{ "type": "bundle", "id": "bundle--56587437-7f08-4381-85bc-a829950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:01.000Z", "modified": "2015-11-27T15:23:01.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56587437-7f08-4381-85bc-a829950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:01.000Z", "modified": "2015-11-27T15:23:01.000Z", "name": "OSINT - Botnet bruteforcing Point Of Sale terminals via Remote Desktop", "published": "2015-11-27T15:23:42Z", "object_refs": [ "observed-data--5658744c-ef14-47e7-9e75-d063950d210b", "url--5658744c-ef14-47e7-9e75-d063950d210b", "indicator--5658748b-05c4-4f39-aa39-d062950d210b", "indicator--5658748b-d880-4c69-b339-d062950d210b", "indicator--5658748c-65ec-4a2f-b54a-d062950d210b", "indicator--565874ad-f07c-4566-ac03-d063950d210b", "indicator--56587556-015c-403f-b13d-d8c7950d210b", "indicator--56587556-2aec-4136-a47c-d8c7950d210b", "observed-data--56587556-f56c-4a2e-a8a9-d8c7950d210b", "url--56587556-f56c-4a2e-a8a9-d8c7950d210b", "indicator--56587557-ade0-4c81-9d2c-d8c7950d210b", "indicator--56587557-e36c-4e34-95a4-d8c7950d210b", "observed-data--56587558-6980-4313-b36d-d8c7950d210b", "url--56587558-6980-4313-b36d-d8c7950d210b", "indicator--56587558-7c28-496f-acc2-d8c7950d210b", "indicator--56587558-87ec-4a37-8c00-d8c7950d210b", "observed-data--56587559-32b0-46d1-9223-d8c7950d210b", "url--56587559-32b0-46d1-9223-d8c7950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5658744c-ef14-47e7-9e75-d063950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:18:36.000Z", "modified": "2015-11-27T15:18:36.000Z", "first_observed": "2015-11-27T15:18:36Z", "last_observed": "2015-11-27T15:18:36Z", "number_observed": 1, "object_refs": [ "url--5658744c-ef14-47e7-9e75-d063950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5658744c-ef14-47e7-9e75-d063950d210b", "value": "https://www.alienvault.com/open-threat-exchange/blog/botnet-bruteforcing-point-of-sale-via-remote-desktop" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5658748b-05c4-4f39-aa39-d062950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:19:39.000Z", "modified": "2015-11-27T15:19:39.000Z", "pattern": "[file:hashes.MD5 = 'c1fab4a0b7f4404baf8eab4d58b1f821']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:19:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5658748b-d880-4c69-b339-d062950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:19:39.000Z", "modified": "2015-11-27T15:19:39.000Z", "pattern": "[file:hashes.MD5 = 'c0c1f1a69a1b59c6f2dab18135a73919']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:19:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5658748c-65ec-4a2f-b54a-d062950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:19:40.000Z", "modified": "2015-11-27T15:19:40.000Z", "pattern": "[file:hashes.MD5 = '08863d484b1ebe6359144c9a8d8027c0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:19:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--565874ad-f07c-4566-ac03-d063950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:20:13.000Z", "modified": "2015-11-27T15:20:13.000Z", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.154.54.42']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:20:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56587556-015c-403f-b13d-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:02.000Z", "modified": "2015-11-27T15:23:02.000Z", "description": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0", "pattern": "[file:hashes.SHA256 = '7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:23:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56587556-2aec-4136-a47c-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:02.000Z", "modified": "2015-11-27T15:23:02.000Z", "description": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0", "pattern": "[file:hashes.SHA1 = 'fb357bb5d9c2de75afa69bfec8c22041b02e03df']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:23:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56587556-f56c-4a2e-a8a9-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:02.000Z", "modified": "2015-11-27T15:23:02.000Z", "first_observed": "2015-11-27T15:23:02Z", "last_observed": "2015-11-27T15:23:02Z", "number_observed": 1, "object_refs": [ "url--56587556-f56c-4a2e-a8a9-d8c7950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56587556-f56c-4a2e-a8a9-d8c7950d210b", "value": "https://www.virustotal.com/file/7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713/analysis/1445904969/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56587557-ade0-4c81-9d2c-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:03.000Z", "modified": "2015-11-27T15:23:03.000Z", "description": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919", "pattern": "[file:hashes.SHA256 = '4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:23:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56587557-e36c-4e34-95a4-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:03.000Z", "modified": "2015-11-27T15:23:03.000Z", "description": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919", "pattern": "[file:hashes.SHA1 = 'e284b886851623a944e6f3d8507314b3217935ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:23:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56587558-6980-4313-b36d-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:04.000Z", "modified": "2015-11-27T15:23:04.000Z", "first_observed": "2015-11-27T15:23:04Z", "last_observed": "2015-11-27T15:23:04Z", "number_observed": 1, "object_refs": [ "url--56587558-6980-4313-b36d-d8c7950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56587558-6980-4313-b36d-d8c7950d210b", "value": "https://www.virustotal.com/file/4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a/analysis/1445913257/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56587558-7c28-496f-acc2-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:04.000Z", "modified": "2015-11-27T15:23:04.000Z", "description": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821", "pattern": "[file:hashes.SHA256 = '47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:23:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56587558-87ec-4a37-8c00-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:04.000Z", "modified": "2015-11-27T15:23:04.000Z", "description": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821", "pattern": "[file:hashes.SHA1 = 'f63479cd40b56652721a95f059dedfb96478bbaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-11-27T15:23:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56587559-32b0-46d1-9223-d8c7950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-11-27T15:23:05.000Z", "modified": "2015-11-27T15:23:05.000Z", "first_observed": "2015-11-27T15:23:05Z", "last_observed": "2015-11-27T15:23:05Z", "number_observed": 1, "object_refs": [ "url--56587559-32b0-46d1-9223-d8c7950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56587559-32b0-46d1-9223-d8c7950d210b", "value": "https://www.virustotal.com/file/47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0/analysis/1408612721/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }