misp-circl-feed/feeds/circl/misp/5a38dd78-f12c-4c15-8b98-c4d6950d210f.json

241 lines
No EOL
10 KiB
JSON

{
"type": "bundle",
"id": "bundle--5a38dd78-f12c-4c15-8b98-c4d6950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-10T03:01:02.000Z",
"modified": "2018-02-10T03:01:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a38dd78-f12c-4c15-8b98-c4d6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-10T03:01:02.000Z",
"modified": "2018-02-10T03:01:02.000Z",
"name": "OSINT - GratefulPOS credit card stealing malware - just in time for the shopping season",
"published": "2018-02-16T08:58:00Z",
"object_refs": [
"observed-data--5a38dd89-15bc-4949-9a88-bfca950d210f",
"url--5a38dd89-15bc-4949-9a88-bfca950d210f",
"x-misp-attribute--5a38ddb6-7a90-45be-b13d-bfdb950d210f",
"indicator--5a38de2c-07b4-4e0a-b59b-c4d7950d210f",
"indicator--5a38de56-7040-4dce-a606-bfe1950d210f",
"indicator--5a38de0c-8d9c-4634-8985-bfc8950d210f",
"indicator--d025c9e2-00f6-48d5-8968-8c893e71e157",
"x-misp-object--4ef3034d-1ff0-44b0-8566-0c945e9afd7e",
"relationship--cb3e60d5-04c0-4a6d-85d3-7f968cd78f26"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"circl:incident-classification=\"malware\"",
"riskiq:threat-type=\"credit-card-stealer\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a38dd89-15bc-4949-9a88-bfca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:06:45.000Z",
"modified": "2018-02-09T14:06:45.000Z",
"first_observed": "2018-02-09T14:06:45Z",
"last_observed": "2018-02-09T14:06:45Z",
"number_observed": 1,
"object_refs": [
"url--5a38dd89-15bc-4949-9a88-bfca950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a38dd89-15bc-4949-9a88-bfca950d210f",
"value": "https://community.rsa.com/community/products/netwitness/blog/2017/12/08/gratefulpos-credit-card-stealing-malware-just-in-time-for-the-shopping-season"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a38ddb6-7a90-45be-b13d-bfdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:06:46.000Z",
"modified": "2018-02-09T14:06:46.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Well into the holiday season, people are making their shopping lists, recovering from Black Friday and Cyber Monday, and perhaps contemplating the many things for which they are grateful. Criminals, too, are making their lists, and posturing for the big shopping days ahead. \r\n\r\nThreat researchers are still at work of course, so it was inevitable that FirstWatch contemplated which things credit card stealing criminals--AKA \u00e2\u20ac\u0153carders\u00e2\u20ac\u009d appreciate. This is what we came up with."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a38de2c-07b4-4e0a-b59b-c4d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:06:46.000Z",
"modified": "2018-02-09T14:06:46.000Z",
"description": "GratefulPOS exfiltration domain",
"pattern": "[domain-name:value = 'a193-108-94-56-deploy-akamaitechnologies.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:06:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a38de56-7040-4dce-a606-bfe1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:06:46.000Z",
"modified": "2018-02-09T14:06:46.000Z",
"description": "Current Exfiltration DNS server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.44.135.70']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:06:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a38de0c-8d9c-4634-8985-bfc8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-19T09:39:14.000Z",
"modified": "2017-12-19T09:39:14.000Z",
"description": "GratefulPOS",
"pattern": "[file:hashes.MD5 = '9a58657669bb3075c1103e73a8948a56' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-19T09:39:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d025c9e2-00f6-48d5-8968-8c893e71e157",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:06:50.000Z",
"modified": "2018-02-09T14:06:50.000Z",
"pattern": "[file:hashes.MD5 = '9a58657669bb3075c1103e73a8948a56' AND file:hashes.SHA1 = '17b657174313e3e7ce84c030991a271b66eb0840' AND file:hashes.SHA256 = '5540b8d51f2190c45aaa5212c866c402f834d5988752537c388dcfecdf89f4e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-02-09T14:06:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--4ef3034d-1ff0-44b0-8566-0c945e9afd7e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-02-09T14:06:48.000Z",
"modified": "2018-02-09T14:06:48.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5540b8d51f2190c45aaa5212c866c402f834d5988752537c388dcfecdf89f4e4/analysis/1514451231/",
"category": "External analysis",
"uuid": "5a7daaf8-9988-42f0-9967-23db02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "41/67",
"category": "Other",
"uuid": "5a7daaf9-13b8-4150-841d-23db02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-28T08:53:51",
"category": "Other",
"uuid": "5a7daaf9-10d4-4253-8560-23db02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--cb3e60d5-04c0-4a6d-85d3-7f968cd78f26",
"created": "2018-02-16T08:58:00.000Z",
"modified": "2018-02-16T08:58:00.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d025c9e2-00f6-48d5-8968-8c893e71e157",
"target_ref": "x-misp-object--4ef3034d-1ff0-44b0-8566-0c945e9afd7e"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}