633 lines
21 KiB
JSON
633 lines
21 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2024-08-23",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - NGate Android malware relays NFC traffic to steal cash",
|
||
|
"publish_timestamp": "1724415888",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1724415650",
|
||
|
"uuid": "3594b211-1c7c-4e20-8c85-62564c2e7267",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:sector=\"Finance\"",
|
||
|
"relationship_type": "targets"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:sector=\"Retail\"",
|
||
|
"relationship_type": "targets"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"",
|
||
|
"relationship_type": "uses"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"local": false,
|
||
|
"name": "type:OSINT",
|
||
|
"relationship_type": ""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0071c3",
|
||
|
"local": false,
|
||
|
"name": "osint:lifetime=\"perpetual\"",
|
||
|
"relationship_type": ""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#0087e8",
|
||
|
"local": false,
|
||
|
"name": "osint:certainty=\"50\"",
|
||
|
"relationship_type": ""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"local": false,
|
||
|
"name": "tlp:white",
|
||
|
"relationship_type": ""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"local": false,
|
||
|
"name": "tlp:clear",
|
||
|
"relationship_type": ""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "NGate C&C server.",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1724414986",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "c778b40f-401f-477c-acc0-1ac6326f4828",
|
||
|
"value": "172.187.98.211"
|
||
|
}
|
||
|
],
|
||
|
"Object": [
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "Report object to describe a report along with its metadata.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "report",
|
||
|
"template_uuid": "70a68471-df22-4e3f-aa1a-5a3be19f82df",
|
||
|
"template_version": "8",
|
||
|
"timestamp": "1724414846",
|
||
|
"uuid": "b664e0c0-e94c-4811-813b-591ab0fa6230",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "link",
|
||
|
"timestamp": "1724414846",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "404f429d-75fe-45c5-a62f-d025e478fe8b",
|
||
|
"value": "https://www.welivesecurity.com/en/eset-research/ngate-android-malware-relays-nfc-traffic-to-steal-cash/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "summary",
|
||
|
"timestamp": "1724414846",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "390e6769-ecd7-4a0e-9dfa-5e095f8f1735",
|
||
|
"value": "Android malware discovered by ESET Research relays NFC data from victims\u2019 payment cards, via victims\u2019 mobile phones, to the device of a perpetrator waiting at an ATM"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "title",
|
||
|
"timestamp": "1724414846",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "cc82d712-5537-4376-a7b1-9391a174d286",
|
||
|
"value": "NGate Android malware relays NFC traffic to steal cash"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": true,
|
||
|
"object_relation": "type",
|
||
|
"timestamp": "1724414846",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "e434a86a-c69b-4506-bc04-c1e04c66e284",
|
||
|
"value": "Blog"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "NGate distribution website.",
|
||
|
"deleted": false,
|
||
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
||
|
"meta-category": "network",
|
||
|
"name": "ip-port",
|
||
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1724414934",
|
||
|
"uuid": "670685e7-856e-457a-ab8b-5d50b99c951d",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ip",
|
||
|
"timestamp": "1724414934",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "67064af6-5c07-45a4-b8e1-baa8b40fcb4e",
|
||
|
"value": "91.222.136.153"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "domain",
|
||
|
"timestamp": "1724414934",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "9439ed21-eb5f-4f98-a5de-e330c46fd8ec",
|
||
|
"value": "raiffeisen-cz.eu"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "Phishing website.",
|
||
|
"deleted": false,
|
||
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
||
|
"meta-category": "network",
|
||
|
"name": "ip-port",
|
||
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1724414957",
|
||
|
"uuid": "8a1c1eaf-fb1f-4192-bfb3-e39ccdcb15b3",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ip",
|
||
|
"timestamp": "1724414957",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "3c88f7a9-0be0-4ac0-8867-fdec41a04901",
|
||
|
"value": "104.21.7.213"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "hostname",
|
||
|
"timestamp": "1724414957",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "891a583a-d494-4cce-b2d4-db2acc88093c",
