misp-circl-feed/feeds/circl/stix-2.1/568e62b7-0930-4398-a617-4147950d210f.json

1603 lines
68 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--568e62b7-0930-4398-a617-4147950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:25.000Z",
"modified": "2016-01-07T13:10:25.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--568e62b7-0930-4398-a617-4147950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:25.000Z",
"modified": "2016-01-07T13:10:25.000Z",
"name": "OSINT - Android-based Smart TVs Hit By Backdoor Spread Via Malicious App",
"published": "2016-01-07T13:16:54Z",
"object_refs": [
"indicator--568e62e2-2f28-49f9-922c-4e83950d210f",
"indicator--568e62e2-5ca0-4372-a2ec-416f950d210f",
"indicator--568e62e3-eaac-483d-a258-49e5950d210f",
"indicator--568e62e3-b858-4036-b895-418d950d210f",
"indicator--568e62e3-1f14-4777-88a4-4794950d210f",
"x-misp-attribute--568e62f5-5968-4ecd-aa1d-41dd950d210f",
"observed-data--568e6301-9e58-4d9e-9d50-4e9d950d210f",
"url--568e6301-9e58-4d9e-9d50-4e9d950d210f",
"indicator--568e6352-a348-4021-990b-477c950d210f",
"indicator--568e6352-e0dc-40ad-bf4f-424a950d210f",
"indicator--568e6353-0dcc-4534-a13e-4b35950d210f",
"indicator--568e6353-8714-4aa9-b185-4110950d210f",
"indicator--568e6383-119c-4873-83ba-4812950d210f",
"indicator--568e6384-0c50-48d4-9b78-4ff9950d210f",
"indicator--568e6384-77f4-4512-a391-4a53950d210f",
"indicator--568e6384-1608-4f0b-bc59-4b7a950d210f",
"indicator--568e6384-9bd8-4e0e-91c5-4c8d950d210f",
"indicator--568e6385-4588-4e5c-b311-44ee950d210f",
"indicator--568e6385-7e78-4e4e-acd1-4704950d210f",
"indicator--568e6385-f1f8-455e-8f29-4f7d950d210f",
"indicator--568e6386-7f40-4f47-8a4d-4b2b950d210f",
"indicator--568e6386-ae48-4da7-a9c3-40f2950d210f",
"indicator--568e6386-5374-4aee-92f2-4362950d210f",
"indicator--568e6387-1f20-41ae-a99a-4287950d210f",
"indicator--568e6387-a9ec-4b7a-888f-4c72950d210f",
"indicator--568e6387-9a10-4b21-bea4-48d3950d210f",
"indicator--568e6388-0e44-4fae-a102-4992950d210f",
"indicator--568e6388-9b68-4542-a92d-415a950d210f",
"indicator--568e6388-3c38-466f-88e3-456f950d210f",
"indicator--568e6389-8988-40df-a924-4ddf950d210f",
"indicator--568e6389-0730-4d66-9ee9-4bd7950d210f",
"indicator--568e6389-1fac-4445-998f-48cf950d210f",
"indicator--568e6389-08e4-4ba9-ad03-4240950d210f",
"indicator--568e638a-f630-453e-b1f6-40ce950d210f",
"indicator--568e63c1-1f3c-4f86-8fe9-472e02de0b81",
"indicator--568e63c1-e9e8-4778-95f4-4e8902de0b81",
"indicator--568e63c1-86ac-45fa-a825-436c02de0b81",
"indicator--568e63c2-98d0-45c6-aa02-4f1e02de0b81",
"indicator--568e63c2-ce5c-41f6-9f4b-40c802de0b81",
"indicator--568e63c2-e168-47d6-8574-4a3902de0b81",
"indicator--568e63c2-cfa8-44c7-a0b5-4eb102de0b81",
"indicator--568e63c3-fa4c-40ad-9151-4c1d02de0b81",
"indicator--568e63c3-4284-4067-ade4-463e02de0b81",
"indicator--568e63c3-ae30-49f7-8037-486802de0b81",
"indicator--568e63c3-4df4-4e6e-80da-4e8402de0b81",
"indicator--568e63c4-b3e8-4caa-b251-417d02de0b81",
"indicator--568e63c4-8ce4-4fb6-82c0-481b02de0b81",
"indicator--568e63c4-5660-47bd-baa4-48db02de0b81",
"indicator--568e63c4-5348-461f-9774-4aa002de0b81",
"indicator--568e63c5-2350-498b-9e6d-4ee402de0b81",
"indicator--568e63c5-e294-48ca-86c3-4e2102de0b81",
"indicator--568e63c5-3dbc-4201-b241-4f2d02de0b81",
"indicator--568e63c5-a654-4cc5-a8a2-445902de0b81",
"indicator--568e63c6-6e88-4ac6-b70f-42a802de0b81",
"indicator--568e63c6-01ac-4fd0-85cb-44f102de0b81",
"indicator--568e63c6-eef4-42e1-bf5a-424002de0b81",
"indicator--568e63c6-5bf8-4768-81d2-4a7b02de0b81",
"indicator--568e63c7-f144-40eb-b943-48b802de0b81",
"indicator--568e63c7-eb40-44c7-821e-4aa902de0b81",
"indicator--568e63c7-8274-4b09-a7c4-49cb02de0b81",
"indicator--568e63c7-8e90-42a2-a409-43e702de0b81",
"indicator--568e63c8-74e8-4ae2-954d-4bed02de0b81",
"indicator--568e63c8-be7c-45c2-af72-486b02de0b81",
"indicator--568e63c8-f2fc-4aa2-8122-422a02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e62e2-2f28-49f9-922c-4e83950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:06:42.000Z",
"modified": "2016-01-07T13:06:42.000Z",
"description": "Sites that serve malware to smart TVs",
"pattern": "[url:value = 'http://pf3a.res4f.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e62e2-5ca0-4372-a2ec-416f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:06:42.000Z",
