adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5bfc6891-b838-44fe-bc17-16b702de0b81.json

177 lines
6.3 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2018-11-26",
"extends_uuid": "",
"info": "OSINT - `event-stream` dependency attack steals wallets from users of copay",
"publish_timestamp": "1543270402",
"published": true,
"threat_level_id": "3",
"timestamp": "1543270394",
"uuid": "5bfc6891-b838-44fe-bc17-16b702de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00a0a0",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "ecsirt:intrusions=\"application-compromise\"",
"relationship_type": ""
},
{
"colour": "#0029ff",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "estimative-language:confidence-in-analytic-judgment=\"high\"",
"relationship_type": ""
},
{
"colour": "#001fc2",
chg: [feed] updated
2024-04-05 12:15:17 +00:00
"local": false,
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"name": "estimative-language:likelihood-probability=\"almost-certain\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268515",
"to_ids": false,
"type": "link",
"uuid": "5bfc68a3-19e0-4f70-81d4-48d502de0b81",
"value": "https://github.com/bitpay/copay/issues/9346#issuecomment-441749542"
},
{
"category": "Network activity",
"comment": "\"HTTP POST traffic on port 8080 to copayapi.host (which currently resolves to 51.38.112.212 and previously resolved to 145.249.104.239) or 111.90.151.134 indicates compromised and exfiltrated wallet private keys.\"",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268542",
"to_ids": true,
"type": "domain",
"uuid": "5bfc68be-0b50-47a2-a33e-16c502de0b81",
"value": "copayapi.host"
},
{
"category": "Network activity",
"comment": "\"HTTP POST traffic on port 8080 to copayapi.host (which currently resolves to 51.38.112.212 and previously resolved to 145.249.104.239) or 111.90.151.134 indicates compromised and exfiltrated wallet private keys.\"",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268543",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bfc68bf-51a0-4f93-84ff-16c502de0b81",
"value": "51.38.112.212"
},
{
"category": "Network activity",
"comment": "\"HTTP POST traffic on port 8080 to copayapi.host (which currently resolves to 51.38.112.212 and previously resolved to 145.249.104.239) or 111.90.151.134 indicates compromised and exfiltrated wallet private keys.\"",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268543",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bfc68bf-4798-421d-b09f-16c502de0b81",
"value": "145.249.104.239"
},
{
"category": "Network activity",
"comment": "\"HTTP POST traffic on port 8080 to copayapi.host (which currently resolves to 51.38.112.212 and previously resolved to 145.249.104.239) or 111.90.151.134 indicates compromised and exfiltrated wallet private keys.\"",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268544",
"to_ids": true,
"type": "ip-dst",
"uuid": "5bfc68c0-af3c-4165-8243-16c502de0b81",
"value": "111.90.151.134"
},
{
"category": "Attribution",
"comment": "copayapi.host's SOA record indicates the domain registrant's email address is \"kvlguuvh@sharklasers.co\" (very likely a throwaway email address).",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268846",
"to_ids": true,
"type": "dns-soa-email",
"uuid": "5bfc68ef-2698-4780-b1f5-45c902de0b81",
"value": "kvlguuvh@sharklasers.co"
},
{
"category": "Social network",
"comment": "The GitHub account of the event-stream hijacker: https://github.com/right9ctrl (email address right9ctrl@outlook.com)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268635",
"to_ids": false,
"type": "github-username",
"uuid": "5bfc691b-da14-4228-997c-40e802de0b81",
"value": "right9ctrl"
},
{
"category": "Network activity",
"comment": "The NPM account of the event-stream hijacker: https://www.npmjs.com/~right9ctrlh",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268714",
"to_ids": false,
"type": "url",
"uuid": "5bfc696a-2a8c-4e1d-9f1c-4ef902de0b81",
"value": "https://www.npmjs.com/~right9ctrl"
},
{
"category": "Network activity",
"comment": "The GitHub repo for the malicious flat-map package: https://github.com/hugeglass/flatmap-stream",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268733",
"to_ids": false,
"type": "url",
"uuid": "5bfc697d-ab8c-4a6b-9083-453702de0b81",
"value": "https://github.com/hugeglass/flatmap-stream"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268752",
"to_ids": false,
"type": "url",
"uuid": "5bfc6990-28ec-4517-a397-4b8502de0b81",
"value": "https://www.npmjs.com/~hugeglass"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268789",
"to_ids": false,
"type": "link",
"uuid": "5bfc69b5-bd34-40c5-a2da-42e202de0b81",
"value": "https://github.com/dominictarr/event-stream/issues/116"
},
{
"category": "Attribution",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1543268830",
"to_ids": false,
"type": "whois-registrant-email",
"uuid": "5bfc69de-2090-455c-8b3c-45b102de0b81",
"value": "right9ctrl@outlook.com"
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
chg: [gen] updated
2023-12-14 14:30:15 +00:00
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
}
Reference in a new issue Copy permalink