adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/596724b6-83dc-417f-962a-4cc8950d210f.json

307 lines
13 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--596724b6-83dc-417f-962a-4cc8950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:31.000Z",
"modified": "2017-07-13T08:17:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--596724b6-83dc-417f-962a-4cc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:31.000Z",
"modified": "2017-07-13T08:17:31.000Z",
"name": "OSINT - LockPoS Joins the Flock",
"published": "2017-07-13T08:17:56Z",
"object_refs": [
"observed-data--5967252b-5fe0-4a7d-8d4d-44ff950d210f",
"url--5967252b-5fe0-4a7d-8d4d-44ff950d210f",
"x-misp-attribute--5967254e-9ac8-45bc-8b14-417b950d210f",
"x-misp-attribute--59672c22-9c8c-4123-a747-4ad1950d210f",
"indicator--59672c3f-6678-412c-a543-436b950d210f",
"indicator--59672c67-e798-4996-9533-45a1950d210f",
"indicator--59672c87-d8d0-4cf5-92ac-427002de0b81",
"indicator--59672c87-8068-45a5-8285-472102de0b81",
"observed-data--59672c88-e380-4b6f-9a68-4ec202de0b81",
"url--59672c88-e380-4b6f-9a68-4ec202de0b81",
"indicator--59672c88-67fc-4e04-9113-4f1302de0b81",
"indicator--59672c88-c918-456d-b4d4-4ab202de0b81",
"observed-data--59672c88-d000-4c09-b3e8-464002de0b81",
"url--59672c88-d000-4c09-b3e8-464002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5967252b-5fe0-4a7d-8d4d-44ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:31.000Z",
"modified": "2017-07-13T08:17:31.000Z",
"first_observed": "2017-07-13T08:17:31Z",
"last_observed": "2017-07-13T08:17:31Z",
"number_observed": 1,
"object_refs": [
"url--5967252b-5fe0-4a7d-8d4d-44ff950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5967252b-5fe0-4a7d-8d4d-44ff950d210f",
"value": "https://www.arbornetworks.com/blog/asert/lockpos-joins-flock/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5967254e-9ac8-45bc-8b14-417b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:31.000Z",
"modified": "2017-07-13T08:17:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "While revisiting a Flokibot campaign that was targeting point of sale (PoS) systems in Brazil earlier this year, we discovered something interesting. One of the command and control (C2) servers that had been dormant for quite some time had suddenly woken up and started distributing what looks to be a new PoS malware family we\u00e2\u20ac\u2122re calling LockPoS. This post opens the lock up and takes a look inside."
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59672c22-9c8c-4123-a747-4ad1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:11.000Z",
"modified": "2017-07-13T08:17:11.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "%USERPROFILE%\\Desktop\\key\\dropper\\Release\\dropper.pdb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59672c3f-6678-412c-a543-436b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:11.000Z",
"modified": "2017-07-13T08:17:11.000Z",
"pattern": "[file:hashes.SHA256 = 'a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-13T08:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59672c67-e798-4996-9533-45a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:11.000Z",
"modified": "2017-07-13T08:17:11.000Z",
"pattern": "[file:hashes.SHA256 = '93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-13T08:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59672c87-d8d0-4cf5-92ac-427002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:11.000Z",
"modified": "2017-07-13T08:17:11.000Z",
"description": "- Xchecked via VT: a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa",
"pattern": "[file:hashes.SHA1 = 'f9484baf6f7194248a388d41dfd06543b3dc5d26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-13T08:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59672c87-8068-45a5-8285-472102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:11.000Z",
"modified": "2017-07-13T08:17:11.000Z",
"description": "- Xchecked via VT: a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa",
"pattern": "[file:hashes.MD5 = '624f84a9d8979789c630327a6b08c7c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-13T08:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59672c88-e380-4b6f-9a68-4ec202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:12.000Z",
"modified": "2017-07-13T08:17:12.000Z",
"first_observed": "2017-07-13T08:17:12Z",
"last_observed": "2017-07-13T08:17:12Z",
"number_observed": 1,
"object_refs": [
"url--59672c88-e380-4b6f-9a68-4ec202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59672c88-e380-4b6f-9a68-4ec202de0b81",
"value": "https://www.virustotal.com/file/a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa/analysis/1499924910/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59672c88-67fc-4e04-9113-4f1302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:12.000Z",
"modified": "2017-07-13T08:17:12.000Z",
"description": "- Xchecked via VT: 93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488",
"pattern": "[file:hashes.SHA1 = '419311da2ef6b2a9ca27dba3241a0d62a4e25848']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-13T08:17:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59672c88-c918-456d-b4d4-4ab202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:12.000Z",
"modified": "2017-07-13T08:17:12.000Z",
"description": "- Xchecked via VT: 93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488",
"pattern": "[file:hashes.MD5 = '3d0f6367f1fedfc08734b35200c7abf9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-13T08:17:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59672c88-d000-4c09-b3e8-464002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-07-13T08:17:12.000Z",
"modified": "2017-07-13T08:17:12.000Z",
"first_observed": "2017-07-13T08:17:12Z",
"last_observed": "2017-07-13T08:17:12Z",
"number_observed": 1,
"object_refs": [
"url--59672c88-d000-4c09-b3e8-464002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59672c88-d000-4c09-b3e8-464002de0b81",
"value": "https://www.virustotal.com/file/93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488/analysis/1499919639/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink