{ "Event": { "analysis": "2", "date": "2023-01-20", "extends_uuid": "", "info": "[Threat Intel] MA-907.012023: MyCERT Advisory - Ransomware LockBit 3.0", "protected": false, "publish_timestamp": "1780040118", "published": true, "threat_level_id": "2", "timestamp": "1772902022", "uuid": "9143a75d-651b-45e6-9a12-39c6cb321397", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Lockbit3\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740783032", "to_ids": false, "type": "link", "uuid": "994383d4-9143-4ee7-9b4e-7cd1a12c34cd", "value": "https://mycert.org.my/portal/advisory?id=MA-907.012023" }, { "category": "Financial fraud", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740783056", "to_ids": true, "type": "btc", "uuid": "0f21c013-fa6d-4a71-bddb-3ea169967c18", "value": "11398c5be61445bee1efa7c9caa31" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981551", "uuid": "66452bea-86c4-4f1b-a504-09b90c9df37b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981551", "to_ids": true, "type": "md5", "uuid": "37e40ac6-faa9-4800-af83-e704261af7f0", "value": "03b14473eef5b7e38d9a5041c1af0a76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792259", "to_ids": true, "type": "sha1", "uuid": "56f23277-81c9-45e5-a244-d494783776c2", "value": "371353e9564c58ae4722a03205ac84ab34383d8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792259", "to_ids": true, "type": "sha256", "uuid": "0f29ee3b-4355-4fdf-b117-e9ae00b4602c", "value": "a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792258", "to_ids": true, "type": "ssdeep", "uuid": "b8b3420a-9b2e-4cca-8f0c-3a9d89c013f8", "value": "3072:o5uyulsHwDV1gFnTwn7zwJGJ+ut5kCI5Gzei3N2VzRmK:o5uZ1DPgFnk7EJwZI5gDN2VVm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792258", "to_ids": false, "type": "size-in-bytes", "uuid": "093bc679-06a5-4793-9f87-9688acb3382a", "value": "165888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792258", "to_ids": true, "type": "vhash", "uuid": "206f7ff0-c0b3-4c96-9849-3d5a0e2e57ab", "value": "01505e665d1d7d77z51z9nzafz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792258", "to_ids": true, "type": "filename", "uuid": "9717946f-924a-45c5-bd52-a46b3190345a", "value": "a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6e.exe.bin" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 28/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792258", "to_ids": false, "type": "text", "uuid": "461896c7-46ff-4cb9-87e5-a5c64f20e0ce", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win32/Lockbit.STB\nVT Total Detection:67/72\nFirst Submission:2022-07-04T15:35:49.000000+00:00\nLast Submission:2025-03-06T14:45:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981551", "uuid": "5759aac1-68b8-452f-b307-120aabd91c23", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981551", "to_ids": true, "type": "md5", "uuid": "b9eb59fd-d40b-4c30-a730-2fbd7368b202", "value": "628e4a77536859ffc2853005924db2ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792280", "to_ids": true, "type": "sha1", "uuid": "ba88ac3e-cf92-458e-be74-b84cd197552e", "value": "c2a321b6078acfab582a195c3eaf3fe05e095ce0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792280", "to_ids": true, "type": "sha256", "uuid": "223dfc1c-a61c-45e0-9ad6-5bb578c8c782", "value": "d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792280", "to_ids": true, "type": "ssdeep", "uuid": "7be80450-8f1f-45fd-a666-46dda01ce4a0", "value": "3072:o5uyulsHwDV1gFnTwn7zwJGJ+3t5kCI5Gzei3N2VzRmK:o5uZ1DPgFnk7EJwaI5gDN2VVm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792280", "to_ids": false, "type": "size-in-bytes", "uuid": "347522d7-4327-4067-a6d7-f67a6641efe0", "value": "165888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792280", "to_ids": true, "type": "vhash", "uuid": "bfa04754-1a45-49dc-a231-b05e92fdcbab", "value": "01505e665d1d7d77z51z9nzafz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792280", "to_ids": true, "type": "filename", "uuid": "d8c2ec85-005b-46ae-9091-fdf042eb5da5", "value": "d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 01/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792280", "to_ids": false, "type": "text", "uuid": "474eb4ed-8b3e-4c0d-81f1-798f8b71cfd7", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win32/Lockbit.STB\nVT Total Detection:67/72\nFirst Submission:2022-07-03T20:20:43.000000+00:00\nLast Submission:2025-01-13T16:40:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981551", "uuid": "e652a574-c62f-4358-8234-cf48fcdc38e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981551", "to_ids": true, "type": "md5", "uuid": "da73bc10-92b4-4052-9237-4653f6daac4d", "value": "7fb11398c5be61445bee1efa7c9caa31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792302", "to_ids": true, "type": "sha1", "uuid": "cd7cb57f-d7a6-4ddb-b767-0e0bae815e01", "value": "ced1c9fabfe7e187dd809e77c9ca28ea2e165fa8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792302", "to_ids": true, "type": "sha256", "uuid": "7b874c1e-e08c-4fc5-a568-a86e05f1394a", "value": "f9b9d45339db9164a3861bf61758b7f41e6bcfb5bc93404e296e2918e52ccc10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792301", "to_ids": true, "type": "ssdeep", "uuid": "871db56f-288d-468c-b598-792662ec6917", "value": "3072:hM38OugiM3koBZl6kpfxrgNYddVPkW8XeoSseFciJta6IR/o6BTREgDfBcKL8xDl:hjOugiM3koBDxrGyPktV1eRSZ17DfyKa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792301", "to_ids": false, "type": "size-in-bytes", "uuid": "e62c34fe-7cc4-43c5-8497-debe5bd63bf2", "value": "166400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792301", "to_ids": true, "type": "vhash", "uuid": "17c8104b-3b6a-4d3f-9c96-8d0bfa2779fa", "value": "01505e76551d7d77zb1z8nz6fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792301", "to_ids": true, "type": "filename", "uuid": "cf4a248d-259e-42f6-8387-917380c044ed", "value": "f9b9d45339db9164a3861bf61758b7f41e6bcfb5bc93404e296e2918e52ccc10.exe" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792301", "to_ids": false, "type": "text", "uuid": "8849c7fe-2e09-461e-8296-b66df6f9df15", "value": "Type Description: Win32 EXE\nMicrosoft: Ransom:Win32/Lockbit.RPA!MTB\nVT Total Detection:63/72\nFirst Submission:2022-07-12T08:47:05.000000+00:00\nLast Submission:2025-04-10T20:27:24.000000+00:00" } ] } ] } }