1 line
No EOL
26 KiB
JSON
1 line
No EOL
26 KiB
JSON
{"Event": {"info": "OSINT - Money-making machine: Monero-mining malware", "Tag": [{"colour": "#7a0042", "exportable": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\""}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#366c00", "exportable": true, "name": "circl:incident-classification=\"malware\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#a0a300", "exportable": true, "name": "dnc:malware-type=\"CoinMiner\""}], "publish_timestamp": "0", "timestamp": "1515597971", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "ea1be23a-dfcd-48de-8872-8f836e6ac3c0", "sharing_group_id": "0", "timestamp": "1515588764", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "ea1be23a-dfcd-48de-8872-8f836e6ac3c0", "uuid": "5a560c9c-c028-4e79-8b2e-4ca802de0b81", "timestamp": "1515588764", "referenced_uuid": "b935385d-8974-4c8e-950c-3e68a61d1b8c", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-a474-472a-a476-441402de0b81", "timestamp": "1515588761", "to_ids": true, "value": "31721ae37835f792ee792d8324e307ba423277ae", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-eac8-403c-a26d-41a202de0b81", "timestamp": "1515588762", "to_ids": true, "value": "618e76e806a2eb4285c996395aec83e2", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-4724-4026-a1b8-4dd902de0b81", "timestamp": "1515588762", "to_ids": true, "value": "5adf7c44f649de93d7adbac55c9ce2cd19384e627cd5738ddae233512b624453", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "b935385d-8974-4c8e-950c-3e68a61d1b8c", "sharing_group_id": "0", "timestamp": "1515588762", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9a-2cc0-47bb-baee-41a402de0b81", "timestamp": "1515588762", "to_ids": false, "value": "https://www.virustotal.com/file/5adf7c44f649de93d7adbac55c9ce2cd19384e627cd5738ddae233512b624453/analysis/1513859719/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-d1bc-4579-b347-46b602de0b81", "timestamp": "1515588762", "to_ids": false, "value": "53/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-7d0c-43f5-95cc-470c02de0b81", "timestamp": "1515588762", "to_ids": false, "value": "2017-12-21 12:35:19", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "d7991877-c64b-473c-9c7c-b2744a41de54", "sharing_group_id": "0", "timestamp": "1515588765", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "d7991877-c64b-473c-9c7c-b2744a41de54", "uuid": "5a560c9c-7b90-4ff2-90cd-403802de0b81", "timestamp": "1515588764", "referenced_uuid": "9289df9d-4871-45bb-93fb-79f880b28639", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-bf68-4a4d-a2cc-49ea02de0b81", "timestamp": "1515588762", "to_ids": true, "value": "52413ae19bbcdb9339d38a6f305e040fe83dee1b", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-f110-47a7-aa66-494b02de0b81", "timestamp": "1515588762", "to_ids": true, "value": "2f0abd9db04be04d2abb653c4e8b312f", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-f168-493c-80f8-47d002de0b81", "timestamp": "1515588762", "to_ids": true, "value": "f89a29c2950f5a920c1473156f050dd913578a1858dcb70c26ee9bb469a20687", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "9289df9d-4871-45bb-93fb-79f880b28639", "sharing_group_id": "0", "timestamp": "1515588762", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9a-ce24-4bc5-a395-46f602de0b81", "timestamp": "1515588762", "to_ids": false, "value": "https://www.virustotal.com/file/f89a29c2950f5a920c1473156f050dd913578a1858dcb70c26ee9bb469a20687/analysis/1506600788/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-9868-44b0-ad20-419702de0b81", "timestamp": "1515588762", "to_ids": false, "value": "43/64", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-80e4-47ce-be08-464402de0b81", "timestamp": "1515588762", "to_ids": false, "value": "2017-09-28 12:13:08", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "9c910616-22a6-4e08-a3a2-87f4b475d3d1", "sharing_group_id": "0", "timestamp": "1515588765", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "9c910616-22a6-4e08-a3a2-87f4b475d3d1", "uuid": "5a560c9d-30d0-4287-8e0f-4f1102de0b81", "timestamp": "1515588765", "referenced_uuid": "926ff804-e136-4d43-9fc4-d4750cb05769", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-88c8-49c0-8d28-4c8f02de0b81", "timestamp": "1515588762", "to_ids": true, "value": "0902181d1b9433b5616763646a089b1bdf428262", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-ce48-4283-8f94-478202de0b81", "timestamp": "1515588762", "to_ids": true, "value": "23a2278fae626df2e134b9d141dc59dc", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-bf1c-4a32-be52-4c2802de0b81", "timestamp": "1515588762", "to_ids": true, "value": "ea579b7d0cc1106cdb285a41bc031205240b93f438c000a7aee30cd80dc72d52", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "926ff804-e136-4d43-9fc4-d4750cb05769", "sharing_group_id": "0", "timestamp": "1515588762", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9a-e46c-4323-8caa-4b2602de0b81", "timestamp": "1515588762", "to_ids": false, "value": "https://www.virustotal.com/file/ea579b7d0cc1106cdb285a41bc031205240b93f438c000a7aee30cd80dc72d52/analysis/1509047328/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-247c-4c84-9f19-453b02de0b81", "timestamp": "1515588762", "to_ids": false, "value": "51/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-655c-4cd2-a65f-4e2d02de0b81", "timestamp": "1515588762", "to_ids": false, "value": "2017-10-26 