misp-circl-feed/feeds/circl/misp/5a3cbdf8-172c-4738-9b96-c31d950d210f.json


			
				
				
					
						
						
						
							
							
							{"Event": {"info": "OSINT - Digmine Cryptocurrency Miner Spreading via Facebook Messenger", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:tool=\"Digmine\""}, {"colour": "#a0a300", "exportable": true, "name": "dnc:malware-type=\"CoinMiner\""}, {"colour": "#ef0081", "exportable": true, "name": "workflow:state=\"complete\""}], "publish_timestamp": "1518771398", "timestamp": "1540909727", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "c9227520-0ad9-46ab-95c3-cbccbfca0d41", "sharing_group_id": "0", "timestamp": "1518184923", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "c9227520-0ad9-46ab-95c3-cbccbfca0d41", "uuid": "5a7da9dd-1ed0-4f12-9411-7f4202de0b81", "timestamp": "1518771398", "referenced_uuid": "84ba4228-3be2-4c13-875f-52799e79680f", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "detected as TROJ_DIGMINEIN.A", "category": "Payload delivery", "uuid": "5a7da9d8-6310-4228-9366-7f4202de0b81", "timestamp": "1518184920", "to_ids": true, "value": "772e3fab70b1c8339064d2a8b75413819d9e4a5d", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "detected as TROJ_DIGMINEIN.A", "category": "Payload delivery", "uuid": "5a7da9d8-a880-418f-887d-7f4202de0b81", "timestamp": "1518184920", "to_ids": true, "value": "beb7274d78c63aa44515fe6bbfd324f49ec2cc0b8650aeb2d6c8ab61a0ae9f1d", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "detected as TROJ_DIGMINEIN.A", "category": "Payload delivery", "uuid": "5a7da9d9-c964-46cd-860d-7f4202de0b81", "timestamp": "1518184921", "to_ids": true, "value": "d0857aba2c626d554c6982d2d2d4db8a", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "84ba4228-3be2-4c13-875f-52799e79680f", "sharing_group_id": "0", "timestamp": "1518184921", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "detected as TROJ_DIGMINEIN.A", "category": "External analysis", "uuid": "5a7da9d9-1868-4623-acc4-7f4202de0b81", "timestamp": "1518184921", "to_ids": false, "value": "https://www.virustotal.com/file/beb7274d78c63aa44515fe6bbfd324f49ec2cc0b8650aeb2d6c8ab61a0ae9f1d/analysis/1515510769/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "detected as TROJ_DIGMINEIN.A", "category": "Other", "uuid": "5a7da9da-8140-46c2-be5b-7f4202de0b81", "timestamp": "1518184922", "to_ids": false, "value": "47/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "detected as TROJ_DIGMINEIN.A", "category": "Other", "uuid": "5a7da9da-16a0-438f-abe8-7f4202de0b81", "timestamp": "1518184922", "to_ids": false, "value": "2018-01-09 15:12:49", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "96f46bd7-e112-46d4-b676-1bbb1d0065a4", "sharing_group_id": "0", "timestamp": "1518184925", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "96f46bd7-e112-46d4-b676-1bbb1d0065a4", "uuid": "5a7da9dd-8358-4db4-bf83-7f4202de0b81", "timestamp": "1518771398", "referenced_uuid": "e48a8058-0d5c-45fe-b3a3-5b1a52e928e6", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "detected as TROJ_DIGMINE.A", "category": "Payload delivery", "uuid": "5a7da9db-70b4-4670-8968-7f4202de0b81", "timestamp": "1518184923", "to_ids": true, "value": "c5db86423e0f50a46daea2f3025fad7d9b7b0d1c", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "detected as TROJ_DIGMINE.A", "category": "Payload delivery", "uuid": "5a7da9db-6744-4952-9e16-7f4202de0b81", "timestamp": "1518184923", "to_ids": true, "value": "f7e0398ae1f5a2f48055cf712b08972a1b6eb14579333bf038d37ed862c55909", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}, {"comment": "detected as TROJ_DIGMINE.A", "category": "Payload delivery", "uuid": "5a7da9db-a260-493d-9a71-7f4202de0b81", "timestamp": "1518184923", "to_ids": true, "value": "8f7ac245965e43d521bf6870ef3ff924", "disable_correlation": false, "object_relation": "md5", "type": "md5"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "e48a8058-0d5c-45fe-b3a3-5b1a52e928e6", "sharing_group_id": "0", "timestamp": "1518184924", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "detected as TROJ_DIGMINE.A", "category": "External analysis", "uuid": "5a7da9dc-fb64-4968-bff4-7f4202de0b81", "timestamp": "1518184924", "to_ids": false, "value": "https://www.virustotal.com/file/f7e0398ae1f5a2f48055cf712b08972a1b6eb14579333bf038d37ed862c55909/analysis/1515510846/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "detected