adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5aec0f0f-7fe0-4e42-8f64-44e5950d210f.json

1748 lines
74 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5aec0f0f-7fe0-4e42-8f64-44e5950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T13:45:29.000Z",
"modified": "2018-05-04T13:45:29.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5aec0f0f-7fe0-4e42-8f64-44e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T13:45:29.000Z",
"modified": "2018-05-04T13:45:29.000Z",
"name": "OSINT - Who's who in the zoo. Cyberespionage operation targets android users in the Middle East.",
"published": "2018-05-04T13:45:31Z",
"object_refs": [
"observed-data--5aec0f20-88a8-49fa-80f5-4733950d210f",
"url--5aec0f20-88a8-49fa-80f5-4733950d210f",
"indicator--5aec200b-7a44-4031-8c84-43e4950d210f",
"indicator--5aec200c-c464-4a1f-877d-446f950d210f",
"indicator--5aec200c-31d0-46b1-8b30-485d950d210f",
"indicator--5aec200d-4b3c-44f6-ac45-46ea950d210f",
"indicator--5aec200d-786c-4cf7-b419-46f3950d210f",
"indicator--5aec200d-4b50-4080-9453-4428950d210f",
"indicator--5aec200e-c888-486a-84ac-4da1950d210f",
"x-misp-attribute--5aec2023-ac18-4e5e-a38e-4a21950d210f",
"indicator--5aec21f5-231c-4ea4-9683-481d950d210f",
"indicator--5aec21f5-e3c4-4426-bf33-4d28950d210f",
"indicator--5aec21f6-3204-42b7-8583-482c950d210f",
"indicator--5aec312f-2280-408b-8fb4-48bf950d210f",
"indicator--5aec3170-cf04-4f1a-8b7c-47c8950d210f",
"indicator--5aec3171-a648-4a7b-9da9-4bb8950d210f",
"indicator--5aec4260-e03c-4a10-94e8-74f2950d210f",
"indicator--5aec4261-7c88-40a3-a811-74f2950d210f",
"indicator--5aec4261-23c8-495d-a098-74f2950d210f",
"indicator--5aec4262-262c-4d1b-afdb-74f2950d210f",
"indicator--5aec4262-0fb4-4591-83fa-74f2950d210f",
"indicator--5aec2376-7238-4823-a66f-4098950d210f",
"indicator--5aec253b-b91c-4875-9bbe-46a4950d210f",
"indicator--5aec27dd-65e4-4294-9cf5-4b35950d210f",
"indicator--5aec27fd-501c-40b3-9c57-434b950d210f",
"indicator--5aec280d-da64-4155-96aa-4e71950d210f",
"indicator--5aec2828-6448-49d4-93b7-4ee6950d210f",
"indicator--5aec284f-bab0-4ccc-a5a4-45d8950d210f",
"indicator--5aec2861-cf0c-4a9d-a128-4a65950d210f",
"indicator--5aec2a50-d48c-431d-b9ce-4a73950d210f",
"indicator--5aec2a63-d16c-4fa9-869a-4b93950d210f",
"indicator--5aec2ac7-4a48-4856-af56-42a5950d210f",
"indicator--5aec2ad5-f324-4b6f-bec6-41f7950d210f",
"indicator--5aec2dc4-5bec-4615-954d-4b19950d210f",
"indicator--5aec2dd5-d610-4d7f-9902-438b950d210f",
"indicator--5aec2dea-61c4-47b6-acde-45a6950d210f",
"x-misp-object--5aec413c-f01c-4c19-9761-4a1a950d210f",
"x-misp-object--5aec419c-5240-4635-ab6f-14ac950d210f",
"x-misp-object--5aec41f0-bfb0-40d4-bd05-1703950d210f",
"indicator--5aec4229-9244-4408-b095-4408950d210f",
"indicator--27686eee-e891-46e5-b144-cb0e10e53c8f",
"x-misp-object--35191532-c69c-43b6-837e-36ca962d6e48",
"indicator--30b25aaa-3cb2-4cd1-abf5-08129005f43d",
"x-misp-object--f3617dcc-af62-4280-9c9a-ab9d3d299f03",
"indicator--603ec016-9820-4262-b877-f42d0c72a95c",
"x-misp-object--d6a1412f-41bc-4263-8422-139cc4ec59a8",
"indicator--1f4deeda-c969-4626-8eae-d5f557f2937a",
"x-misp-object--dd172fdf-c047-47b9-bc67-8cae925cf527",
"indicator--042c8757-07c8-4c84-8b0c-300b1d946d41",
"x-misp-object--66ec9834-1856-4819-81d0-a7a19e5f8eea",
"indicator--c6337b0c-b9a1-4c12-92e5-3223c4abd133",
"x-misp-object--a4c9366f-a617-4a9e-bd17-da10b804814b",
"indicator--a57227d9-7325-46f3-ace1-e19ca49e51ec",
"x-misp-object--07699f23-1898-4fd7-86d3-29fa7c088378",
"indicator--d0ecc2c5-6e10-4077-ac69-28ed3a6a374f",
"x-misp-object--70ca0203-d569-42dd-8538-112a5385c7bd",
"indicator--29f9cb3b-24a0-48f9-b03b-55160ffa3040",
"x-misp-object--36852ace-b32b-49ce-b563-4c1d366459d8",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"relationship--878e9d91-9f2a-4228-800b-db488889d344",
"relationship--fc0c5272-b1d7-4772-9e7e-583977b5d9d0",
"relationship--150eee68-7d22-440a-ba46-0fb0eda74e23",
"relationship--d6759d15-a2f6-4e27-a2a6-2b2bc24243f0",
"relationship--1dfb0f72-b1ed-4e8f-a716-dea124f29b76",
"relationship--405857ba-2184-44ae-aef4-9c5385743dfc",
"relationship--4cdea0f6-9c9d-4af7-9121-38240080fa5b",
"relationship--37a4550c-65a4-421f-88bb-606ca466e0bf",
"relationship--c162b294-94fe-4602-b9f8-305b7eaf8915"
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"ZooPark\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5aec0f20-88a8-49fa-80f5-4733950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:12.000Z",
"modified": "2018-05-04T11:39:12.000Z",
"first_observed": "2018-05-04T11:39:12Z",
"last_observed": "2018-05-04T11:39:12Z",
"number_observed": 1,
"object_refs": [
"url--5aec0f20-88a8-49fa-80f5-4733950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5aec0f20-88a8-49fa-80f5-4733950d210f",
"value": "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/03095519/ZooPark_for_public_final.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec200b-7a44-4031-8c84-43e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:13.000Z",
