adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5b1e2aab-9e84-4908-9db2-4bb8950d210f.json

422 lines
19 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5b1e2aab-9e84-4908-9db2-4bb8950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:29:13.000Z",
"modified": "2018-06-13T07:29:13.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5b1e2aab-9e84-4908-9db2-4bb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:29:13.000Z",
"modified": "2018-06-13T07:29:13.000Z",
"name": "OSINT - Goodfellas, the Brazilian carding scene is after you",
"published": "2018-06-13T15:40:52Z",
"object_refs": [
"observed-data--5b1e2b05-0db8-4b98-b0c7-41d7950d210f",
"url--5b1e2b05-0db8-4b98-b0c7-41d7950d210f",
"x-misp-attribute--5b1e2b50-9cc0-4415-876b-4a99950d210f",
"indicator--5b1e2bbb-576c-482a-b05c-41ef950d210f",
"indicator--5b1e2c0a-c3fc-406b-8feb-4b6e950d210f",
"indicator--5b1e2d11-43cc-4383-bb6d-41b5950d210f",
"indicator--5b1e324a-724c-4fb6-a9cb-4b4a950d210f",
"indicator--5b1e3263-e11c-42cf-b81e-4757950d210f",
"x-misp-object--11027696-51a5-490c-8a4f-473fd0489c29",
"x-misp-object--50c83155-900b-441a-83d6-2a391a274548",
"x-misp-object--5b136ef2-fa8b-46dc-b170-42ff816d565b",
"x-misp-object--aa90e50e-5831-4a40-90ff-abe012c776d8",
"x-misp-object--dda87322-1b8c-4646-bc31-7a076d5bc6b4",
"x-misp-object--25746874-1cb9-4718-ba55-35a0bd263c31",
"x-misp-object--7abef902-1194-4ec5-a86e-c8d67e3d6b4f",
"x-misp-object--205f50f6-77e7-43ac-a764-d13afc79e6b8",
"x-misp-object--d7dd0509-3912-4c63-846b-2d8511faaffd",
"x-misp-object--4a34ea3f-eb37-49e5-a937-c0fc11a122e9",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"relationship--eed786d3-a0f8-4c07-9e05-88f33ff61d59",
"relationship--bf6a1d0c-3c85-4318-97d1-8cbc2ef91f3e",
"relationship--d69b2b64-431e-40e4-b5cf-d86e64d44a3b",
"relationship--28fb8078-61b5-4e9e-bb11-8e17dd13bd8a",
"relationship--75ced1d6-7173-412c-9703-83f4d6218b0d"
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"PRILEX\"",
"circl:incident-classification=\"malware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5b1e2b05-0db8-4b98-b0c7-41d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-11T07:57:17.000Z",
"modified": "2018-06-11T07:57:17.000Z",
"first_observed": "2018-06-11T07:57:17Z",
"last_observed": "2018-06-11T07:57:17Z",
"number_observed": 1,
"object_refs": [
"url--5b1e2b05-0db8-4b98-b0c7-41d7950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5b1e2b05-0db8-4b98-b0c7-41d7950d210f",
"value": "https://securelist.com/goodfellas-the-brazilian-carding-scene-is-after-you/84263/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5b1e2b50-9cc0-4415-876b-4a99950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-11T07:57:10.000Z",
"modified": "2018-06-11T07:57:10.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "There are three ways of doing things in the malware business: the right way, the wrong way and the way Brazilians do it. From the early beginnings, using skimmers on ATMs, compromising point of sales systems, or even modifying the hardware of processing devices, Latin America has been a fertile ground for collecting credit and debit cards en masse.\r\n\r\nBrazil started the migration to EMV cards in 1999 and nowadays almost all cards issued in the country are chip-enabled. A small Java-based application lives inside this chip and can be easily manipulated in order to create a \u00e2\u20ac\u0153golden ticket\u00e2\u20ac\u009d card that will be valid in most (if not all) point of sale systems. Having this knowledge has enabled the criminals to update their activities, allowing them to create their own cards featuring this new technology and keeping them \u00e2\u20ac\u0153in the business.\u00e2\u20ac\u009d\r\n\r\nEnter the world of Brazilian malware development, incorporating every trick in the book and adding a custom made malware that can easily collect data from chip and PIN protected cards; all while offering a nicely designed interface for administering the ill-gotten information, validating numbers, and offering their \u00e2\u20ac\u0153customers\u00e2\u20ac\u009d an easy to use package to burn their cloned card."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1e2bbb-576c-482a-b05c-41ef950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-11T07:58:51.000Z",
"modified": "2018-06-11T07:58:51.000Z",
"description": "Trojan.Win32.Prilex.b",
"pattern": "[file:hashes.MD5 = '7ab092ea240430f45264b5dcbd350156' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-11T07:58:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1e2c0a-c3fc-406b-8feb-4b6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-11T08:00:10.000Z",
"modified": "2018-06-11T08:00:10.000Z",
"description": "Trojan.Win32.Prilex.c",
"pattern": "[file:hashes.MD5 = '34fb450417471eba939057e903b25523' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-11T08:00:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1e2d11-43cc-4383-bb6d-41b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-11T08:04:33.000Z",
