misp-circl-feed/feeds/circl/misp/56587437-7f08-4381-85bc-a829950d210b.json

396 lines
No EOL
16 KiB
JSON

{
"type": "bundle",
"id": "bundle--56587437-7f08-4381-85bc-a829950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:01.000Z",
"modified": "2015-11-27T15:23:01.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56587437-7f08-4381-85bc-a829950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:01.000Z",
"modified": "2015-11-27T15:23:01.000Z",
"name": "OSINT - Botnet bruteforcing Point Of Sale terminals via Remote Desktop",
"published": "2015-11-27T15:23:42Z",
"object_refs": [
"observed-data--5658744c-ef14-47e7-9e75-d063950d210b",
"url--5658744c-ef14-47e7-9e75-d063950d210b",
"indicator--5658748b-05c4-4f39-aa39-d062950d210b",
"indicator--5658748b-d880-4c69-b339-d062950d210b",
"indicator--5658748c-65ec-4a2f-b54a-d062950d210b",
"indicator--565874ad-f07c-4566-ac03-d063950d210b",
"indicator--56587556-015c-403f-b13d-d8c7950d210b",
"indicator--56587556-2aec-4136-a47c-d8c7950d210b",
"observed-data--56587556-f56c-4a2e-a8a9-d8c7950d210b",
"url--56587556-f56c-4a2e-a8a9-d8c7950d210b",
"indicator--56587557-ade0-4c81-9d2c-d8c7950d210b",
"indicator--56587557-e36c-4e34-95a4-d8c7950d210b",
"observed-data--56587558-6980-4313-b36d-d8c7950d210b",
"url--56587558-6980-4313-b36d-d8c7950d210b",
"indicator--56587558-7c28-496f-acc2-d8c7950d210b",
"indicator--56587558-87ec-4a37-8c00-d8c7950d210b",
"observed-data--56587559-32b0-46d1-9223-d8c7950d210b",
"url--56587559-32b0-46d1-9223-d8c7950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5658744c-ef14-47e7-9e75-d063950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:18:36.000Z",
"modified": "2015-11-27T15:18:36.000Z",
"first_observed": "2015-11-27T15:18:36Z",
"last_observed": "2015-11-27T15:18:36Z",
"number_observed": 1,
"object_refs": [
"url--5658744c-ef14-47e7-9e75-d063950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5658744c-ef14-47e7-9e75-d063950d210b",
"value": "https://www.alienvault.com/open-threat-exchange/blog/botnet-bruteforcing-point-of-sale-via-remote-desktop"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5658748b-05c4-4f39-aa39-d062950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:19:39.000Z",
"modified": "2015-11-27T15:19:39.000Z",
"pattern": "[file:hashes.MD5 = 'c1fab4a0b7f4404baf8eab4d58b1f821']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:19:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5658748b-d880-4c69-b339-d062950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:19:39.000Z",
"modified": "2015-11-27T15:19:39.000Z",
"pattern": "[file:hashes.MD5 = 'c0c1f1a69a1b59c6f2dab18135a73919']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:19:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5658748c-65ec-4a2f-b54a-d062950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:19:40.000Z",
"modified": "2015-11-27T15:19:40.000Z",
"pattern": "[file:hashes.MD5 = '08863d484b1ebe6359144c9a8d8027c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:19:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--565874ad-f07c-4566-ac03-d063950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:20:13.000Z",
"modified": "2015-11-27T15:20:13.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.154.54.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:20:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56587556-015c-403f-b13d-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:02.000Z",
"modified": "2015-11-27T15:23:02.000Z",
"description": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0",
"pattern": "[file:hashes.SHA256 = '7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:23:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56587556-2aec-4136-a47c-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:02.000Z",
"modified": "2015-11-27T15:23:02.000Z",
"description": "- Xchecked via VT: 08863d484b1ebe6359144c9a8d8027c0",
"pattern": "[file:hashes.SHA1 = 'fb357bb5d9c2de75afa69bfec8c22041b02e03df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:23:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56587556-f56c-4a2e-a8a9-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:02.000Z",
"modified": "2015-11-27T15:23:02.000Z",
"first_observed": "2015-11-27T15:23:02Z",
"last_observed": "2015-11-27T15:23:02Z",
"number_observed": 1,
"object_refs": [
"url--56587556-f56c-4a2e-a8a9-d8c7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56587556-f56c-4a2e-a8a9-d8c7950d210b",
"value": "https://www.virustotal.com/file/7170a07bcb5b0467a75cbd17a1a1877aec3c8ea43c45d3bed6ab5e6c95a62713/analysis/1445904969/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56587557-ade0-4c81-9d2c-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:03.000Z",
"modified": "2015-11-27T15:23:03.000Z",
"description": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919",
"pattern": "[file:hashes.SHA256 = '4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:23:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56587557-e36c-4e34-95a4-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:03.000Z",
"modified": "2015-11-27T15:23:03.000Z",
"description": "- Xchecked via VT: c0c1f1a69a1b59c6f2dab18135a73919",
"pattern": "[file:hashes.SHA1 = 'e284b886851623a944e6f3d8507314b3217935ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:23:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56587558-6980-4313-b36d-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:04.000Z",
"modified": "2015-11-27T15:23:04.000Z",
"first_observed": "2015-11-27T15:23:04Z",
"last_observed": "2015-11-27T15:23:04Z",
"number_observed": 1,
"object_refs": [
"url--56587558-6980-4313-b36d-d8c7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56587558-6980-4313-b36d-d8c7950d210b",
"value": "https://www.virustotal.com/file/4f130a35f440fe0662b4d22844996e3f8bc74693e7c7ce69a5d4789bc36e6c4a/analysis/1445913257/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56587558-7c28-496f-acc2-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:04.000Z",
"modified": "2015-11-27T15:23:04.000Z",
"description": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821",
"pattern": "[file:hashes.SHA256 = '47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:23:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56587558-87ec-4a37-8c00-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:04.000Z",
"modified": "2015-11-27T15:23:04.000Z",
"description": "- Xchecked via VT: c1fab4a0b7f4404baf8eab4d58b1f821",
"pattern": "[file:hashes.SHA1 = 'f63479cd40b56652721a95f059dedfb96478bbaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-11-27T15:23:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56587559-32b0-46d1-9223-d8c7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-11-27T15:23:05.000Z",
"modified": "2015-11-27T15:23:05.000Z",
"first_observed": "2015-11-27T15:23:05Z",
"last_observed": "2015-11-27T15:23:05Z",
"number_observed": 1,
"object_refs": [
"url--56587559-32b0-46d1-9223-d8c7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56587559-32b0-46d1-9223-d8c7950d210b",
"value": "https://www.virustotal.com/file/47f5b249f9a7524f908dfaf16102d3acc9dd4154ff8e8a8b8d96ac49ebef26a0/analysis/1408612721/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}