misp-circl-feed/feeds/circl/stix-2.1/58fce117-452c-42ed-a2dc-b64a950d210f.json

267 lines
11 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--58fce117-452c-42ed-a2dc-b64a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T21:00:49.000Z",
"modified": "2017-04-23T21:00:49.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58fce117-452c-42ed-a2dc-b64a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T21:00:49.000Z",
"modified": "2017-04-23T21:00:49.000Z",
"name": "OSINT - FlexSpy Application Analysis",
"published": "2017-04-23T21:01:36Z",
"object_refs": [
"observed-data--58fce124-1a0c-4d73-904b-dbd5950d210f",
"url--58fce124-1a0c-4d73-904b-dbd5950d210f",
"x-misp-attribute--58fce13b-fadc-4e55-a0d4-46ea950d210f",
"indicator--58fce173-d508-4f0f-8a89-dba6950d210f",
"indicator--58fce174-1b68-4e69-b27f-dba6950d210f",
"indicator--58fce175-c7b4-4488-8f4d-dba6950d210f",
"indicator--58fce1bc-783c-4960-a449-dba5950d210f",
"indicator--58fce1bd-c0a4-4862-a657-dba5950d210f",
"indicator--58fd15fe-c4ac-4a6c-bbd3-4815950d210f",
"indicator--58fd1600-dcf8-4103-af30-4e0f950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58fce124-1a0c-4d73-904b-dbd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T17:19:31.000Z",
"modified": "2017-04-23T17:19:31.000Z",
"first_observed": "2017-04-23T17:19:31Z",
"last_observed": "2017-04-23T17:19:31Z",
"number_observed": 1,
"object_refs": [
"url--58fce124-1a0c-4d73-904b-dbd5950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"f\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58fce124-1a0c-4d73-904b-dbd5950d210f",
"value": "http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58fce13b-fadc-4e55-a0d4-46ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T17:19:32.000Z",
"modified": "2017-04-23T17:19:32.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"f\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "On 04/22/2017 FlexiDie released source code and binaries for FlexiSpy\u00e2\u20ac\u2122s mobile spyware program. Being a good reverse engineer that I am, my analysis is below. The IOC section is intended for other reverse engineers and antivirus vendors. General Overview is intended for journalists. I will release a detailed technical teardown in a day or two."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fce173-d508-4f0f-8a89-dba6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T17:16:35.000Z",
"modified": "2017-04-23T17:16:35.000Z",
"description": "(found in com.vvt.phoenix.prot.test.CSMTest",
"pattern": "[url:value = 'http://58.137.119.229/RainbowCore/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-23T17:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fce174-1b68-4e69-b27f-dba6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T17:16:36.000Z",
"modified": "2017-04-23T17:16:36.000Z",
"description": "found in source//location_capture/tests/location_capture_tests/src/com/vvt/locationcapture/tests/Location_capture_testsActivity.java:",
"pattern": "[url:value = 'http://trkps.com/m.php?lat=\\\\%f&long=\\\\%f&t=\\\\%s&i=\\\\%s&z=5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-23T17:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fce175-c7b4-4488-8f4d-dba6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T17:16:37.000Z",
"modified": "2017-04-23T17:16:37.000Z",
"description": "On port 8880",
"pattern": "[url:value = 'http://202.176.88.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-23T17:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fce1bc-783c-4960-a449-dba5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T17:17:48.000Z",
"modified": "2017-04-23T17:17:48.000Z",
"description": "Another IP address was found commented out in the code base //private String mUrl =",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.176.88.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-23T17:17:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fce1bd-c0a4-4862-a657-dba5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T17:17:49.000Z",
"modified": "2017-04-23T17:17:49.000Z",
"description": "(found in com.vvt.phoenix.prot.test.CSMTest)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-23T17:17:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fd15fe-c4ac-4a6c-bbd3-4815950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T21:00:46.000Z",
"modified": "2017-04-23T21:00:46.000Z",
"description": "In sample comments",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-23T21:00:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58fd1600-dcf8-4103-af30-4e0f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-23T21:00:48.000Z",
"modified": "2017-04-23T21:00:48.000Z",
"description": "In sample comments",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-23T21:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}