misp-circl-feed/feeds/circl/stix-2.1/58e3e7e5-90d8-43f1-a070-4520950d210f.json

536 lines
23 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--58e3e7e5-90d8-43f1-a070-4520950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:54:06.000Z",
"modified": "2017-04-04T18:54:06.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58e3e7e5-90d8-43f1-a070-4520950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:54:06.000Z",
"modified": "2017-04-04T18:54:06.000Z",
"name": "OSINT - An Investigation of Chrysaor Malware on Android",
"published": "2017-04-04T18:54:20Z",
"object_refs": [
"observed-data--58e3e80a-1250-40c3-8ab6-4e18950d210f",
"url--58e3e80a-1250-40c3-8ab6-4e18950d210f",
"x-misp-attribute--58e3e82c-6c88-446e-9a88-4d98950d210f",
"indicator--58e3e9c9-4b54-4ce9-8237-47fe950d210f",
"x-misp-attribute--58e3e9da-6394-4d85-ac57-4029950d210f",
"indicator--58e3ea29-86c0-4bb3-ab7b-40fb950d210f",
"indicator--58e3ea87-fe34-448b-9b9e-4895950d210f",
"indicator--58e3ea88-e9dc-47c8-a4cc-4c6f950d210f",
"indicator--58e3ea89-1f78-412f-9941-4ac9950d210f",
"indicator--58e3ea8a-2ca8-4972-8749-454e950d210f",
"indicator--58e3ea8b-f844-4e71-a327-4547950d210f",
"indicator--58e3eae1-8228-455b-b542-4227950d210f",
"indicator--58e3eb2a-60ec-4774-ba81-4ccf02de0b81",
"indicator--58e3eb2b-fec4-4fbb-9136-449b02de0b81",
"observed-data--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
"url--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
"indicator--58e3eb2d-75e0-4eb4-a396-483c02de0b81",
"indicator--58e3eb2e-9fc8-41a4-b604-4d7802de0b81",
"observed-data--58e3eb2f-b968-413f-82c3-41f102de0b81",
"url--58e3eb2f-b968-413f-82c3-41f102de0b81",
"indicator--58e3eb30-c914-457f-8fbd-4d7602de0b81",
"indicator--58e3eb31-3b7c-4aff-bf5b-494602de0b81",
"observed-data--58e3eb32-eef4-4ed4-b8a4-42b802de0b81",
"url--58e3eb32-eef4-4ed4-b8a4-42b802de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:tool=\"Chrysaor\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e3e80a-1250-40c3-8ab6-4e18950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"first_observed": "2017-04-04T18:51:11Z",
"last_observed": "2017-04-04T18:51:11Z",
"number_observed": 1,
"object_refs": [
"url--58e3e80a-1250-40c3-8ab6-4e18950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e3e80a-1250-40c3-8ab6-4e18950d210f",
"value": "https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58e3e82c-6c88-446e-9a88-4d98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "In this blog post, we describe Chrysaor, a newly discovered family of spyware that was used in a targeted attack on a small number of Android devices, and how investigations like this help Google protect Android users from a variety of threats."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3e9c9-4b54-4ce9-8237-47fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target",
"pattern": "[file:hashes.SHA256 = 'ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58e3e9da-6394-4d85-ac57-4029950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.network.android"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3ea29-86c0-4bb3-ab7b-40fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "Pegasus for Android Samples",
"pattern": "[file:hashes.SHA256 = '3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3ea87-fe34-448b-9b9e-4895950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "com.network.android",
"pattern": "[file:hashes.SHA256 = '98ca5f94638768e7b58889bb5df4584bf5b6af56b188da48c10a02648791b30c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3ea88-e9dc-47c8-a4cc-4c6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "com.binary.sms.receiver",
"pattern": "[file:hashes.SHA256 = '9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3ea89-1f78-412f-9941-4ac9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "com.android.copy",
"pattern": "[file:hashes.SHA256 = 'e384694d3d17cd88ec3a66c740c6398e07b8ee401320ca61e26bdf96c20485b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3ea8a-2ca8-4972-8749-454e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "com.android.copy",
"pattern": "[file:hashes.SHA256 = '12e085ab85db887438655feebd249127d813e31df766f8c7b009f9519916e389']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3ea8b-f844-4e71-a327-4547950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "com.android.copy",