19:48:48", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "e64a6ec9-2bc8-4ef0-9016-a9a5d46d1e14", "sharing_group_id": "0", "timestamp": "1515588765", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "e64a6ec9-2bc8-4ef0-9016-a9a5d46d1e14", "uuid": "5a560c9d-ffe8-4f80-9bcc-46a902de0b81", "timestamp": "1515588765", "referenced_uuid": "b992202a-e871-4545-9b50-afbb7006a55b", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-71b0-421b-9adb-49da02de0b81", "timestamp": "1515588762", "to_ids": true, "value": "37d4cc67351b2bd8067ab99973c4afd7090db1e9", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-e1c0-4872-ba2e-444502de0b81", "timestamp": "1515588762", "to_ids": true, "value": "367e73b9299cccf30893c86c8ab152a6", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9a-e648-4247-8f55-42f702de0b81", "timestamp": "1515588762", "to_ids": true, "value": "754d71c198f21b2b711df9f9e74753d9912277a816f04a291f71d656f06450c0", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "b992202a-e871-4545-9b50-afbb7006a55b", "sharing_group_id": "0", "timestamp": "1515588762", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9a-1ad4-4398-b066-4c3002de0b81", "timestamp": "1515588762", "to_ids": false, "value": "https://www.virustotal.com/file/754d71c198f21b2b711df9f9e74753d9912277a816f04a291f71d656f06450c0/analysis/1509047307/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-0088-4bdd-9f47-4a3202de0b81", "timestamp": "1515588762", "to_ids": false, "value": "52/66", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9a-73a8-49b7-9e5f-4dea02de0b81", "timestamp": "1515588762", "to_ids": false, "value": "2017-10-26 19:48:27", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "85cce78c-3a7f-410f-af8a-3b3059d60ffc", "sharing_group_id": "0", "timestamp": "1515588766", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "85cce78c-3a7f-410f-af8a-3b3059d60ffc", "uuid": "5a560c9d-2018-41b3-9451-458202de0b81", "timestamp": "1515588765", "referenced_uuid": "525147f2-d882-47c0-979f-1082ab49db86", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-1d28-483e-9f6b-469402de0b81", "timestamp": "1515588763", "to_ids": true, "value": "9fcb3943660203e99c348f17a8801ba077f7cb40", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-cfd0-4e15-9649-4aca02de0b81", "timestamp": "1515588763", "to_ids": true, "value": "6b7c5481be0b985d72870468c771de53", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-1754-4494-b1ce-48f402de0b81", "timestamp": "1515588763", "to_ids": true, "value": "a688e0bce6807c05d12371356afe56eabc425104387b3d74a1042fa1e2af15b2", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "525147f2-d882-47c0-979f-1082ab49db86", "sharing_group_id": "0", "timestamp": "1515588763", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9b-19ac-4b3f-a7cf-404902de0b81", "timestamp": "1515588763", "to_ids": false, "value": "https://www.virustotal.com/file/a688e0bce6807c05d12371356afe56eabc425104387b3d74a1042fa1e2af15b2/analysis/1509047435/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9b-2760-453b-85de-42de02de0b81", "timestamp": "1515588763", "to_ids": false, "value": "49/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9b-7438-4b31-a6e5-480502de0b81", "timestamp": "1515588763", "to_ids": false, "value": "2017-10-26 19:50:35", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "792c5088-2710-4df6-bb0f-b825c224bc89", "sharing_group_id": "0", "timestamp": "1515588766", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "792c5088-2710-4df6-bb0f-b825c224bc89", "uuid": "5a560c9d-3b50-460f-8109-42d502de0b81", "timestamp": "1515588765", "referenced_uuid": "e6140541-debe-4885-9b25-545b3ac4b0c4", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-fa88-42cb-a702-4b4c02de0b81", "timestamp": "1515588763", "to_ids": true, "value": "0ab00045d0d403f2d8f8865120c1089c09ba4fee", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-5ca0-405d-b232-471502de0b81", "timestamp": "1515588763", "to_ids": true, "value": "0645bcfc7df878614f9c5a78d2b6225a", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-eb8c-4f32-8731-40f002de0b