"modified": "2016-01-07T13:06:42.000Z",
"description": "Sites that serve malware to smart TVs",
"pattern": "[url:value = 'http://www.htvmarket.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e62e3-eaac-483d-a258-49e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:06:43.000Z",
"modified": "2016-01-07T13:06:43.000Z",
"description": "Sites that serve malware to smart TVs",
"pattern": "[url:value = 'http://mak.wak2p.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e62e3-b858-4036-b895-418d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:06:43.000Z",
"modified": "2016-01-07T13:06:43.000Z",
"description": "Sites that serve malware to smart TVs",
"pattern": "[url:value = 'http://wh.waks2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e62e3-1f14-4777-88a4-4794950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:06:43.000Z",
"modified": "2016-01-07T13:06:43.000Z",
"description": "Sites that serve malware to smart TVs",
"pattern": "[url:value = 'https://sites.google.com/site/htvfanshare/2012summer_collection']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--568e62f5-5968-4ecd-aa1d-41dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:07:01.000Z",
"modified": "2016-01-07T13:07:01.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "With the year-end shopping season over, many consumers now have new various smart gadgets in their homes. One particularly popular usage of this so-called Internet of Things (IoT) are smart TVs. These TVs are more than just passive display devices; many of them can even run Android apps as well. Some may find these features useful, but these capabilities bring their own risks. (This was something we noted two years ago when we first looked some of the issues of smart TVs.)\r\n\r\nApps that allow users to watch channels from other parts of the world (that would otherwise be unavailable via other methods) are something that many users would find useful. However, some of these apps may put users at risk. These apps contain a backdoor that abuses an old flaw (CVE-2014-7911) in Android versions before Lollipop 5.0 (Cupcake 1.5 to Kitkat 4.4W.2). (We detect these malicious apps as ANDROIDOS_ROOTSTV.A.)\r\n\r\nMost smart TVs today use older versions of Android, which still contain this flaw. TV brands that sell vulnerable smart TVs include Changhong, Konka, Mi, Philips, Panasonic, and Sharp. In addition, other Android devices with older versions installed are also at risk: it just happens to be that because of these kinds of apps are mainly used in smart TVs or smart TV boxes."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--568e6301-9e58-4d9e-9d50-4e9d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:07:13.000Z",
"modified": "2016-01-07T13:07:13.000Z",
"first_observed": "2016-01-07T13:07:13Z",
"last_observed": "2016-01-07T13:07:13Z",
"number_observed": 1,
"object_refs": [
"url--568e6301-9e58-4d9e-9d50-4e9d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--568e6301-9e58-4d9e-9d50-4e9d950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-based-smart-tvs-hit-by-backdoor-spread-via-malicious-app/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6352-a348-4021-990b-477c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:08:34.000Z",
"modified": "2016-01-07T13:08:34.000Z",
"description": "In addition to the websites above, the malware also uses the following download server",
"pattern": "[domain-name:value = 'meiz.le2ui.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:08:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6352-e0dc-40ad-bf4f-424a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:08:34.000Z",
"modified": "2016-01-07T13:08:34.000Z",
"description": "In addition to the websites above, the malware also uses the following download server",
"pattern": "[url:value = 'http://meiz.le2ui.com:80/marketdatas/apk/chinesevideo2.11.1.apk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:08:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6353-0dcc-4534-a13e-4b35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:08:35.000Z",
"modified": "2016-01-07T13:08:35.000Z",
"description": "In addition to the websites above, the malware also uses the following download server",
