536 lines
23 KiB
JSON
536 lines
23 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--58e3e7e5-90d8-43f1-a070-4520950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:54:06.000Z",
|
||
|
"modified": "2017-04-04T18:54:06.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--58e3e7e5-90d8-43f1-a070-4520950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:54:06.000Z",
|
||
|
"modified": "2017-04-04T18:54:06.000Z",
|
||
|
"name": "OSINT - An Investigation of Chrysaor Malware on Android",
|
||
|
"published": "2017-04-04T18:54:20Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--58e3e80a-1250-40c3-8ab6-4e18950d210f",
|
||
|
"url--58e3e80a-1250-40c3-8ab6-4e18950d210f",
|
||
|
"x-misp-attribute--58e3e82c-6c88-446e-9a88-4d98950d210f",
|
||
|
"indicator--58e3e9c9-4b54-4ce9-8237-47fe950d210f",
|
||
|
"x-misp-attribute--58e3e9da-6394-4d85-ac57-4029950d210f",
|
||
|
"indicator--58e3ea29-86c0-4bb3-ab7b-40fb950d210f",
|
||
|
"indicator--58e3ea87-fe34-448b-9b9e-4895950d210f",
|
||
|
"indicator--58e3ea88-e9dc-47c8-a4cc-4c6f950d210f",
|
||
|
"indicator--58e3ea89-1f78-412f-9941-4ac9950d210f",
|
||
|
"indicator--58e3ea8a-2ca8-4972-8749-454e950d210f",
|
||
|
"indicator--58e3ea8b-f844-4e71-a327-4547950d210f",
|
||
|
"indicator--58e3eae1-8228-455b-b542-4227950d210f",
|
||
|
"indicator--58e3eb2a-60ec-4774-ba81-4ccf02de0b81",
|
||
|
"indicator--58e3eb2b-fec4-4fbb-9136-449b02de0b81",
|
||
|
"observed-data--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
|
||
|
"url--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
|
||
|
"indicator--58e3eb2d-75e0-4eb4-a396-483c02de0b81",
|
||
|
"indicator--58e3eb2e-9fc8-41a4-b604-4d7802de0b81",
|
||
|
"observed-data--58e3eb2f-b968-413f-82c3-41f102de0b81",
|
||
|
"url--58e3eb2f-b968-413f-82c3-41f102de0b81",
|
||
|
"indicator--58e3eb30-c914-457f-8fbd-4d7602de0b81",
|
||
|
"indicator--58e3eb31-3b7c-4aff-bf5b-494602de0b81",
|
||
|
"observed-data--58e3eb32-eef4-4ed4-b8a4-42b802de0b81",
|
||
|
"url--58e3eb32-eef4-4ed4-b8a4-42b802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"misp-galaxy:tool=\"Chrysaor\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58e3e80a-1250-40c3-8ab6-4e18950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"first_observed": "2017-04-04T18:51:11Z",
|
||
|
"last_observed": "2017-04-04T18:51:11Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58e3e80a-1250-40c3-8ab6-4e18950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58e3e80a-1250-40c3-8ab6-4e18950d210f",
|
||
|
"value": "https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--58e3e82c-6c88-446e-9a88-4d98950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "In this blog post, we describe Chrysaor, a newly discovered family of spyware that was used in a targeted attack on a small number of Android devices, and how investigations like this help Google protect Android users from a variety of threats."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3e9c9-4b54-4ce9-8237-47fe950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--58e3e9da-6394-4d85-ac57-4029950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"mobile-application-id\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "mobile-application-id",
|
||
|
"x_misp_value": "com.network.android"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3ea29-86c0-4bb3-ab7b-40fb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "Pegasus for Android Samples",
|
||
|
"pattern": "[file:hashes.SHA256 = '3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3ea87-fe34-448b-9b9e-4895950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "com.network.android",
|
||
|
"pattern": "[file:hashes.SHA256 = '98ca5f94638768e7b58889bb5df4584bf5b6af56b188da48c10a02648791b30c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3ea88-e9dc-47c8-a4cc-4c6f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "com.binary.sms.receiver",
|
||
|
"pattern": "[file:hashes.SHA256 = '9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3ea89-1f78-412f-9941-4ac9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "com.android.copy",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e384694d3d17cd88ec3a66c740c6398e07b8ee401320ca61e26bdf96c20485b4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3ea8a-2ca8-4972-8749-454e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "com.android.copy",
|
||
|