"modified": "2018-06-11T08:04:33.000Z",
"description": "Trojan.Win32.Prilex.h ",
"pattern": "[file:hashes.MD5 = '26dcd3aa4918d4b7438e8c0ebd9e1cfd' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-11T08:04:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1e324a-724c-4fb6-a9cb-4b4a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-11T08:26:50.000Z",
"modified": "2018-06-11T08:26:50.000Z",
"description": "Trojan.Win32.Prilex.f",
"pattern": "[file:hashes.MD5 = 'f5ff2992bdb1979642599ee54cfbc3d3' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-11T08:26:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5b1e3263-e11c-42cf-b81e-4757950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-11T08:27:15.000Z",
"modified": "2018-06-11T08:27:15.000Z",
"description": "Trojan.Win32.Prilex.m ",
"pattern": "[file:hashes.MD5 = '7ae9043778fee965af4f8b66721bdfab' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-06-11T08:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--11027696-51a5-490c-8a4f-473fd0489c29",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:15.000Z",
"modified": "2018-06-13T07:28:15.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--50c83155-900b-441a-83d6-2a391a274548",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:14.000Z",
"modified": "2018-06-13T07:28:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b136ef2-fa8b-46dc-b170-42ff816d565b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:18.000Z",
"modified": "2018-06-13T07:28:18.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--aa90e50e-5831-4a40-90ff-abe012c776d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:16.000Z",
"modified": "2018-06-13T07:28:16.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dda87322-1b8c-4646-bc31-7a076d5bc6b4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:20.000Z",
"modified": "2018-06-13T07:28:20.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--25746874-1cb9-4718-ba55-35a0bd263c31",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:19.000Z",
"modified": "2018-06-13T07:28:19.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7abef902-1194-4ec5-a86e-c8d67e3d6b4f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:22.000Z",
"modified": "2018-06-13T07:28:22.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--205f50f6-77e7-43ac-a764-d13afc79e6b8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:21.000Z",
"modified": "2018-06-13T07:28:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d7dd0509-3912-4c63-846b-2d8511faaffd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:25.000Z",
"modified": "2018-06-13T07:28:25.000Z",
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\""
],
"x_misp_meta_category": "file",
"x_misp_name": "file"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4a34ea3f-eb37-49e5-a937-c0fc11a122e9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-06-13T07:28:23.000Z",
"modified": "2018-06-13T07:28:23.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--eed786d3-a0f8-4c07-9e05-88f33ff61d59",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-06-13T07:28:24.000Z",
"modified": "2018-06-13T07:28:24.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--11027696-51a5-490c-8a4f-473fd0489c29",
"target_ref": "x-misp-object--50c83155-900b-441a-83d6-2a391a274548"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--bf6a1d0c-3c85-4318-97d1-8cbc2ef91f3e",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-06-13T07:28:25.000Z",
"modified": "2018-06-13T07:28:25.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--5b136ef2-fa8b-46dc-b170-42ff816d565b",
"target_ref": "x-misp-object--aa90e50e-5831-4a40-90ff-abe012c776d8"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--d69b2b64-431e-40e4-b5cf-d86e64d44a3b",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-06-13T07:28:25.000Z",
"modified": "2018-06-13T07:28:25.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--dda87322-1b8c-4646-bc31-7a076d5bc6b4",
"target_ref": "x-misp-object--25746874-1cb9-4718-ba55-35a0bd263c31"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--28fb8078-61b5-4e9e-bb11-8e17dd13bd8a",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-06-13T07:28:25.000Z",
"modified": "2018-06-13T07:28:25.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--7abef902-1194-4ec5-a86e-c8d67e3d6b4f",
"target_ref": "x-misp-object--205f50f6-77e7-43ac-a764-d13afc79e6b8"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeder] updated
2023-12-14 13:47:04 +00:00
"id": "relationship--75ced1d6-7173-412c-9703-83f4d6218b0d",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"created": "2018-06-13T07:28:25.000Z",
"modified": "2018-06-13T07:28:25.000Z",
chg: [feed] added
2023-04-21 13:25:09 +00:00
"relationship_type": "analysed-with",
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"source_ref": "x-misp-object--d7dd0509-3912-4c63-846b-2d8511faaffd",
"target_ref": "x-misp-object--4a34ea3f-eb37-49e5-a937-c0fc11a122e9"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink