misp-circl-feed/feeds/circl/misp/5e211b87-8f34-43f5-b02b-42e4950d210f.json

221 lines
No EOL
7.1 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2020-01-17",
"extends_uuid": "",
"info": "Ako Ransomware",
"publish_timestamp": "1580456344",
"published": true,
"threat_level_id": "3",
"timestamp": "1580456326",
"uuid": "5e211b87-8f34-43f5-b02b-42e4950d210f",
"Orgc": {
"name": "wilbursecurity.com",
"uuid": "5e16d2bc-5c68-4ef1-bc80-47f5950d210f"
},
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#ffd890",
"local": "0",
"name": " Ransomware",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Payload installation",
"comment": "Locker.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579228479",
"to_ids": true,
"type": "sha256",
"uuid": "5e211d3f-2db0-45f0-bfe5-479c950d210f",
"value": "ae8e02d15c9b45a751e4e7f177f27f5ba7663fe6ec4b53cc68a6c1f5c2a3cfd9"
},
{
"category": "Payload installation",
"comment": "Locker.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579228480",
"to_ids": true,
"type": "sha1",
"uuid": "5e211d40-5edc-4756-8ccc-4d80950d210f",
"value": "c0501e264531f29854bdaa872eb12c30b5875200"
},
{
"category": "Payload installation",
"comment": "Locker.exe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579228480",
"to_ids": true,
"type": "md5",
"uuid": "5e211d40-bd24-496b-b4e7-448f950d210f",
"value": "ef2697aa224266b204127722771bc209"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579229116",
"to_ids": false,
"type": "other",
"uuid": "5e211ea9-58d4-4ef9-a5ef-40d7950d210f",
"value": "Commands Run\r\nvssadmin.exe Delete Shadows /All /Quiet\r\nbcdedit.exe /set {default} recoveryenabled No\r\nbcdedit.exe /set {default} bootstatuspolicy ignoreallfailures\r\nwbadmin DELETE SYSTEMSTATEBACKUP\r\nwbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest\r\nwmic.exe SHADOWCOPY /nointeractive"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579274836",
"to_ids": false,
"type": "link",
"uuid": "5e211f10-6480-42ab-8b19-4de9950d210f",
"value": "https://app.any.run/tasks/5f4740c6-023a-4214-a96a-97b05e8b440e/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579228985",
"to_ids": false,
"type": "ip-src",
"uuid": "5e211f39-d0a8-43d2-8995-48cf950d210f",
"value": "185.167.160.83"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579274830",
"to_ids": false,
"type": "other",
"uuid": "5e211f8e-94cc-4067-b97f-485f950d210f",
"value": "Tor Ransom page\r\n\r\nhttp://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion/C2SNJM7PHLUI0QQV"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1579275691",
"to_ids": false,
"type": "link",
"uuid": "5e213034-de04-4974-820b-4b35950d210f",
"value": "https://wilbursecurity.com/2020/01/ako-ransomware"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1579275850",
"uuid": "5e21d353-e354-456a-ba6b-4647950d210f",
"Attribute": [
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "key",
"timestamp": "1579275850",
"to_ids": true,
"type": "regkey",
"uuid": "5e21d354-c574-4de7-bc78-450b950d210f",
"value": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1579275850",
"to_ids": false,
"type": "text",
"uuid": "5e21d354-98d8-4594-ac85-4b6f950d210f",
"value": "EnableLinkedConnections"
},
{
"category": "Persistence mechanism",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "data",
"timestamp": "1579275850",
"to_ids": false,
"type": "text",
"uuid": "5e21d354-e3f8-47d8-b94e-499e950d210f",
"value": "1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Registry key object describing a Windows registry key with value and last-modified timestamp",
"meta-category": "file",
"name": "registry-key",
"template_uuid": "8b3228ad-6d82-4fe6-b2ae-05426308f1d5",
"template_version": "4",
"timestamp": "1579275314",
"uuid": "5e21d432-c228-4d2c-8d51-43ab950d210f",
"Attribute": [
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "key",
"timestamp": "1579275335",
"to_ids": true,
"type": "regkey",
"uuid": "5e21d432-e4f8-4b2f-9f62-46ef950d210f",
"value": "HKEY_CURRENT_USER\\Software\\acfg"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1579275340",
"to_ids": false,
"type": "text",
"uuid": "5e21d433-981c-4908-8617-4308950d210f",
"value": "aid"
},
{
"category": "Artifacts dropped",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "data",
"timestamp": "1579275350",
"to_ids": false,
"type": "text",
"uuid": "5e21d433-18f4-4980-b89d-4c1b950d210f",
"value": ".(randomly generated key)"
}
]
}
]
}
}