"modified": "2018-05-04T11:39:13.000Z",
"description": "C2 server",
"pattern": "[domain-name:value = 'entekhab10.xp3.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec200c-c464-4a1f-877d-446f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T08:55:40.000Z",
"modified": "2018-05-04T08:55:40.000Z",
"description": "C2 server",
"pattern": "[domain-name:value = 'androidupdaters.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T08:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec200c-31d0-46b1-8b30-485d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T08:55:40.000Z",
"modified": "2018-05-04T08:55:40.000Z",
"description": "C2 server",
"pattern": "[domain-name:value = 'dlgmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T08:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec200d-4b3c-44f6-ac45-46ea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T08:55:41.000Z",
"modified": "2018-05-04T08:55:41.000Z",
"description": "C2 server",
"pattern": "[domain-name:value = 'rhubarb2.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T08:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec200d-786c-4cf7-b419-46f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T08:55:41.000Z",
"modified": "2018-05-04T08:55:41.000Z",
"description": "C2 server",
"pattern": "[domain-name:value = 'rhubarb3.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T08:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec200d-4b50-4080-9453-4428950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:13.000Z",
"modified": "2018-05-04T11:39:13.000Z",
"description": "C2 server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.61.27.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec200e-c888-486a-84ac-4da1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:14.000Z",
"modified": "2018-05-04T11:39:14.000Z",
"description": "C2 server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.61.27.157']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5aec2023-ac18-4e5e-a38e-4a21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:14.000Z",
"modified": "2018-05-04T11:39:14.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "ZooPark is a cyberespionage operation that has been focusing on Middle Eastern targets since at least June 2015. The threat actors behind ZooPark infect Android devices using several generations of malware we label from v1-v4, with v4 being the most recent version deployed in 2017.\r\n\r\nThe preferred infection vector for ZooPark is waterhole attacks. We found several news websites that have been hacked by the attackers to redirect visitors to a downloading site that serves malicious APKs. Some of the themes observed in campaign include \u00e2\u20ac\u0153Kurdistan referendum\u00e2\u20ac\u009d, \u00e2\u20ac\u0153TelegramGroups\u00e2\u20ac\u009d and \u00e2\u20ac\u0153Alnaharegypt news\u00e2\u20ac\u009d, among others. \r\n\r\nTarget profile has evolved during the last years of campaign, focusing on victims in Egypt, Jordan, Morocco and Lebanon."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec21f5-231c-4ea4-9683-481d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:14.000Z",
"modified": "2018-05-04T11:39:14.000Z",
"description": "Watering holes",
"pattern": "[url:value = 'http://www.alnaharegypt.com/t~467369']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec21f5-e3c4-4426-bf33-4d28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:15.000Z",
"modified": "2018-05-04T11:39:15.000Z",
"description": "Watering holes",
"pattern": "[url:value = 'http://showroommontorgueil.com/modules/homepageadvertise2/slides/alnaharegypt.news_v2.0.apk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec21f6-3204-42b7-8583-482c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:15.000Z",
"modified": "2018-05-04T11:39:15.000Z",
"description": "Watering holes",
"pattern": "[url:value = 'http://www.alhayatnews.com/ArabicRSS.apk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec312f-2280-408b-8fb4-48bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:16.000Z",
"modified": "2018-05-04T11:39:16.000Z",
"pattern": "[url:value = 'http://www.rhubarb2.com/telg/sv/sv.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec3170-cf04-4f1a-8b7c-47c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:16.000Z",
"modified": "2018-05-04T11:39:16.000Z",
"pattern": "[url:value = 'http://www.rhubarb2.com/get/index.php?id=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec3171-a648-4a7b-9da9-4bb8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:17.000Z",
"modified": "2018-05-04T11:39:17.000Z",
"pattern": "[url:value = 'http://www.rhubarb2.com/telg/index.php?set=show']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec4260-e03c-4a10-94e8-74f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:18.000Z",
