2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--56587437-7f08-4381-85bc-a829950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:01.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:01.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--56587437-7f08-4381-85bc-a829950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:01.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:01.000Z",
|
|
|
|
"name": "OSINT - Botnet bruteforcing Point Of Sale terminals via Remote Desktop",
|
|
|
|
"published": "2015-11-27T15:23:42Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5658744c-ef14-47e7-9e75-d063950d210b",
|
|
|
|
"url--5658744c-ef14-47e7-9e75-d063950d210b",
|
|
|
|
"indicator--5658748b-05c4-4f39-aa39-d062950d210b",
|
|
|
|
"indicator--5658748b-d880-4c69-b339-d062950d210b",
|
|
|
|
"indicator--5658748c-65ec-4a2f-b54a-d062950d210b",
|
|
|
|
"indicator--565874ad-f07c-4566-ac03-d063950d210b",
|
|
|
|
"indicator--56587556-015c-403f-b13d-d8c7950d210b",
|
|
|
|
"indicator--56587556-2aec-4136-a47c-d8c7950d210b",
|
|
|
|
"observed-data--56587556-f56c-4a2e-a8a9-d8c7950d210b",
|
|
|
|
"url--56587556-f56c-4a2e-a8a9-d8c7950d210b",
|
|
|
|
"indicator--56587557-ade0-4c81-9d2c-d8c7950d210b",
|
|
|
|
"indicator--56587557-e36c-4e34-95a4-d8c7950d210b",
|
|
|
|
"observed-data--56587558-6980-4313-b36d-d8c7950d210b",
|
|
|
|
"url--56587558-6980-4313-b36d-d8c7950d210b",
|
|
|
|
"indicator--56587558-7c28-496f-acc2-d8c7950d210b",
|
|
|
|
"indicator--56587558-87ec-4a37-8c00-d8c7950d210b",
|
|
|
|
"observed-data--56587559-32b0-46d1-9223-d8c7950d210b",
|
|
|
|
"url--56587559-32b0-46d1-9223-d8c7950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5658744c-ef14-47e7-9e75-d063950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:18:36.000Z",
|
|
|
|
"modified": "2015-11-27T15:18:36.000Z",
|
|
|
|
"first_observed": "2015-11-27T15:18:36Z",
|
|
|
|
"last_observed": "2015-11-27T15:18:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5658744c-ef14-47e7-9e75-d063950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5658744c-ef14-47e7-9e75-d063950d210b",
|
|
|
|
"value": "https://www.alienvault.com/open-threat-exchange/blog/botnet-bruteforcing-point-of-sale-via-remote-desktop"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5658748b-05c4-4f39-aa39-d062950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:19:39.000Z",
|
|
|
|
"modified": "2015-11-27T15:19:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c1fab4a0b7f4404baf8eab4d58b1f821']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:19:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5658748b-d880-4c69-b339-d062950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:19:39.000Z",
|
|
|
|
"modified": "2015-11-27T15:19:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c0c1f1a69a1b59c6f2dab18135a73919']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:19:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5658748c-65ec-4a2f-b54a-d062950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:19:40.000Z",
|
|
|
|
"modified": "2015-11-27T15:19:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '08863d484b1ebe6359144c9a8d8027c0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:19:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--565874ad-f07c-4566-ac03-d063950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:20:13.000Z",
|
|
|
|
"modified": "2015-11-27T15:20:13.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.154.54.42']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:20:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56587556-015c-403f-b13d-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:02.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:02.000Z",
|
|
|
|
"description": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:23:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56587556-2aec-4136-a47c-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:02.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:02.000Z",
|
|
|
|
"description": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'fb357bb5d9c2de75afa69bfec8c22041b02e03df']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:23:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56587556-f56c-4a2e-a8a9-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:02.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:02.000Z",
|
|
|
|
"first_observed": "2015-11-27T15:23:02Z",
|
|
|
|
"last_observed": "2015-11-27T15:23:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56587556-f56c-4a2e-a8a9-d8c7950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56587556-f56c-4a2e-a8a9-d8c7950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713/analysis/1445904969/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56587557-ade0-4c81-9d2c-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:03.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:03.000Z",
|
|
|
|
"description": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:23:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56587557-e36c-4e34-95a4-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:03.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:03.000Z",
|
|
|
|
"description": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e284b886851623a944e6f3d8507314b3217935ce']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:23:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56587558-6980-4313-b36d-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:04.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:04.000Z",
|
|
|
|
"first_observed": "2015-11-27T15:23:04Z",
|
|
|
|
"last_observed": "2015-11-27T15:23:04Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56587558-6980-4313-b36d-d8c7950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56587558-6980-4313-b36d-d8c7950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a/analysis/1445913257/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56587558-7c28-496f-acc2-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:04.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:04.000Z",
|
|
|
|
"description": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:23:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56587558-87ec-4a37-8c00-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:04.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:04.000Z",
|
|
|
|
"description": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f63479cd40b56652721a95f059dedfb96478bbaa']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-11-27T15:23:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload installation"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload installation\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--56587559-32b0-46d1-9223-d8c7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2015-11-27T15:23:05.000Z",
|
|
|
|
"modified": "2015-11-27T15:23:05.000Z",
|
|
|
|
"first_observed": "2015-11-27T15:23:05Z",
|
|
|
|
"last_observed": "2015-11-27T15:23:05Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--56587559-32b0-46d1-9223-d8c7950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--56587559-32b0-46d1-9223-d8c7950d210b",
|
|
|
|
"value": "https://www.virustotal.com/file/47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0/analysis/1408612721/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|