{
  "Event": {
    "analysis": "1",
    "date": "2024-05-28",
    "extends_uuid": "",
    "info": "MA-1076.052024: MyCERT Advisory - Estate Ransomware",
    "protected": false,
    "publish_timestamp": "1780041858",
    "published": true,
    "threat_level_id": "2",
    "timestamp": "1772902073",
    "uuid": "5417de2b-5b2b-4472-8c78-d537058b97d0",
    "Orgc": {
      "name": "Rectifyq",
      "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"
    },
    "Tag": [
      {
        "colour": "#36d931",
        "local": false,
        "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"",
        "relationship_type": ""
      },
      {
        "colour": "#915448",
        "local": false,
        "name": "misp-galaxy:target-information=\"Malaysia\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#49a260",
        "local": false,
        "name": "rectifyq:category=\"threat\"",
        "relationship_type": ""
      },
      {
        "colour": "#f1dfed",
        "local": false,
        "name": "rectifyq:TA-category=\"Ransomware\"",
        "relationship_type": ""
      },
      {
        "colour": "#ffd12e",
        "local": false,
        "name": "rectifyq:target=\"broad-based\"",
        "relationship_type": ""
      },
      {
        "colour": "#dd2e44",
        "local": false,
        "name": "rectifyq:MY-relevancy=\"relevant\"",
        "relationship_type": ""
      },
      {
        "colour": "#3a00dd",
        "local": false,
        "name": "rectifyq:action-taken=\"diamond-model\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1717718172",
        "to_ids": false,
        "type": "link",
        "uuid": "2980dbd9-3aba-45b2-b97e-c25dd0abe728",
        "value": "https://www.mycert.org.my/portal/advisory?id=MA-1076.052024"
      },
      {
        "category": "Payload delivery",
        "comment": "TA contact included in the Ransom Note",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1717718248",
        "to_ids": true,
        "type": "email-src",
        "uuid": "e183a6d5-99f6-486a-a62c-19399b29c4bf",
        "value": "xindiaz12@cyberfear.com"
      },
      {
        "category": "Other",
        "comment": "File extension once the files encrypted",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1717718311",
        "to_ids": false,
        "type": "text",
        "uuid": "0a743132-364a-4463-91b6-4f3e376b4729",
        "value": ".6AklzADP4"
      },
      {
        "category": "Attribution",
        "comment": "Malware name",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1717718382",
        "to_ids": false,
        "type": "other",
        "uuid": "622c9075-f257-4845-aba7-5ac12b0e1322",
        "value": "EstateRansomware"
      },
      {
        "category": "Other",
        "comment": "diamond-model",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1770861721",
        "to_ids": false,
        "type": "comment",
        "uuid": "a9558db6-838b-40b8-86d8-f95035a2ba65",
        "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240528-Estate-Ransomware/5.png"
      }
    ]
  }
}