misp-circl-feed/feeds/circl/stix-2.1/56e96cfd-a958-4012-b575-4fe7950d210f.json

306 lines
13 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56e96cfd-a958-4012-b575-4fe7950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:29:10.000Z",
"modified": "2016-03-16T14:29:10.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e96cfd-a958-4012-b575-4fe7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:29:10.000Z",
"modified": "2016-03-16T14:29:10.000Z",
"name": "OSINT - Malicious iBanking application with new uninstall countermeasures",
"published": "2016-03-16T14:30:32Z",
"object_refs": [
"x-misp-attribute--56e96d3c-8ccc-4883-be59-4dda950d210f",
"observed-data--56e96d4a-2d60-4f6b-8810-4ad5950d210f",
"url--56e96d4a-2d60-4f6b-8810-4ad5950d210f",
"indicator--56e96d65-2f18-490c-849b-43f7950d210f",
"indicator--56e96d65-4b90-4a88-863f-44da950d210f",
"indicator--56e96d8d-5944-4c31-9149-61d902de0b81",
"indicator--56e96d8e-c4c4-458e-9749-61d902de0b81",
"observed-data--56e96d8e-6a70-40b6-a3a6-61d902de0b81",
"url--56e96d8e-6a70-40b6-a3a6-61d902de0b81",
"indicator--56e96d8e-6d60-4d53-b57c-61d902de0b81",
"indicator--56e96d8f-b9b4-41e2-8b65-61d902de0b81",
"observed-data--56e96d8f-9d34-404e-83c4-61d902de0b81",
"url--56e96d8f-9d34-404e-83c4-61d902de0b81",
"x-misp-attribute--56e96db6-17f4-4166-9aec-4c4c950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e96d3c-8ccc-4883-be59-4dda950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:27:08.000Z",
"modified": "2016-03-16T14:27:08.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Our CERT laboratory recently received a sample of iBanking malware (along with a malicious JavaScript code snippet associated with it), posing as the mobile Trusteer Rapport antimalware solution. The attack scenario isn\u00e2\u20ac\u2122t new, it has been used many times in the past, but recently we see an increase in attacks on Polish users of electronic banking using this method. In comparison to previous, similar programs, the analyzed application has proven much more difficult to remove and it\u00e2\u20ac\u2122s code was much better obfuscated."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96d4a-2d60-4f6b-8810-4ad5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:27:22.000Z",
"modified": "2016-03-16T14:27:22.000Z",
"first_observed": "2016-03-16T14:27:22Z",
"last_observed": "2016-03-16T14:27:22Z",
"number_observed": 1,
"object_refs": [
"url--56e96d4a-2d60-4f6b-8810-4ad5950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96d4a-2d60-4f6b-8810-4ad5950d210f",
"value": "http://www.cert.pl/news/11166/langswitch_lang/en"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96d65-2f18-490c-849b-43f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:27:49.000Z",
"modified": "2016-03-16T14:27:49.000Z",
"description": "Samples",
"pattern": "[file:hashes.SHA256 = 'aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96d65-4b90-4a88-863f-44da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:27:49.000Z",
"modified": "2016-03-16T14:27:49.000Z",
"description": "Samples",
"pattern": "[file:hashes.SHA256 = '30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96d8d-5944-4c31-9149-61d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:28:29.000Z",
"modified": "2016-03-16T14:28:29.000Z",
"description": "Samples - Xchecked via VT: 30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726",
"pattern": "[file:hashes.SHA1 = '193f632478571d0621fb11bcc82556b545ca1c00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:28:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96d8e-c4c4-458e-9749-61d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:28:30.000Z",
"modified": "2016-03-16T14:28:30.000Z",
"description": "Samples - Xchecked via VT: 30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726",
"pattern": "[file:hashes.MD5 = '27a850af72e228eb2209879168b5f9d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:28:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96d8e-6a70-40b6-a3a6-61d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:28:30.000Z",
"modified": "2016-03-16T14:28:30.000Z",
"first_observed": "2016-03-16T14:28:30Z",
"last_observed": "2016-03-16T14:28:30Z",
"number_observed": 1,
"object_refs": [
"url--56e96d8e-6a70-40b6-a3a6-61d902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96d8e-6a70-40b6-a3a6-61d902de0b81",
"value": "https://www.virustotal.com/file/30f75776b1ea0df28186e0e6a141c039e50089e80becb62918915643249fb726/analysis/1455733718/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96d8e-6d60-4d53-b57c-61d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:28:30.000Z",
"modified": "2016-03-16T14:28:30.000Z",
"description": "Samples - Xchecked via VT: aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754",
"pattern": "[file:hashes.SHA1 = 'a1cf8299bfee707073510de81bbb6f92311ab176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:28:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96d8f-b9b4-41e2-8b65-61d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:28:31.000Z",
"modified": "2016-03-16T14:28:31.000Z",
"description": "Samples - Xchecked via VT: aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754",
"pattern": "[file:hashes.MD5 = '1a2ec7c92d07f437fe2abe6de0bcdd72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:28:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96d8f-9d34-404e-83c4-61d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:28:31.000Z",
"modified": "2016-03-16T14:28:31.000Z",
"first_observed": "2016-03-16T14:28:31Z",
"last_observed": "2016-03-16T14:28:31Z",
"number_observed": 1,
"object_refs": [
"url--56e96d8f-9d34-404e-83c4-61d902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96d8f-9d34-404e-83c4-61d902de0b81",
"value": "https://www.virustotal.com/file/aa6f87e50e9df2a88fc2146ba477abe8099459012ed1b9d4f6c03ec54ed2f754/analysis/1457870277/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e96db6-17f4-4166-9aec-4c4c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:29:10.000Z",
"modified": "2016-03-16T14:29:10.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Android.Trojan.HesperBot."
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}