{ "Event": { "analysis": "1", "date": "2024-08-28", "extends_uuid": "", "info": "[Threat Intel] RansomHub ransomware-as-a-service", "protected": false, "publish_timestamp": "1780042131", "published": true, "threat_level_id": "2", "timestamp": "1772902085", "uuid": "ff1caf0f-773f-4797-865c-4ea44e46cab8", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"ransomhub\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Accounts - T1078.002\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770876979", "to_ids": false, "type": "link", "uuid": "c81be918-42e0-4fc5-8454-abd8af306137", "value": "https://www.group-ib.com/blog/ransomhub-raas/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770877153", "to_ids": true, "type": "url", "uuid": "fc9a715a-f943-4e68-a625-5160d4ca929f", "value": "http://ransomxifxwc5eteopdobynonjctkxxvap77yqifu2emfbecgbqdw6qd.onion/" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770877207", "to_ids": false, "type": "comment", "uuid": "d33ce36a-d232-4284-b3c7-c22f3dd0cce9", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240828-RansomHub/56.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770877207", "to_ids": false, "type": "comment", "uuid": "270225a8-42e2-45f7-ab3c-2658a0d303b0", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240828-RansomHub/57.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770877207", "to_ids": false, "type": "comment", "uuid": "23160c0e-f1c6-41f1-a7f8-3618f68c9e03", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240828-RansomHub/58.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770877207", "to_ids": false, "type": "comment", "uuid": "000ea3e5-a778-441b-a00e-c939749dd9a3", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240828-RansomHub/59.png" } ] } }