"pattern": "[file:hashes.SHA256 = '6348104f8ef22eba5ac8ee737b192887629de987badbb1642e347d0dd01420f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3eae1-8228-455b-b542-4227950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:11.000Z",
"modified": "2017-04-04T18:51:11.000Z",
"description": "com.network.android",
"pattern": "[file:hashes.SHA1 = '44f6d1caa257799e57f0ecaf4e2e216178f4cb3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3eb2a-60ec-4774-ba81-4ccf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:22.000Z",
"modified": "2017-04-04T18:51:22.000Z",
"description": "com.binary.sms.receiver - Xchecked via VT: 9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae",
"pattern": "[file:hashes.SHA1 = '28f570754274db96bffa7ac4a53a5ede3508d82c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3eb2b-fec4-4fbb-9136-449b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:23.000Z",
"modified": "2017-04-04T18:51:23.000Z",
"description": "com.binary.sms.receiver - Xchecked via VT: 9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae",
"pattern": "[file:hashes.MD5 = 'cc9517aafb58279091ac17533293edc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:24.000Z",
"modified": "2017-04-04T18:51:24.000Z",
"first_observed": "2017-04-04T18:51:24Z",
"last_observed": "2017-04-04T18:51:24Z",
"number_observed": 1,
"object_refs": [
"url--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
"value": "https://www.virustotal.com/file/9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae/analysis/1491317706/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3eb2d-75e0-4eb4-a396-483c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:25.000Z",
"modified": "2017-04-04T18:51:25.000Z",
"description": "Pegasus for Android Samples - Xchecked via VT: 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86",
"pattern": "[file:hashes.SHA1 = 'b6850881561265d89597d0d245b33dba3d7d3f47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3eb2e-9fc8-41a4-b604-4d7802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:26.000Z",
"modified": "2017-04-04T18:51:26.000Z",
"description": "Pegasus for Android Samples - Xchecked via VT: 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86",
"pattern": "[file:hashes.MD5 = '3a69bfbe5bc83c4df938177e05cd7c7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e3eb2f-b968-413f-82c3-41f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:27.000Z",
"modified": "2017-04-04T18:51:27.000Z",
"first_observed": "2017-04-04T18:51:27Z",
"last_observed": "2017-04-04T18:51:27Z",
"number_observed": 1,
"object_refs": [
"url--58e3eb2f-b968-413f-82c3-41f102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e3eb2f-b968-413f-82c3-41f102de0b81",
"value": "https://www.virustotal.com/file/3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86/analysis/1491309077/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3eb30-c914-457f-8fbd-4d7602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:28.000Z",
"modified": "2017-04-04T18:51:28.000Z",
"description": "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target - Xchecked via VT: ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5",
"pattern": "[file:hashes.SHA1 = 'e5920f3723e62e1850157f09baf556006bf80f74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e3eb31-3b7c-4aff-bf5b-494602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:29.000Z",
"modified": "2017-04-04T18:51:29.000Z",
"description": "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target - Xchecked via VT: ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5",
"pattern": "[file:hashes.MD5 = '7c3ad8fec33465fed6563bbfabb5b13d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-04T18:51:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e3eb32-eef4-4ed4-b8a4-42b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-04T18:51:30.000Z",
"modified": "2017-04-04T18:51:30.000Z",
"first_observed": "2017-04-04T18:51:30Z",
"last_observed": "2017-04-04T18:51:30Z",
"number_observed": 1,
"object_refs": [
"url--58e3eb32-eef4-4ed4-b8a4-42b802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e3eb32-eef4-4ed4-b8a4-42b802de0b81",
"value": "https://www.virustotal.com/file/ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5/analysis/1491313777/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}