|
||
|
"value": "client.nfcpay.workers.dev"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "NGate distribution website.",
|
||
|
"deleted": false,
|
||
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
||
|
"meta-category": "network",
|
||
|
"name": "ip-port",
|
||
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1724415006",
|
||
|
"uuid": "2a96d936-8d8e-4833-a84c-995747fcea47",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ip",
|
||
|
"timestamp": "1724415006",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "9846f6cb-d2c0-49e2-9447-631031dc3f4a",
|
||
|
"value": "185.104.45.51"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "hostname",
|
||
|
"timestamp": "1724415006",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "1fe9e1b1-6099-4bfb-90b9-6a53620cdfec",
|
||
|
"value": "app.mobil-csob-cz.eu"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "NGate C&C server.",
|
||
|
"deleted": false,
|
||
|
"description": "An IP address (or domain or hostname) and a port seen as a tuple (or as a triple) in a specific time frame.",
|
||
|
"meta-category": "network",
|
||
|
"name": "ip-port",
|
||
|
"template_uuid": "9f8cea74-16fe-4968-a2b4-026676949ac6",
|
||
|
"template_version": "9",
|
||
|
"timestamp": "1724415045",
|
||
|
"uuid": "f7ef3692-2d4f-4e0f-80c0-cc96e626c3a9",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "ip",
|
||
|
"timestamp": "1724415045",
|
||
|
"to_ids": true,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "32acdd39-eee2-45a0-b41f-5e98ab0d1244",
|
||
|
"value": "185.181.165.124"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "hostname",
|
||
|
"timestamp": "1724415045",
|
||
|
"to_ids": true,
|
||
|
"type": "hostname",
|
||
|
"uuid": "68095d80-8f97-4858-b0b2-3b3d20f85c2f",
|
||
|
"value": "nfc.cryptomaker.info"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "An object defining a singular attack-step. Especially useful for red/purple teaming, but can also be used for actual attacks.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "attack-step",
|
||
|
"template_uuid": "F86CD6C4-B89D-454A-95C1-165D456D8A74",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1724415189",
|
||
|
"uuid": "6b219eb5-41e8-469a-8cc5-3ecb54a84332",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "description",
|
||
|
"timestamp": "1724415189",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "a0e43ef8-1ed3-46d7-9742-a751e6f1d736",
|
||
|
"value": "NGate has been distributed using dedicated websites impersonating legitimate services.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"",
|
||
|
"relationship_type": ""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "key-step",
|
||
|
"timestamp": "1724415169",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "2a5ae6e7-da1b-4f94-8e4e-3ff43cb675e0",
|
||
|
"value": "1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "succesful",
|
||
|
"timestamp": "1724415169",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "74a75b4d-d19d-42d2-b230-61e85138eb58",
|
||
|
"value": "1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "An object defining a singular attack-step. Especially useful for red/purple teaming, but can also be used for actual attacks.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "attack-step",
|
||
|
"template_uuid": "F86CD6C4-B89D-454A-95C1-165D456D8A74",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1724415284",
|
||
|
"uuid": "56c8a4e9-c52a-4377-8def-71524d6b8715",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "description",
|
||
|
"timestamp": "1724415284",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "4f6963ef-3bb5-4bdb-b40d-6178126bcc06",
|
||
|
"value": "NGate tries to obtain victims\u2019 sensitive information via a phishing WebView pretending to be a banking service.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"GUI Input Capture - T1417.002\"",
|
||
|
"relationship_type": ""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "key-step",
|
||
|
"timestamp": "1724415235",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "7c4f878d-1b89-47bb-a7f0-b1c868133688",
|
||
|
"value": "1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "succesful",
|
||
|
"timestamp": "1724415235",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "fed9ae65-503d-45c2-80df-d43e39285885",
|
||
|
"value": "1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "An object defining a singular attack-step. Especially useful for red/purple teaming, but can also be used for actual attacks.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "attack-step",
|
||
|
"template_uuid": "F86CD6C4-B89D-454A-95C1-165D456D8A74",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1724415353",
|
||
|
