adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5dd5a9e7-72a8-4b7e-b0c3-49e702de0b81.json

244 lines
No EOL
7.6 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2019-11-20",
"extends_uuid": "",
"info": "OSINT - Trojan.ElectrumDoSMiner - a Trojan responsible for the denial of service attacks against Electrum bitcoin wallets.",
"publish_timestamp": "1574284053",
"published": true,
"threat_level_id": "3",
"timestamp": "1574284024",
"uuid": "5dd5a9e7-72a8-4b7e-b0c3-49e702de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#000a64",
"local": false,
"name": "europol-incident:availability=\"dos-ddos\"",
"relationship_type": ""
},
{
"colour": "#009c9c",
"local": false,
"name": "rsit:availability=\"ddos\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "Network activity",
"comment": "ElectrumDoSMiner infrastructure",
"deleted": false,
"disable_correlation": false,
"timestamp": "1574283778",
"to_ids": true,
"type": "ip-dst",
"uuid": "5dd5aa02-3978-4b87-b174-396802de0b81",
"value": "178.159.37.113"
},
{
"category": "Network activity",
"comment": "ElectrumDoSMiner infrastructure",
"deleted": false,
"disable_correlation": false,
"timestamp": "1574283778",
"to_ids": true,
"type": "ip-dst",
"uuid": "5dd5aa02-0b78-466d-abf5-396802de0b81",
"value": "194.63.143.226"
},
{
"category": "Network activity",
"comment": "ElectrumDoSMiner infrastructure",
"deleted": false,
"disable_correlation": false,
"timestamp": "1574283778",
"to_ids": true,
"type": "ip-dst",
"uuid": "5dd5aa02-16c0-4abb-8fc8-396802de0b81",
"value": "217.147.169.179"
},
{
"category": "Network activity",
"comment": "ElectrumDoSMiner infrastructure",
"deleted": false,
"disable_correlation": false,
"timestamp": "1574283778",
"to_ids": true,
"type": "ip-dst",
"uuid": "5dd5aa02-5558-40fb-a56d-396802de0b81",
"value": "188.214.135.174"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1574283794",
"to_ids": true,
"type": "sha256",
"uuid": "5dd5aa12-3a0c-42ae-b7a7-46b502de0b81",
"value": "48dcb183ff97a05fd3e466f76f385543480abb62c9adcae24d1bdbbfc26f9e5a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1574283949",
"to_ids": false,
"type": "text",
"uuid": "5dd5aaad-f364-4c08-a806-14fd02de0b81",
"value": "Users of affected computers may experience slowdowns in internet speed as they are joined to a botnet that performs DDoS attacks."
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1574283984",
"to_ids": false,
"type": "link",
"uuid": "5dd5aac4-ea38-4cb3-b237-395702de0b81",
"value": "https://blog.malwarebytes.com/detections/trojan-electrumdosminer/"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1574283849",
"uuid": "5c230990-7dfc-4660-9078-77fe460a2a75",
"ObjectReference": [
{
"comment": "",
"object_uuid": "5c230990-7dfc-4660-9078-77fe460a2a75",
"referenced_uuid": "7a8cc79e-7b9f-418f-94a2-18e4b3f57e46",
"relationship_type": "analysed-with",
"timestamp": "1574283849",
"uuid": "5dd5aa49-3bb0-4422-a63c-396a02de0b81"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1574283794",
"to_ids": true,
"type": "md5",
"uuid": "917fb1af-3536-4f0f-9be1-37c1891eaacc",
"value": "1e98d810141f8e0fab4630b7302b2af5"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1574283794",
"to_ids": true,
"type": "sha1",
"uuid": "d42ac3f9-c56c-441f-b759-4d40b228d44b",
"value": "597cecc7dcd3c2f01d094a05160a3423565c18b6"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1574283794",
"to_ids": true,
"type": "sha256",
"uuid": "224f0c4e-627f-458e-9142-59cd0297bc16",
"value": "48dcb183ff97a05fd3e466f76f385543480abb62c9adcae24d1bdbbfc26f9e5a"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1574283849",
"uuid": "7a8cc79e-7b9f-418f-94a2-18e4b3f57e46",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1574283794",
"to_ids": false,
"type": "datetime",
"uuid": "98319729-b31b-4261-a74d-ce4b81054cf3",
"value": "2019-06-13T14:50:43"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1574283794",
"to_ids": false,
"type": "link",
"uuid": "22401081-a880-4238-be9f-30c212ed6d3e",
"value": "https://www.virustotal.com/file/48dcb183ff97a05fd3e466f76f385543480abb62c9adcae24d1bdbbfc26f9e5a/analysis/1560437443/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1574283794",
"to_ids": false,
"type": "text",
"uuid": "b279cf16-feca-4182-85c4-375ce896bf00",
"value": "54/70"
}
]
}
]
}
}
Reference in a new issue View git blame Copy permalink