misp-circl-feed/feeds/circl/misp/5b17eaaf-783c-4624-b5f4-42d5950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2018-06-01",
    "extends_uuid": "",
    "info": "OSINT - Sigrun Ransomware Author Decrypting Russian Victims for Free",
    "publish_timestamp": "1528904384",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1528891752",
    "uuid": "5b17eaaf-783c-4624-b5f4-42d5950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#2c4f00",
        "local": false,
        "name": "malware_classification:malware-category=\"Ransomware\"",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": false,
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:ransomware=\"Sigrun Ransomware\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1528294869",
        "to_ids": false,
        "type": "link",
        "uuid": "5b17ed4b-d91c-42b3-b3f5-4998950d210f",
        "value": "https://www.bleepingcomputer.com/news/security/sigrun-ransomware-author-decrypting-russian-victims-for-free/",
        "Tag": [
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1528294862",
        "to_ids": false,
        "type": "text",
        "uuid": "5b17ed5f-5934-4b17-918d-4149950d210f",
        "value": "The author of the Sigrun Ransomware is providing decryption for Russian victims for free, while asking for a ransom payment of $2,500 in Bitcoin or Dash for everyone else. It is not uncommon for Russian ransomware developers to purposely avoid targeting Russian citizens and to outwardly help such victims for free.",
        "Tag": [
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1528356973",
        "to_ids": true,
        "type": "filename",
        "uuid": "5b18e06d-07dc-4b4e-870e-262b950d210f",
        "value": "RESTORE-SIGRUN.txt"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1528356974",
        "to_ids": true,
        "type": "filename",
        "uuid": "5b18e06e-0884-4617-8b91-262b950d210f",
        "value": "RESTORE-SIGRUN.html"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1528357046",
        "to_ids": true,
        "type": "email-src",
        "uuid": "5b18e0b6-1ccc-41f1-b246-1dc5950d210f",
        "value": "sigrun_decryptor@protonmail.ch"
      }
    ],
    "Object": [
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "11",
        "timestamp": "1528356608",
        "uuid": "5b18df00-e54c-4f8c-8aff-1dc7950d210f",
        "Attribute": [
          {
            "category": "Payload delivery",
            "comment": "",
            "deleted": false,
            "disable_correlation": false,
            "object_relation": "sha256",
            "timestamp": "1528356609",
            "to_ids": true,
            "type": "sha256",
            "uuid": "5b18df01-4aec-4bc3-87b5-1dc7950d210f",
            "value": "664b482e22e0f108660cf03fb7d1507d929e8242eb6c5762e577096a50a8cc5b"
          },
          {
            "category": "Other",
            "comment": "",
            "deleted": false,
            "disable_correlation": true,
            "object_relation": "state",
            "timestamp": "1528356609",
            "to_ids": false,
            "type": "text",
            "uuid": "5b18df01-5338-4a84-9eb0-1dc7950d210f",
            "value": "Malicious"
          }
        ]
      },
      {
        "comment": "",
        "deleted": false,
        "description": "File object describing a file with meta-information",
        "meta-category": "file",
        "name": "file",
        "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
        "template_version": "11",
        "timestamp": "1528875487",
        "uuid": "09bc113b-4699-4395-b2c8-f7e57415bab4",
        "ObjectReference": [
          {
            "comment": "",
            "object_uuid": "09bc113b-4699-4395-b2c8-f7e57415bab4",
            "referenced_uuid": "7aeb92ee-c416-4eea-bd3d-bffb83f3b67c",
            "relationship_type": "analysed-with",
            "timestamp": "1528875487",
            "uuid": "5b20c9df-4ef4-46e6-a617-a44b02de0b81"
          }
        ],
        "Attribute": []
      },
      {
        "comment": "",
        "deleted": false,
        "description": "VirusTotal report",
        "meta-category": "misc",
        "name": "virustotal-report",
        "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
        "template_version": "2",
        "timestamp": "1528875486",
        "uuid": "7aeb92ee-c416-4eea-bd3d-bffb83f3b67c",
        "Attribute": []
      }
    ]
  }
}