81", "timestamp": "1515588763", "to_ids": true, "value": "0f76fe343377a1ecfebc9ac5922e6ec667f8d09230ee5b345e4f3aad1c9e44e7", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "e6140541-debe-4885-9b25-545b3ac4b0c4", "sharing_group_id": "0", "timestamp": "1515588763", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9b-01b8-40d7-966a-408602de0b81", "timestamp": "1515588763", "to_ids": false, "value": "https://www.virustotal.com/file/0f76fe343377a1ecfebc9ac5922e6ec667f8d09230ee5b345e4f3aad1c9e44e7/analysis/1509047352/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9b-f2b4-441f-8679-474b02de0b81", "timestamp": "1515588763", "to_ids": false, "value": "47/66", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9b-f164-4a33-941d-44ed02de0b81", "timestamp": "1515588763", "to_ids": false, "value": "2017-10-26 19:49:12", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "853fb224-372e-4b63-b73c-8a8af6bd0545", "sharing_group_id": "0", "timestamp": "1515588766", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "853fb224-372e-4b63-b73c-8a8af6bd0545", "uuid": "5a560c9d-21a0-4984-a9a1-401802de0b81", "timestamp": "1515588765", "referenced_uuid": "8e253c50-69de-4b63-8921-c0acd42e4eac", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-71bc-49f7-b190-4b0402de0b81", "timestamp": "1515588763", "to_ids": true, "value": "11d7694987a32a91fb766ba221f9a2de3c06d173", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-3e2c-48d2-b8b3-456902de0b81", "timestamp": "1515588763", "to_ids": true, "value": "b31593fa05990487c8fb61c921f5d9a4", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-6d64-41bf-8951-4e9802de0b81", "timestamp": "1515588763", "to_ids": true, "value": "e1a024b3a882f109caf16aa4c07bc98e902f4b66394903283dfbeb14a07755a0", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "8e253c50-69de-4b63-8921-c0acd42e4eac", "sharing_group_id": "0", "timestamp": "1515588763", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9b-9b70-40d0-b83b-4d2e02de0b81", "timestamp": "1515588763", "to_ids": false, "value": "https://www.virustotal.com/file/e1a024b3a882f109caf16aa4c07bc98e902f4b66394903283dfbeb14a07755a0/analysis/1509047377/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9b-0e88-4247-a940-445b02de0b81", "timestamp": "1515588763", "to_ids": false, "value": "49/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9b-06ec-44d4-a5db-437502de0b81", "timestamp": "1515588763", "to_ids": false, "value": "2017-10-26 19:49:37", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}, {"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "10880336-2391-4892-9a3a-eb219b1ab021", "sharing_group_id": "0", "timestamp": "1515588766", "description": "File object describing a file with meta-information", "template_version": "7", "ObjectReference": [{"comment": "", "object_uuid": "10880336-2391-4892-9a3a-eb219b1ab021", "uuid": "5a560c9d-ef38-490d-81f7-40ba02de0b81", "timestamp": "1515588765", "referenced_uuid": "1443c499-9846-4744-b176-676dfaa55f00", "relationship_type": "analysed-with"}], "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-d9c0-4fb5-b9e1-4d0302de0b81", "timestamp": "1515588763", "to_ids": true, "value": "a0bc6ea2bfa1d3d895fe8e706737d490d5fe3987", "disable_correlation": false, "object_relation": "sha1", "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-fd54-4602-99e9-462602de0b81", "timestamp": "1515588763", "to_ids": true, "value": "845a949df30057649cdf1df504033c50", "disable_correlation": false, "object_relation": "md5", "type": "md5"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560c9b-e848-4698-9ca9-4dda02de0b81", "timestamp": "1515588763", "to_ids": true, "value": "cf3d35232a4ff20cd82fb9c4f87c7bd2bfce32d645dccea23c82424f09d50dae", "disable_correlation": false, "object_relation": "sha256", "type": "sha256"}], "distribution": "5", "meta-category": "file", "name": "file"}, {"comment": "", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "uuid": "1443c499-9846-4744-b176-676dfaa55f00", "sharing_group_id": "0", "timestamp": "1515588763", "description": "VirusTotal report", "template_version": "1", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a560c9c-b330-46fe-94bc-4f9102de0b81", "timestamp": "1515588764", "to_ids": false, "value": "https://www.virustotal.com/file/cf3d35232a4ff20cd82fb9c4f87c7bd2bfce32d645dccea23c82424f09d50dae/analysis/1514697636/", "disable_correlation": false, "object_relation": "permalink", "type": "link"}, {"comment": "", "category": "Other", "uuid": "5a560c9c-0308-4e93-9693-4fb202de0b81", "timestamp": "1515588764", "to_ids": false, "value": "49/67", "disable_correlation": true, "object_relation": "detection-ratio", "type": "text"}, {"comment": "", "category": "Other", "uuid": "5a560c9c-0f84-49c0-b558-4b3002de0b81", "timestamp": "1515588764", "to_ids": false, "value": "2017-12-31 