misp-circl-feed/feeds/circl/misp/5ac5d6b1-3848-4918-9e42-4206950d210f.json

255 lines
No EOL
8 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2018-03-29",
"extends_uuid": "",
"info": "OSINT - Mole66 Cryptomix Ransomware Variant Released",
"publish_timestamp": "1523200204",
"published": true,
"threat_level_id": "3",
"timestamp": "1523200179",
"uuid": "5ac5d6b1-3848-4918-9e42-4206950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#3b7500",
"local": "0",
"name": "circl:incident-classification=\"malware\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#2c4f00",
"local": "0",
"name": "malware_classification:malware-category=\"Ransomware\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:ransomware=\"CryptoMix\"",
"relationship_type": ""
},
{
"colour": "#0088cc",
"local": "0",
"name": "misp-galaxy:ransomware=\"Zeta\"",
"relationship_type": ""
},
{
"colour": "#e8007d",
"local": "0",
"name": "workflow:state=\"complete\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200165",
"to_ids": false,
"type": "link",
"uuid": "5ac5d6c4-f19c-457b-9864-4f5e950d210f",
"value": "https://www.bleepingcomputer.com/news/security/mole66-cryptomix-ransomware-variant-released/",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200166",
"to_ids": false,
"type": "comment",
"uuid": "5ac5d6df-5068-407a-98ca-4a59950d210f",
"value": "Today MalwareHunterTeam discovered a new variant of the Cryptomix Ransomware that appends the .MOLE66 extension to encrypted files, changes the contact email, and slightly changes the ransom note's name. In the past, we used to see new Cryptomix variants a few times a month, but this time it has been almost 2 months since the previous System variant was released.",
"Tag": [
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1522916982",
"to_ids": true,
"type": "sha256",
"uuid": "5ac5de76-ba98-41ac-b403-4f6b950d210f",
"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200166",
"to_ids": true,
"type": "filename",
"uuid": "5ac5de77-5a7c-421e-ab52-4a87950d210f",
"value": "_HELP_INSTRUCTIONS_.TXT"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200166",
"to_ids": true,
"type": "filename",
"uuid": "5ac5de77-7a00-4741-b859-48ac950d210f",
"value": "%ALLUSERSPROFILE%\\[random].exe"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1523200167",
"to_ids": true,
"type": "email-src",
"uuid": "5ac5de78-c99c-471b-a1a7-4098950d210f",
"value": "alpha2018a@aol.com"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "7",
"timestamp": "1523200170",
"uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
"ObjectReference": [
{
"comment": "",
"object_uuid": "aa6231bd-cf24-43c7-9a74-b33d36b2ea23",
"referenced_uuid": "339584d7-03bd-43aa-8bee-082050d98159",
"relationship_type": "analysed-with",
"timestamp": "1523200170",
"uuid": "5aca30aa-e498-4664-91dd-637702de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1523200167",
"to_ids": true,
"type": "sha1",
"uuid": "5aca30a7-922c-43aa-87fd-637702de0b81",
"value": "f339b703192a562dde82596319e8720c30aaa5ed"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1523200168",
"to_ids": true,
"type": "sha256",
"uuid": "5aca30a8-89c8-45dc-878c-637702de0b81",
"value": "15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1523200168",
"to_ids": true,
"type": "md5",
"uuid": "5aca30a8-d1c4-45fe-a608-637702de0b81",
"value": "c3294c90474063dfb0d28ef8a693a6cb"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "1",
"timestamp": "1523200169",
"uuid": "339584d7-03bd-43aa-8bee-082050d98159",
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1523200169",
"to_ids": false,
"type": "link",
"uuid": "5aca30a9-d1bc-423c-b3bf-637702de0b81",
"value": "https://www.virustotal.com/file/15f5cb94b851289d0218f333e06372e43b2a55d241c530d4f61aad3b89f68b91/analysis/1522854946/"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1523200169",
"to_ids": false,
"type": "text",
"uuid": "5aca30a9-7168-43f7-aa66-637702de0b81",
"value": "48/67"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1523200169",
"to_ids": false,
"type": "datetime",
"uuid": "5aca30a9-2f54-4ac7-b884-637702de0b81",
"value": "2018-04-04T15:15:46"
}
]
}
]
}
}