{ "type": "bundle", "id": "bundle--5b276228-9270-42f9-9ecd-4a81950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-26T12:43:31.000Z", "modified": "2018-10-26T12:43:31.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5b276228-9270-42f9-9ecd-4a81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-10-26T12:43:31.000Z", "modified": "2018-10-26T12:43:31.000Z", "name": "Clipboard Hijacker Targeting Bitcoin & Ethereum Users Infects Over 300,0000 PCs", "published": "2018-10-28T09:01:41Z", "object_refs": [ "observed-data--5b27626a-0b5c-499f-b32c-49fa950d210f", "url--5b27626a-0b5c-499f-b32c-49fa950d210f", "x-misp-attribute--5b276289-7e74-4cd5-b56c-46f1950d210f", "observed-data--5b2763ad-40a8-46e2-8bb1-41de950d210f", "url--5b2763ad-40a8-46e2-8bb1-41de950d210f", "x-misp-object--5b276411-7dc4-47d6-a36f-4f00950d210f", "x-misp-object--5b276423-15a8-4e24-b174-438e950d210f", "x-misp-object--5b276434-a5e4-4b4e-b566-439f950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "circl:incident-classification=\"malware\"", "osint:source-type=\"blog-post\"", "misp-galaxy:tool=\"ClipboardWalletHijacker\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b27626a-0b5c-499f-b32c-49fa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-18T07:48:13.000Z", "modified": "2018-06-18T07:48:13.000Z", "first_observed": "2018-06-18T07:48:13Z", "last_observed": "2018-06-18T07:48:13Z", "number_observed": 1, "object_refs": [ "url--5b27626a-0b5c-499f-b32c-49fa950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5b27626a-0b5c-499f-b32c-49fa950d210f", "value": "https://www.bleepingcomputer.com/news/security/clipboard-hijacker-targeting-bitcoin-and-ethereum-users-infects-over-300-0000-pcs/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5b276289-7e74-4cd5-b56c-46f1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-18T07:47:49.000Z", "modified": "2018-06-18T07:47:49.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "A malware campaign spreading a clipboard hijacker has infected over 300,000 computers, according to Chinese security firm Qihoo 360 Total Security.\r\n\r\nThe campaign has been raging for the past week and has spread a malware which Qihoo researchers have named ClipboardWalletHijacker." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5b2763ad-40a8-46e2-8bb1-41de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-18T07:48:05.000Z", "modified": "2018-06-18T07:48:05.000Z", "first_observed": "2018-06-18T07:48:05Z", "last_observed": "2018-06-18T07:48:05Z", "number_observed": 1, "object_refs": [ "url--5b2763ad-40a8-46e2-8bb1-41de950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5b2763ad-40a8-46e2-8bb1-41de950d210f", "value": "https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5b276411-7dc4-47d6-a36f-4f00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-18T07:49:37.000Z", "modified": "2018-06-18T07:49:37.000Z", "labels": [ "misp:name=\"coin-address\"", "misp:meta-category=\"financial\"" ], "x_misp_attributes": [ { "type": "btc", "object_relation": "address", "value": "1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1", "category": "Financial fraud", "to_ids": true, "uuid": "5b276411-8e78-4250-9cf9-4eac950d210f" }, { "type": "text", "object_relation": "symbol", "value": "BTC", "category": "Other", "uuid": "5b276412-dc58-4d1f-9245-4b23950d210f" } ], "x_misp_meta_category": "financial", "x_misp_name": "coin-address" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5b276423-15a8-4e24-b174-438e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-18T07:49:55.000Z", "modified": "2018-06-18T07:49:55.000Z", "labels": [ "misp:name=\"coin-address\"", "misp:meta-category=\"financial\"" ], "x_misp_attributes": [ { "type": "btc", "object_relation": "address", "value": "19gdjoWaE8i9XPbWoDbixev99MvvXUSNZL", "category": "Financial fraud", "to_ids": true, "uuid": "5b276423-890c-4166-8773-44f7950d210f" }, { "type": "text", "object_relation": "symbol", "value": "BTC", "category": "Other", "uuid": "5b276424-4524-40c1-bf1e-4981950d210f" } ], "x_misp_meta_category": "financial", "x_misp_name": "coin-address" }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--5b276434-a5e4-4b4e-b566-439f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-06-18T07:50:12.000Z", "modified": "2018-06-18T07:50:12.000Z", "labels": [ "misp:name=\"coin-address\"", "misp:meta-category=\"financial\"" ], "x_misp_attributes": [ { "type": "btc", "object_relation": "address", "value": "0x004D3416DA40338fAf9E772388A93fAF5059bFd5", "category": "Financial fraud", "to_ids": true, "uuid": "5b276434-6aa4-48ba-a645-46ad950d210f" }, { "type": "text", "object_relation": "symbol", "value": "ETH", "category": "Other", "uuid": "5b276435-acbc-483c-bce3-4845950d210f" } ], "x_misp_meta_category": "financial", "x_misp_name": "coin-address" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }