misp-circl-feed/feeds/circl/misp/596724b6-83dc-417f-962a-4cc8950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-07-13",
    "extends_uuid": "",
    "info": "OSINT - LockPoS Joins the Flock",
    "publish_timestamp": "1499933876",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1499933851",
    "uuid": "596724b6-83dc-417f-962a-4cc8950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#00223b",
        "local": false,
        "name": "osint:source-type=\"blog-post\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933851",
        "to_ids": false,
        "type": "link",
        "uuid": "5967252b-5fe0-4a7d-8d4d-44ff950d210f",
        "value": "https://www.arbornetworks.com/blog/asert/lockpos-joins-flock/",
        "Tag": [
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933851",
        "to_ids": false,
        "type": "text",
        "uuid": "5967254e-9ac8-45bc-8b14-417b950d210f",
        "value": "While revisiting a Flokibot campaign that was targeting point of sale (PoS) systems in Brazil earlier this year, we discovered something interesting. One of the command and control (C2) servers that had been dormant for quite some time had suddenly woken up and started distributing what looks to be a new PoS malware family we\u00e2\u20ac\u2122re calling LockPoS. This post opens the lock up and takes a look inside.",
        "Tag": [
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933831",
        "to_ids": true,
        "type": "pdb",
        "uuid": "59672c22-9c8c-4123-a747-4ad1950d210f",
        "value": "%USERPROFILE%\\Desktop\\key\\dropper\\Release\\dropper.pdb"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933831",
        "to_ids": true,
        "type": "sha256",
        "uuid": "59672c3f-6678-412c-a543-436b950d210f",
        "value": "a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa"
      },
      {
        "category": "Payload delivery",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933831",
        "to_ids": true,
        "type": "sha256",
        "uuid": "59672c67-e798-4996-9533-45a1950d210f",
        "value": "93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933831",
        "to_ids": true,
        "type": "sha1",
        "uuid": "59672c87-d8d0-4cf5-92ac-427002de0b81",
        "value": "f9484baf6f7194248a388d41dfd06543b3dc5d26"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933831",
        "to_ids": true,
        "type": "md5",
        "uuid": "59672c87-8068-45a5-8285-472102de0b81",
        "value": "624f84a9d8979789c630327a6b08c7c6"
      },
      {
        "category": "External analysis",
        "comment": "- Xchecked via VT: a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933832",
        "to_ids": false,
        "type": "link",
        "uuid": "59672c88-e380-4b6f-9a68-4ec202de0b81",
        "value": "https://www.virustotal.com/file/a970842fc7c221fade06c54551c000c0bc494e9e188deb9c570be7c6f95284fa/analysis/1499924910/"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933832",
        "to_ids": true,
        "type": "sha1",
        "uuid": "59672c88-67fc-4e04-9113-4f1302de0b81",
        "value": "419311da2ef6b2a9ca27dba3241a0d62a4e25848"
      },
      {
        "category": "Payload delivery",
        "comment": "- Xchecked via VT: 93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933832",
        "to_ids": true,
        "type": "md5",
        "uuid": "59672c88-c918-456d-b4d4-4ab202de0b81",
        "value": "3d0f6367f1fedfc08734b35200c7abf9"
      },
      {
        "category": "External analysis",
        "comment": "- Xchecked via VT: 93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1499933832",
        "to_ids": false,
        "type": "link",
        "uuid": "59672c88-d000-4c09-b3e8-464002de0b81",
        "value": "https://www.virustotal.com/file/93c11f9b87b2b04f8dadb6a579e2046a69073a244fd4a71a10b1f1fbff36c488/analysis/1499919639/"
      }
    ]
  }
}