"pattern": "[domain-name:value = 'yaz.e3wsv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:08:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6353-8714-4aa9-b185-4110950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:08:35.000Z",
"modified": "2016-01-07T13:08:35.000Z",
"description": "In addition to the websites above, the malware also uses the following download server",
"pattern": "[url:value = 'http://yaz.e3wsv.com:80/marketdatas/apk/chinesevideo2.11.1.apk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:08:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6383-119c-4873-83ba-4812950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:23.000Z",
"modified": "2016-01-07T13:09:23.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '019d4326d3340609b3f8326d51e031cafc6bf9a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6384-0c50-48d4-9b78-4ff9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:24.000Z",
"modified": "2016-01-07T13:09:24.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '01a0b3fbf3e4e840e6aa441353ff29e4c5bf3e10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6384-77f4-4512-a391-4a53950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:24.000Z",
"modified": "2016-01-07T13:09:24.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '0637b9116af595e7451dea655a05c32aa89fcbdb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6384-1608-4f0b-bc59-4b7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:24.000Z",
"modified": "2016-01-07T13:09:24.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '069138865d4a58b3683f1aa687408b40c92fe9cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6384-9bd8-4e0e-91c5-4c8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:24.000Z",
"modified": "2016-01-07T13:09:24.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '0937b9598a58c6fad80c8e41f08e11e6d036d4b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6385-4588-4e5c-b311-44ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:25.000Z",
"modified": "2016-01-07T13:09:25.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '0c6a075e0cf4e94d57afe085d39423400fa88b7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6385-7e78-4e4e-acd1-4704950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:25.000Z",
"modified": "2016-01-07T13:09:25.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '2bbcf7511d6953a64f4284f2454dce119bd1063e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6385-f1f8-455e-8f29-4f7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:25.000Z",
"modified": "2016-01-07T13:09:25.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '2daabbe1d2213594c2a8017401f4fa82e24a2475']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6386-7f40-4f47-8a4d-4b2b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:26.000Z",
"modified": "2016-01-07T13:09:26.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '396cb2137a6cd6880c96035464712513f44d52b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6386-ae48-4da7-a9c3-40f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:26.000Z",
"modified": "2016-01-07T13:09:26.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '3fd7f0b2e8249ff5f08a82f5df003f2713744824']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6386-5374-4aee-92f2-4362950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:26.000Z",
"modified": "2016-01-07T13:09:26.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '583722e9c6bbbf78d7d4d9689679d22ff6a2c4e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6387-1f20-41ae-a99a-4287950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:27.000Z",
"modified": "2016-01-07T13:09:27.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '6357da20ed2661d9b8943275c515c3bd6b9b46c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6387-a9ec-4b7a-888f-4c72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:27.000Z",
"modified": "2016-01-07T13:09:27.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '8f999a80497bc29f633301f7f96489fe9be4eab5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6387-9a10-4b21-bea4-48d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:27.000Z",
