
|
|
"object_relation": "detection-ratio",
|
|
"timestamp": "1523200169",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5aca30a9-7168-43f7-aa66-637702de0b81",
|
|
"value": "48/67"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "last-submission",
|
|
"timestamp": "1523200169",
|
|
"to_ids": false,
|
|
"type": "datetime",
|
|
"uuid": "5aca30a9-2f54-4ac7-b884-637702de0b81",
|
|
"value": "2018-04-04T15:15:46"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |