{ "Event": { "analysis": "2", "date": "2019-11-20", "extends_uuid": "", "info": "OSINT - Trojan.ElectrumDoSMiner - a Trojan responsible for the denial of service attacks against Electrum bitcoin wallets.", "publish_timestamp": "1574284053", "published": true, "threat_level_id": "3", "timestamp": "1574284024", "uuid": "5dd5a9e7-72a8-4b7e-b0c3-49e702de0b81", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" }, { "colour": "#000a64", "local": false, "name": "europol-incident:availability=\"dos-ddos\"", "relationship_type": "" }, { "colour": "#009c9c", "local": false, "name": "rsit:availability=\"ddos\"", "relationship_type": "" } ], "Attribute": [ { "category": "Network activity", "comment": "ElectrumDoSMiner infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1574283778", "to_ids": true, "type": "ip-dst", "uuid": "5dd5aa02-3978-4b87-b174-396802de0b81", "value": "178.159.37.113" }, { "category": "Network activity", "comment": "ElectrumDoSMiner infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1574283778", "to_ids": true, "type": "ip-dst", "uuid": "5dd5aa02-0b78-466d-abf5-396802de0b81", "value": "194.63.143.226" }, { "category": "Network activity", "comment": "ElectrumDoSMiner infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1574283778", "to_ids": true, "type": "ip-dst", "uuid": "5dd5aa02-16c0-4abb-8fc8-396802de0b81", "value": "217.147.169.179" }, { "category": "Network activity", "comment": "ElectrumDoSMiner infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1574283778", "to_ids": true, "type": "ip-dst", "uuid": "5dd5aa02-5558-40fb-a56d-396802de0b81", "value": "188.214.135.174" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1574283794", "to_ids": true, "type": "sha256", "uuid": "5dd5aa12-3a0c-42ae-b7a7-46b502de0b81", "value": "48dcb183ff97a05fd3e466f76f385543480abb62c9adcae24d1bdbbfc26f9e5a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1574283949", "to_ids": false, "type": "text", "uuid": "5dd5aaad-f364-4c08-a806-14fd02de0b81", "value": "Users of affected computers may experience slowdowns in internet speed as they are joined to a botnet that performs DDoS attacks." }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1574283984", "to_ids": false, "type": "link", "uuid": "5dd5aac4-ea38-4cb3-b237-395702de0b81", "value": "https://blog.malwarebytes.com/detections/trojan-electrumdosminer/" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1574283849", "uuid": "5c230990-7dfc-4660-9078-77fe460a2a75", "ObjectReference": [ { "comment": "", "object_uuid": "5c230990-7dfc-4660-9078-77fe460a2a75", "referenced_uuid": "7a8cc79e-7b9f-418f-94a2-18e4b3f57e46", "relationship_type": "analysed-with", "timestamp": "1574283849", "uuid": "5dd5aa49-3bb0-4422-a63c-396a02de0b81" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1574283794", "to_ids": true, "type": "md5", "uuid": "917fb1af-3536-4f0f-9be1-37c1891eaacc", "value": "1e98d810141f8e0fab4630b7302b2af5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1574283794", "to_ids": true, "type": "sha1", "uuid": "d42ac3f9-c56c-441f-b759-4d40b228d44b", "value": "597cecc7dcd3c2f01d094a05160a3423565c18b6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1574283794", "to_ids": true, "type": "sha256", "uuid": "224f0c4e-627f-458e-9142-59cd0297bc16", "value": "48dcb183ff97a05fd3e466f76f385543480abb62c9adcae24d1bdbbfc26f9e5a" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1574283849", "uuid": "7a8cc79e-7b9f-418f-94a2-18e4b3f57e46", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1574283794", "to_ids": false, "type": "datetime", "uuid": "98319729-b31b-4261-a74d-ce4b81054cf3", "value": "2019-06-13T14:50:43" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1574283794", "to_ids": false, "type": "link", "uuid": "22401081-a880-4238-be9f-30c212ed6d3e", "value": "https://www.virustotal.com/file/48dcb183ff97a05fd3e466f76f385543480abb62c9adcae24d1bdbbfc26f9e5a/analysis/1560437443/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1574283794", "to_ids": false, "type": "text", "uuid": "b279cf16-feca-4182-85c4-375ce896bf00", "value": "54/70" } ] } ] } }