"modified": "2016-01-07T13:09:27.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '9434f41147eb7259dcf4f1dd8ed7d1209b1546b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6388-0e44-4fae-a102-4992950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:28.000Z",
"modified": "2016-01-07T13:09:28.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = '9ecbff5df641da74910439aefd4ab0596afaff6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6388-9b68-4542-a92d-415a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:28.000Z",
"modified": "2016-01-07T13:09:28.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = 'a54341b76b88034de6a47bb5904e6c01c53f3cc4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6388-3c38-466f-88e3-456f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:28.000Z",
"modified": "2016-01-07T13:09:28.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = 'bde06adde1d6f4ac3a1865a4314ca45ca807b39c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6389-8988-40df-a924-4ddf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:29.000Z",
"modified": "2016-01-07T13:09:29.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = 'd1af06e54e294dbc106c03650ac8a556c1b1e1e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6389-0730-4d66-9ee9-4bd7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:29.000Z",
"modified": "2016-01-07T13:09:29.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = 'd1f005e07d5369230d2624de94cfcbdad14cd914']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6389-1fac-4445-998f-48cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:29.000Z",
"modified": "2016-01-07T13:09:29.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = 'd3ab0dd0ac28181e0c531909460dcdd417178d2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e6389-08e4-4ba9-ad03-4240950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:29.000Z",
"modified": "2016-01-07T13:09:29.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = 'dbf3a4d820db3974edc8063d852afa40217a9750']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e638a-f630-453e-b1f6-40ce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:09:30.000Z",
"modified": "2016-01-07T13:09:30.000Z",
"description": "Related malware APK",
"pattern": "[file:hashes.SHA1 = 'fe86ae99ee7b75abf2bce047f4b5f2f1b20d3492']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:09:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c1-1f3c-4f86-8fe9-472e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:25.000Z",
"modified": "2016-01-07T13:10:25.000Z",
"description": "Related malware APK - Xchecked via VT: fe86ae99ee7b75abf2bce047f4b5f2f1b20d3492",
"pattern": "[file:hashes.SHA256 = '5769f8e5133688978b2e2e5878f968aaac88a8c8ba9dff39bafe74d04c21b40c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c1-e9e8-4778-95f4-4e8902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:25.000Z",
"modified": "2016-01-07T13:10:25.000Z",
"description": "Related malware APK - Xchecked via VT: fe86ae99ee7b75abf2bce047f4b5f2f1b20d3492",
"pattern": "[file:hashes.MD5 = '7bc47c8f0c7fa0b175313f3a3ad3684a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c1-86ac-45fa-a825-436c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:25.000Z",
"modified": "2016-01-07T13:10:25.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/5769f8e5133688978b2e2e5878f968aaac88a8c8ba9dff39bafe74d04c21b40c/analysis/1451099188/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c2-98d0-45c6-aa02-4f1e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:26.000Z",
"modified": "2016-01-07T13:10:26.000Z",
"description": "Related malware APK - Xchecked via VT: d1f005e07d5369230d2624de94cfcbdad14cd914",
"pattern": "[file:hashes.SHA256 = 'df8ad96388a470adf83b9c55193fdbaba79221fec5756d99323b68bf2503a209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c2-ce5c-41f6-9f4b-40c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:26.000Z",
"modified": "2016-01-07T13:10:26.000Z",
"description": "Related malware APK - Xchecked via VT: d1f005e07d5369230d2624de94cfcbdad14cd914",
"pattern": "[file:hashes.MD5 = 'd959d626986bdf760d86d0ae0fccc601']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c2-e168-47d6-8574-4a3902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:26.000Z",