05:20:36", "disable_correlation": false, "object_relation": "last-submission", "type": "datetime"}], "distribution": "5", "meta-category": "misc", "name": "virustotal-report"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a54c41c-3044-48e5-9443-413a950d210f", "timestamp": "1515588761", "to_ids": false, "value": "https://www.welivesecurity.com/2017/09/28/monero-money-mining-malware/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "Download Site:", "category": "Network activity", "uuid": "5a560bf5-9958-478b-bdfb-4c16950d210f", "timestamp": "1515588761", "to_ids": true, "value": "http://postgre.tk", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Download Site:", "category": "Network activity", "uuid": "5a560bf5-c7f4-4318-84ce-455b950d210f", "timestamp": "1515588761", "to_ids": true, "value": "http://ntpserver.tk", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "Source IPs:", "category": "Network activity", "uuid": "5a560bf5-5b00-4e01-b429-4fc4950d210f", "timestamp": "1515588761", "to_ids": true, "value": "54.197.4.10", "disable_correlation": false, "object_relation": null, "type": "ip-src"}, {"comment": "Source IPs:", "category": "Network activity", "uuid": "5a560bf5-f3d0-4a0d-bbc8-4046950d210f", "timestamp": "1515588761", "to_ids": true, "value": "52.207.232.106", "disable_correlation": false, "object_relation": null, "type": "ip-src"}, {"comment": "Source IPs:", "category": "Network activity", "uuid": "5a560bf5-fdac-4cf5-be6d-4554950d210f", "timestamp": "1515588761", "to_ids": true, "value": "18.220.190.151", "disable_correlation": false, "object_relation": null, "type": "ip-src"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-b4c4-49c8-a21c-49f0950d210f", "timestamp": "1515588597", "to_ids": true, "value": "31721ae37835f792ee792d8324e307ba423277ae", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-8098-4de6-98c5-4667950d210f", "timestamp": "1515588597", "to_ids": true, "value": "a0bc6ea2bfa1d3d895fe8e706737d490d5fe3987", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-9124-4840-8f5b-465d950d210f", "timestamp": "1515588597", "to_ids": true, "value": "37d4cc67351b2bd8067ab99973c4afd7090db1e9", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-1ca4-4078-b2a0-4082950d210f", "timestamp": "1515588597", "to_ids": true, "value": "0902181d1b9433b5616763646a089b1bdf428262", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-984c-47c2-961d-4560950d210f", "timestamp": "1515588597", "to_ids": true, "value": "0ab00045d0d403f2d8f8865120c1089c09ba4fee", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-ff48-44f8-8d2a-42d1950d210f", "timestamp": "1515588597", "to_ids": true, "value": "11d7694987a32a91fb766ba221f9a2de3c06d173", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-4db0-4664-b0cb-493e950d210f", "timestamp": "1515588597", "to_ids": true, "value": "9fcb3943660203e99c348f17a8801ba077f7cb40", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "Payload delivery", "uuid": "5a560bf5-ac14-4e6f-8bb6-48d7950d210f", "timestamp": "1515588597", "to_ids": true, "value": "52413ae19bbcdb9339d38a6f305e040fe83dee1b", "disable_correlation": false, "object_relation": null, "type": "sha1"}, {"comment": "", "category": "External analysis", "uuid": "5a560c0c-1f04-4218-85b7-40f5950d210f", "timestamp": "1515588761", "to_ids": false, "value": "While the world is holding its breath, wondering where notorious cybercriminal groups like Lazarus or Telebots will strike next with another destructive malware such as WannaCryptor or Petya, there are many other, less aggressive, much stealthier and often very profitable operations going on.\r\n\r\nOne such operation has been going on since at least May 2017, with attackers infecting unpatched Windows webservers with a malicious cryptocurrency miner. The goal: use the servers\u2019 computing power to mine Monero (XMR), one of the newer cryptocurrency alternatives to Bitcoin.\r\n\r\nTo achieve this, attackers modified legitimate open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to covertly install the miner on unpatched servers. Over the course of three months, the crooks behind the campaign have created a botnet of several hundred infected servers and made over USD 63,000 worth of Monero.", "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "Payload installation", "uuid": "5a560de5-4b08-4929-814c-4d5c950d210f", "timestamp": "1515589093", "to_ids": false, "value": "CVE-2017-7269", "disable_correlation": false, "object_relation": null, "type": "vulnerability"}], "extends_uuid": "", "published": false, "date": "2017-09-28", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5a54c404-ccfc-4fae-8f64-416c950d210f"}} |