{ "type": "URL", "indicator": "https://srcip.com/src.js", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://srcip.com/src.js", "type": "url", "type_title": "URL", "validation": [ { "source": "mining", "message": "Whitelisted mining domain srcip.com", "name": "Whitelisted mining domain" } ], "base_indicator": { "id": 1582558306, "indicator": "https://srcip.com/src.js", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 1, "pulses": [ { "id": "5bf2f3340c91df62d74ddd52", "name": "MikroTik mayhem - Cryptomining campaign abusing routers", "description": "Since MikroTik issued a patch in April for the later disclosed CVE-2018-14847, hackers have been quick to exploit this vulnerability to execute attacks ranging from cryptomining to eavesdropping. From September 19th to October 15th, Avast blocked malicious cryptomining URLs related to infected networks with MikroTik gateways, also known as the WinBox vulnerability, over 22.4M times \u2013 blocking it for more than 362,616 users on 292,456 networks in the Avast network alone.", "modified": "2018-11-19T17:30:28.724000", "created": "2018-11-19T17:30:28.724000", "tags": [ "mikrotik" ], "references": [ "https://blog.avast.com/mikrotik-routers-targeted-by-cryptomining-campaign-avast", "https://badpackets.net/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware/", "https://twitter.com/vrieshd/status/1040288152592830465?lang=en", "https://docs.google.com/spreadsheets/d/1RdT_r4fi4wPx5rY306FftVKaXiAZeQeb5fx78DmbVx0/edit#gid=0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 53, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 7, "FileHash-SHA256": 6, "URL": 9, "FileHash-MD5": 1, "hostname": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 386625, "modified_text": "2750 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://blog.avast.com/mikrotik-routers-targeted-by-cryptomining-campaign-avast", "https://docs.google.com/spreadsheets/d/1RdT_r4fi4wPx5rY306FftVKaXiAZeQeb5fx78DmbVx0/edit#gid=0", "https://badpackets.net/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware/", "https://twitter.com/vrieshd/status/1040288152592830465?lang=en" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 24 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/srcip.com", "whois": "http://whois.domaintools.com/srcip.com", "domain": "srcip.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 1, "pulses": [ { "id": "5bf2f3340c91df62d74ddd52", "name": "MikroTik mayhem - Cryptomining campaign abusing routers", "description": "Since MikroTik issued a patch in April for the later disclosed CVE-2018-14847, hackers have been quick to exploit this vulnerability to execute attacks ranging from cryptomining to eavesdropping. From September 19th to October 15th, Avast blocked malicious cryptomining URLs related to infected networks with MikroTik gateways, also known as the WinBox vulnerability, over 22.4M times \u2013 blocking it for more than 362,616 users on 292,456 networks in the Avast network alone.", "modified": "2018-11-19T17:30:28.724000", "created": "2018-11-19T17:30:28.724000", "tags": [ "mikrotik" ], "references": [ "https://blog.avast.com/mikrotik-routers-targeted-by-cryptomining-campaign-avast", "https://badpackets.net/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware/", "https://twitter.com/vrieshd/status/1040288152592830465?lang=en", "https://docs.google.com/spreadsheets/d/1RdT_r4fi4wPx5rY306FftVKaXiAZeQeb5fx78DmbVx0/edit#gid=0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 53, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "domain": 7, "FileHash-SHA256": 6, "URL": 9, "FileHash-MD5": 1, "hostname": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 386625, "modified_text": "2750 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://srcip.com/src.js", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://srcip.com/src.js", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780255750.9146001 }