"pattern": "[file:hashes.SHA256 = '12e085ab85db887438655feebd249127d813e31df766f8c7b009f9519916e389']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3ea8b-f844-4e71-a327-4547950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "com.android.copy",
|
||
|
"pattern": "[file:hashes.SHA256 = '6348104f8ef22eba5ac8ee737b192887629de987badbb1642e347d0dd01420f8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3eae1-8228-455b-b542-4227950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:11.000Z",
|
||
|
"modified": "2017-04-04T18:51:11.000Z",
|
||
|
"description": "com.network.android",
|
||
|
"pattern": "[file:hashes.SHA1 = '44f6d1caa257799e57f0ecaf4e2e216178f4cb3d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3eb2a-60ec-4774-ba81-4ccf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:22.000Z",
|
||
|
"modified": "2017-04-04T18:51:22.000Z",
|
||
|
"description": "com.binary.sms.receiver - Xchecked via VT: 9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae",
|
||
|
"pattern": "[file:hashes.SHA1 = '28f570754274db96bffa7ac4a53a5ede3508d82c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3eb2b-fec4-4fbb-9136-449b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:23.000Z",
|
||
|
"modified": "2017-04-04T18:51:23.000Z",
|
||
|
"description": "com.binary.sms.receiver - Xchecked via VT: 9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae",
|
||
|
"pattern": "[file:hashes.MD5 = 'cc9517aafb58279091ac17533293edc1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:24.000Z",
|
||
|
"modified": "2017-04-04T18:51:24.000Z",
|
||
|
"first_observed": "2017-04-04T18:51:24Z",
|
||
|
"last_observed": "2017-04-04T18:51:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae/analysis/1491317706/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3eb2d-75e0-4eb4-a396-483c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:25.000Z",
|
||
|
"modified": "2017-04-04T18:51:25.000Z",
|
||
|
"description": "Pegasus for Android Samples - Xchecked via VT: 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b6850881561265d89597d0d245b33dba3d7d3f47']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3eb2e-9fc8-41a4-b604-4d7802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:26.000Z",
|
||
|
"modified": "2017-04-04T18:51:26.000Z",
|
||
|
"description": "Pegasus for Android Samples - Xchecked via VT: 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86",
|
||
|
"pattern": "[file:hashes.MD5 = '3a69bfbe5bc83c4df938177e05cd7c7c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58e3eb2f-b968-413f-82c3-41f102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:27.000Z",
|
||
|
"modified": "2017-04-04T18:51:27.000Z",
|
||
|
"first_observed": "2017-04-04T18:51:27Z",
|
||
|
"last_observed": "2017-04-04T18:51:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58e3eb2f-b968-413f-82c3-41f102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58e3eb2f-b968-413f-82c3-41f102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86/analysis/1491309077/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3eb30-c914-457f-8fbd-4d7602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:28.000Z",
|
||
|
"modified": "2017-04-04T18:51:28.000Z",
|
||
|
"description": "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target - Xchecked via VT: ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e5920f3723e62e1850157f09baf556006bf80f74']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--58e3eb31-3b7c-4aff-bf5b-494602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:29.000Z",
|
||
|
"modified": "2017-04-04T18:51:29.000Z",
|
||
|
"description": "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target - Xchecked via VT: ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5",
|
||
|
"pattern": "[file:hashes.MD5 = '7c3ad8fec33465fed6563bbfabb5b13d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-04-04T18:51:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--58e3eb32-eef4-4ed4-b8a4-42b802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-04-04T18:51:30.000Z",
|
||
|
"modified": "2017-04-04T18:51:30.000Z",
|
||
|
"first_observed": "2017-04-04T18:51:30Z",
|
||
|
"last_observed": "2017-04-04T18:51:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--58e3eb32-eef4-4ed4-b8a4-42b802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--58e3eb32-eef4-4ed4-b8a4-42b802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5/analysis/1491313777/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|