"modified": "2016-01-07T13:10:26.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/df8ad96388a470adf83b9c55193fdbaba79221fec5756d99323b68bf2503a209/analysis/1451580916/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c2-cfa8-44c7-a0b5-4eb102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:26.000Z",
"modified": "2016-01-07T13:10:26.000Z",
"description": "Related malware APK - Xchecked via VT: d1af06e54e294dbc106c03650ac8a556c1b1e1e9",
"pattern": "[file:hashes.SHA256 = 'd8aca3508ee537c0f5b07c6652f2a771c9d7cddd728196669bfcba93b2e5eb2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c3-fa4c-40ad-9151-4c1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:27.000Z",
"modified": "2016-01-07T13:10:27.000Z",
"description": "Related malware APK - Xchecked via VT: d1af06e54e294dbc106c03650ac8a556c1b1e1e9",
"pattern": "[file:hashes.MD5 = 'bac94ec32061d46b175ad3ff5321d122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c3-4284-4067-ade4-463e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:27.000Z",
"modified": "2016-01-07T13:10:27.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/d8aca3508ee537c0f5b07c6652f2a771c9d7cddd728196669bfcba93b2e5eb2c/analysis/1452012139/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c3-ae30-49f7-8037-486802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:27.000Z",
"modified": "2016-01-07T13:10:27.000Z",
"description": "Related malware APK - Xchecked via VT: bde06adde1d6f4ac3a1865a4314ca45ca807b39c",
"pattern": "[file:hashes.SHA256 = '0114edb7dbc86bf3e2fe70589749b1dd4bf06ec87fabd85a83e28e4c45569a24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c3-4df4-4e6e-80da-4e8402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:27.000Z",
"modified": "2016-01-07T13:10:27.000Z",
"description": "Related malware APK - Xchecked via VT: bde06adde1d6f4ac3a1865a4314ca45ca807b39c",
"pattern": "[file:hashes.MD5 = '78dac33206fe0fee2d099a9105f4c571']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c4-b3e8-4caa-b251-417d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:28.000Z",
"modified": "2016-01-07T13:10:28.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/0114edb7dbc86bf3e2fe70589749b1dd4bf06ec87fabd85a83e28e4c45569a24/analysis/1451374040/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c4-8ce4-4fb6-82c0-481b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:28.000Z",
"modified": "2016-01-07T13:10:28.000Z",
"description": "Related malware APK - Xchecked via VT: a54341b76b88034de6a47bb5904e6c01c53f3cc4",
"pattern": "[file:hashes.SHA256 = 'b4a8a6b8cd302fe614331d7549ca09b586b0542993d8329d77b65b3cbca3ea37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c4-5660-47bd-baa4-48db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:28.000Z",
"modified": "2016-01-07T13:10:28.000Z",
"description": "Related malware APK - Xchecked via VT: a54341b76b88034de6a47bb5904e6c01c53f3cc4",
"pattern": "[file:hashes.MD5 = '9b435a61b788fb15801a846fdd92ce90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c4-5348-461f-9774-4aa002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:28.000Z",
"modified": "2016-01-07T13:10:28.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/b4a8a6b8cd302fe614331d7549ca09b586b0542993d8329d77b65b3cbca3ea37/analysis/1451374146/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c5-2350-498b-9e6d-4ee402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:29.000Z",
"modified": "2016-01-07T13:10:29.000Z",
"description": "Related malware APK - Xchecked via VT: 9434f41147eb7259dcf4f1dd8ed7d1209b1546b8",
"pattern": "[file:hashes.SHA256 = 'e74ab5be38acd2aa87b3e05aad86e8b9f2fa8bc15c5015b364b8ae810b9d9143']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c5-e294-48ca-86c3-4e2102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:29.000Z",
"modified": "2016-01-07T13:10:29.000Z",
"description": "Related malware APK - Xchecked via VT: 9434f41147eb7259dcf4f1dd8ed7d1209b1546b8",
"pattern": "[file:hashes.MD5 = '24c2f9014a5ac73134af86917ffc9ae3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c5-3dbc-4201-b241-4f2d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:29.000Z",
"modified": "2016-01-07T13:10:29.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/e74ab5be38acd2aa87b3e05aad86e8b9f2fa8bc15c5015b364b8ae810b9d9143/analysis/1451655976/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c5-a654-4cc5-a8a2-445902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:29.000Z",