as TROJ_DIGMINE.A", "category": "Other", "uuid": "5a7da9dc-2c44-478f-90d7-7f4202de0b81", "timestamp": "1518184924", "to_ids": false, "value": "45/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "detected as TROJ_DIGMINE.A", "category": "Other", "uuid": "5a7da9dd-d220-4017-b954-7f4202de0b81", "timestamp": "1518184925", "to_ids": false, "value": "2018-01-09 15:14:06", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a3cbe23-e3fc-4f14-8aad-55ea950d210f", "timestamp": "1518184914", "to_ids": false, "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/digmine-cryptocurrency-miner-spreading-via-facebook-messenger/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5a5cbdca-e130-4082-b292-44c2950d210f", "timestamp": "1518184915", "to_ids": false, "value": "We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker (\ube44\ud2b8\ucf54\uc778 \ucc44\uad74\uae30 bot) it was referred to in a report of recent related incidents in South Korea. We\u2019ve also seen Digmine spreading in other regions such as Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. It\u2019s not far-off for Digmine to reach other countries given the way it propagates.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "comment"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf71-02d0-4661-94ac-48c4950d210f", "timestamp": "1518184915", "to_ids": true, "value": "vijus.bid", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf72-c6a8-4c3e-902e-40e3950d210f", "timestamp": "1518184915", "to_ids": true, "value": "ozivu.bid", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf73-2cc8-4645-ab88-464f950d210f", "timestamp": "1518184916", "to_ids": true, "value": "thisdayfunnyday.space", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf73-8c2c-4b1d-be95-40dd950d210f", "timestamp": "1518184916", "to_ids": true, "value": "thisaworkstation.space", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf73-59d0-4ddb-a95d-4a41950d210f", "timestamp": "1518184917", "to_ids": true, "value": "mybigthink.space", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf74-d9c4-4822-a6da-498a950d210f", "timestamp": "1518184917", "to_ids": true, "value": "mokuz.bid", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf74-2274-4921-aa86-40ef950d210f", "timestamp": "1518184917", "to_ids": true, "value": "pabus.bid", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf75-d1c4-47b5-b69d-4f2e950d210f", "timestamp": "1518184918", "to_ids": true, "value": "yezav.bid", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf76-2460-4448-970d-4de2950d210f", "timestamp": "1518184918", "to_ids": true, "value": "bigih.bid", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf76-0f24-480e-a813-4d2e950d210f", "timestamp": "1518184919", "to_ids": true, "value": "taraz.bid", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "C&C", "category": "Network activity", "uuid": "5a5cbf76-4d2c-4785-9161-430b950d210f", "timestamp": "1518184919", "to_ids": true, "value": "megu.info", "disable_correlation": false, "object_relation": null, "type": "domain"}, {"comment": "detected as TROJ_DIGMINEIN.A", "category": "Payload delivery", "uuid": "5a5cbfe3-c574-4f96-978e-42b7950d210f", "timestamp": "1516027875", "to_ids": true, "value": "beb7274d78c63aa44515fe6bbfd324f49ec2cc0b8650aeb2d6c8ab61a0ae9f1d", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "detected as BREX_DIGMINEEX.A", "category": "Payload delivery", "uuid": "5a5cbfe4-f630-44c2-9af1-4329950d210f", "timestamp": "1516027876", "to_ids": true, "value": "5a5b8551a82c57b683f9bd8ba49aefeab3d7c9d299a2d2cb446816cd15d3b3e9", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "detected as TROJ_DIGMINE.A", "category": "Payload delivery", "uuid": "5a5cbfe4-cd54-4c67-8652-4b98950d210f", "timestamp": "1516027876", "to_ids": true, "value": "f7e0398ae1f5a2f48055cf712b08972a1b6eb14579333bf038d37ed862c55909", "disable_correlation": false, "object_relation": null, "type": "sha256"}], "extends_uuid": "", "published": false, "date": "2017-12-21", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a3cbdf8-172c-4738-9b96-c31d950d210f"}}
						
						
					
				
				
					
						Reference in a new issue
					
					View git blame
					Copy permalink