201 lines
No EOL
6.3 KiB
JSON
201 lines
No EOL
6.3 KiB
JSON
{
|
|
"Event": {
|
|
"analysis": "2",
|
|
"date": "2018-06-15",
|
|
"extends_uuid": "",
|
|
"info": "Clipboard Hijacker Targeting Bitcoin & Ethereum Users Infects Over 300,0000 PCs",
|
|
"publish_timestamp": "1540717301",
|
|
"published": true,
|
|
"threat_level_id": "3",
|
|
"timestamp": "1540557811",
|
|
"uuid": "5b276228-9270-42f9-9ecd-4a81950d210f",
|
|
"Orgc": {
|
|
"name": "CIRCL",
|
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
|
},
|
|
"Tag": [
|
|
{
|
|
"colour": "#ffffff",
|
|
"name": "tlp:white"
|
|
},
|
|
{
|
|
"colour": "#3b7500",
|
|
"name": "circl:incident-classification=\"malware\""
|
|
},
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
},
|
|
{
|
|
"colour": "#0088cc",
|
|
"name": "misp-galaxy:tool=\"ClipboardWalletHijacker\""
|
|
}
|
|
],
|
|
"Attribute": [
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529308093",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b27626a-0b5c-499f-b32c-49fa950d210f",
|
|
"value": "https://www.bleepingcomputer.com/news/security/clipboard-hijacker-targeting-bitcoin-and-ethereum-users-infects-over-300-0000-pcs/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529308069",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b276289-7e74-4cd5-b56c-46f1950d210f",
|
|
"value": "A malware campaign spreading a clipboard hijacker has infected over 300,000 computers, according to Chinese security firm Qihoo 360 Total Security.\r\n\r\nThe campaign has been raging for the past week and has spread a malware which Qihoo researchers have named ClipboardWalletHijacker.",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"category": "External analysis",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"timestamp": "1529308085",
|
|
"to_ids": false,
|
|
"type": "link",
|
|
"uuid": "5b2763ad-40a8-46e2-8bb1-41de950d210f",
|
|
"value": "https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/",
|
|
"Tag": [
|
|
{
|
|
"colour": "#00223b",
|
|
"name": "osint:source-type=\"blog-post\""
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"Object": [
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "An address used in a cryptocurrency",
|
|
"meta-category": "financial",
|
|
"name": "coin-address",
|
|
"template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46",
|
|
"template_version": "2",
|
|
"timestamp": "1529308177",
|
|
"uuid": "5b276411-7dc4-47d6-a36f-4f00950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Financial fraud",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "address",
|
|
"timestamp": "1529308177",
|
|
"to_ids": true,
|
|
"type": "btc",
|
|
"uuid": "5b276411-8e78-4250-9cf9-4eac950d210f",
|
|
"value": "1FoSfmjZJFqFSsD2cGXuccM9QMMa28Wrn1"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "symbol",
|
|
"timestamp": "1529308178",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b276412-dc58-4d1f-9245-4b23950d210f",
|
|
"value": "BTC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "An address used in a cryptocurrency",
|
|
"meta-category": "financial",
|
|
"name": "coin-address",
|
|
"template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46",
|
|
"template_version": "2",
|
|
"timestamp": "1529308195",
|
|
"uuid": "5b276423-15a8-4e24-b174-438e950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Financial fraud",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "address",
|
|
"timestamp": "1529308195",
|
|
"to_ids": true,
|
|
"type": "btc",
|
|
"uuid": "5b276423-890c-4166-8773-44f7950d210f",
|
|
"value": "19gdjoWaE8i9XPbWoDbixev99MvvXUSNZL"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "symbol",
|
|
"timestamp": "1529308196",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b276424-4524-40c1-bf1e-4981950d210f",
|
|
"value": "BTC"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"comment": "",
|
|
"deleted": false,
|
|
"description": "An address used in a cryptocurrency",
|
|
"meta-category": "financial",
|
|
"name": "coin-address",
|
|
"template_uuid": "d0e6997e-78da-4815-a6a1-cfc1c1cb8a46",
|
|
"template_version": "2",
|
|
"timestamp": "1529308212",
|
|
"uuid": "5b276434-a5e4-4b4e-b566-439f950d210f",
|
|
"Attribute": [
|
|
{
|
|
"category": "Financial fraud",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "address",
|
|
"timestamp": "1529308212",
|
|
"to_ids": true,
|
|
"type": "btc",
|
|
"uuid": "5b276434-6aa4-48ba-a645-46ad950d210f",
|
|
"value": "0x004D3416DA40338fAf9E772388A93fAF5059bFd5"
|
|
},
|
|
{
|
|
"category": "Other",
|
|
"comment": "",
|
|
"deleted": false,
|
|
"disable_correlation": false,
|
|
"object_relation": "symbol",
|
|
"timestamp": "1529308213",
|
|
"to_ids": false,
|
|
"type": "text",
|
|
"uuid": "5b276435-acbc-483c-bce3-4845950d210f",
|
|
"value": "ETH"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
} |