"modified": "2016-01-07T13:10:29.000Z",
"description": "Related malware APK - Xchecked via VT: 2bbcf7511d6953a64f4284f2454dce119bd1063e",
"pattern": "[file:hashes.SHA256 = '8963b16b3002bbeeba934d6bfd5194dc7682cdf916c3da2933f93c19de194aab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c6-6e88-4ac6-b70f-42a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:30.000Z",
"modified": "2016-01-07T13:10:30.000Z",
"description": "Related malware APK - Xchecked via VT: 2bbcf7511d6953a64f4284f2454dce119bd1063e",
"pattern": "[file:hashes.MD5 = 'ef66245c2b082ee69b52176ec5093f5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c6-01ac-4fd0-85cb-44f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:30.000Z",
"modified": "2016-01-07T13:10:30.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/8963b16b3002bbeeba934d6bfd5194dc7682cdf916c3da2933f93c19de194aab/analysis/1451524569/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c6-eef4-42e1-bf5a-424002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:30.000Z",
"modified": "2016-01-07T13:10:30.000Z",
"description": "Related malware APK - Xchecked via VT: 0c6a075e0cf4e94d57afe085d39423400fa88b7c",
"pattern": "[file:hashes.SHA256 = '26ced0b8c425bad44b14b016fd7ac028adb4fa87593e77f5c9e19705474e8719']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c6-5bf8-4768-81d2-4a7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:30.000Z",
"modified": "2016-01-07T13:10:30.000Z",
"description": "Related malware APK - Xchecked via VT: 0c6a075e0cf4e94d57afe085d39423400fa88b7c",
"pattern": "[file:hashes.MD5 = '0761c655ac70d09b7dd0ef9e4f2df363']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c7-f144-40eb-b943-48b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:31.000Z",
"modified": "2016-01-07T13:10:31.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/26ced0b8c425bad44b14b016fd7ac028adb4fa87593e77f5c9e19705474e8719/analysis/1451374070/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c7-eb40-44c7-821e-4aa902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:31.000Z",
"modified": "2016-01-07T13:10:31.000Z",
"description": "Related malware APK - Xchecked via VT: 0637b9116af595e7451dea655a05c32aa89fcbdb",
"pattern": "[file:hashes.SHA256 = '96d4ad62d42f2fc20e90f0ef6c8afbf83831f5f1592b0cd0ab4fdb4a090ef86b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c7-8274-4b09-a7c4-49cb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:31.000Z",
"modified": "2016-01-07T13:10:31.000Z",
"description": "Related malware APK - Xchecked via VT: 0637b9116af595e7451dea655a05c32aa89fcbdb",
"pattern": "[file:hashes.MD5 = '4d5f96c7b149547a1c9dac98c491d8b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c7-8e90-42a2-a409-43e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:31.000Z",
"modified": "2016-01-07T13:10:31.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/96d4ad62d42f2fc20e90f0ef6c8afbf83831f5f1592b0cd0ab4fdb4a090ef86b/analysis/1452012192/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c8-74e8-4ae2-954d-4bed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:32.000Z",
"modified": "2016-01-07T13:10:32.000Z",
"description": "Related malware APK - Xchecked via VT: 019d4326d3340609b3f8326d51e031cafc6bf9a0",
"pattern": "[file:hashes.SHA256 = 'abcf3b1b631f0fa776bf22f1bee8bfc6b95a00b345c103ee82a3d26b466b2dd6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c8-be7c-45c2-af72-486b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:32.000Z",
"modified": "2016-01-07T13:10:32.000Z",
"description": "Related malware APK - Xchecked via VT: 019d4326d3340609b3f8326d51e031cafc6bf9a0",
"pattern": "[file:hashes.MD5 = 'e1924b0c16629a0c6a5c9bdf85c86920']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--568e63c8-f2fc-4aa2-8122-422a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-01-07T13:10:32.000Z",
"modified": "2016-01-07T13:10:32.000Z",
"pattern": "[url:value = 'https://www.virustotal.com/file/abcf3b1b631f0fa776bf22f1bee8bfc6b95a00b345c103ee82a3d26b466b2dd6/analysis/1451374062/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-01-07T13:10:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}