"uuid": "77a91913-41d6-40e8-9cbc-0e989dc54ee6",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "description",
|
||
|
"timestamp": "1724415353",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "da979af4-c499-4610-b1af-7820f3dc628f",
|
||
|
"value": "NGate can extract information about the device including device model, Android version, and information about NFC.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"",
|
||
|
"relationship_type": ""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "key-step",
|
||
|
"timestamp": "1724415322",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "888930cd-782c-4bd9-99c4-2239c6cab3a6",
|
||
|
"value": "1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "succesful",
|
||
|
"timestamp": "1724415322",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "e871cb13-a5d9-4fd5-9f00-288297b6e8f2",
|
||
|
"value": "1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "An object defining a singular attack-step. Especially useful for red/purple teaming, but can also be used for actual attacks.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "attack-step",
|
||
|
"template_uuid": "F86CD6C4-B89D-454A-95C1-165D456D8A74",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1724415428",
|
||
|
"uuid": "6db83e7d-e8b9-4af7-b066-9eeeda3c916c",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "description",
|
||
|
"timestamp": "1724415428",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ca52e318-d16a-49be-b6e2-b7613b6d2a5a",
|
||
|
"value": "NGate uses a JavaScript interface to send and execute commands to compromised devices.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1437.001\"",
|
||
|
"relationship_type": ""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "key-step",
|
||
|
"timestamp": "1724415399",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "b0889480-3b42-4c97-85c3-67f8856d8025",
|
||
|
"value": "1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "succesful",
|
||
|
"timestamp": "1724415399",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "efe0764c-6c26-4c54-af83-8da6d778e745",
|
||
|
"value": "1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "An object defining a singular attack-step. Especially useful for red/purple teaming, but can also be used for actual attacks.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "attack-step",
|
||
|
"template_uuid": "F86CD6C4-B89D-454A-95C1-165D456D8A74",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1724415516",
|
||
|
"uuid": "a7e7a430-0053-4575-b02a-887781f3d366",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "description",
|
||
|
"timestamp": "1724415516",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "7e3569d4-82a3-43c3-a442-49ac998f5f98",
|
||
|
"value": "NGate uses port 5566 to communicate with its server to exfiltrate NFC traffic.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1509\"",
|
||
|
"relationship_type": ""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "key-step",
|
||
|
"timestamp": "1724415482",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "40a6d4dd-fd27-44a0-9b0f-852e35675301",
|
||
|
"value": "1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "succesful",
|
||
|
"timestamp": "1724415482",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "0b72b277-4b84-49bb-81f4-c2e10bf29447",
|
||
|
"value": "1"
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"description": "An object defining a singular attack-step. Especially useful for red/purple teaming, but can also be used for actual attacks.",
|
||
|
"meta-category": "misc",
|
||
|
"name": "attack-step",
|
||
|
"template_uuid": "F86CD6C4-B89D-454A-95C1-165D456D8A74",
|
||
|
"template_version": "1",
|
||
|
"timestamp": "1724415600",
|
||
|
"uuid": "27848d85-df48-41a8-9b49-487e5dead30e",
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "description",
|
||
|
"timestamp": "1724415600",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "ea267d0d-3ec9-48a2-ae63-1fd63f2ee08e",
|
||
|
"value": "NGate can exfiltrate NFC traffic.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#0088cc",
|
||
|
"local": false,
|
||
|
"name": "misp-galaxy:mitre-attack-pattern=\"Out of Band Data - T1644\"",
|
||
|
"relationship_type": ""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "key-step",
|
||
|
"timestamp": "1724415565",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "f82b6eaa-3c80-4c8c-a6dd-beb307454d60",
|
||
|
"value": "1"
|
||
|
},
|
||
|
{
|
||
|
"category": "Other",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"object_relation": "succesful",
|
||
|
"timestamp": "1724415565",
|
||
|
"to_ids": false,
|
||
|
"type": "boolean",
|
||
|
"uuid": "53c9d6b4-1417-4d01-bb55-fec10c3009c4",
|
||
|
"value": "1"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|