"modified": "2018-05-04T11:39:18.000Z",
"pattern": "[url:value = 'http://www.rhubarb3.com/get/index.php?id=']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec4261-7c88-40a3-a811-74f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:18.000Z",
"modified": "2018-05-04T11:39:18.000Z",
"pattern": "[url:value = 'androidupdaters.com/img.jpg']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec4261-23c8-495d-a098-74f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:19.000Z",
"modified": "2018-05-04T11:39:19.000Z",
"pattern": "[url:value = 'rhubarb3.com/telg/sv/sv.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec4262-262c-4d1b-afdb-74f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:19.000Z",
"modified": "2018-05-04T11:39:19.000Z",
"pattern": "[url:value = 'rhubarb3.com/telg/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec4262-0fb4-4591-83fa-74f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:19.000Z",
"modified": "2018-05-04T11:39:19.000Z",
"pattern": "[url:value = 'rhubarb3.com/get/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2376-7238-4823-a66f-4098950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:10:14.000Z",
"modified": "2018-05-04T09:10:14.000Z",
"description": "Version 1.0",
"pattern": "[file:hashes.MD5 = '232bd3dde6914db0a3dbfc21ed178887' AND file:name = 'Entekhab10 V1.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:10:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec253b-b91c-4875-9bbe-46a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:17:47.000Z",
"modified": "2018-05-04T09:17:47.000Z",
"description": "Version 1.0",
"pattern": "[file:hashes.MD5 = '5efddd7f0fc2125e78a2ca18b68464ec' AND file:name = 'Entekhab10-v3.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:17:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec27dd-65e4-4294-9cf5-4b35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:29:01.000Z",
"modified": "2018-05-04T09:29:01.000Z",
"description": "Version 1.0",
"pattern": "[file:hashes.MD5 = 'ec5a6f0e743f4b858aba9de96a33fb0c' AND file:name = 'TelegramGroups.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:29:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec27fd-501c-40b3-9c57-434b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:29:33.000Z",
"modified": "2018-05-04T09:29:33.000Z",
"description": "Version 2.0",
"pattern": "[file:hashes.MD5 = '6a388edbce88bb0331ae875ceeb2f319' AND file:name = 'AllInOne.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:29:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec280d-da64-4155-96aa-4e71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:29:49.000Z",
"modified": "2018-05-04T09:29:49.000Z",
"description": "Version 2.0",
"pattern": "[file:hashes.MD5 = 'e2f62b5acf3795a62e9d54e1301c4e7b' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:29:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2828-6448-49d4-93b7-4ee6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:30:16.000Z",
"modified": "2018-05-04T09:30:16.000Z",
"description": "Version 2.0",
"pattern": "[file:hashes.MD5 = 'cb67abd070ae188390fc040cbe60e677' AND file:name = 'Referendum Kurdistan.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:30:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec284f-bab0-4ccc-a5a4-45d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:30:55.000Z",
"modified": "2018-05-04T09:30:55.000Z",
"description": "Version 2.0",
"pattern": "[file:hashes.MD5 = 'cb67abd070ae188390fc040cbe60e677' AND file:name = 'Referendum Kurdistan.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:30:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2861-cf0c-4a9d-a128-4a65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:31:13.000Z",
"modified": "2018-05-04T09:31:13.000Z",
"description": "Version 2.0",
"pattern": "[file:hashes.MD5 = '699a7eedd244f402303bcffdee1f0ed1' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:31:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2a50-d48c-431d-b9ce-4a73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:39:28.000Z",
"modified": "2018-05-04T09:39:28.000Z",
"description": "Version 3.0",
"pattern": "[file:hashes.MD5 = '7d7ad116e6a42d4e518378e2313e9392' AND file:name = 'Sexy_wallpaper.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:39:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2a63-d16c-4fa9-869a-4b93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:39:47.000Z",
"modified": "2018-05-04T09:39:47.000Z",
"description": "Version 3.0",
"pattern": "[file:hashes.MD5 = 'a7d00c8629079f944b61c4dd5c77c8fb' AND file:name = 'ArabicRSS.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:39:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2ac7-4a48-4856-af56-42a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:41:27.000Z",
"modified": "2018-05-04T09:41:27.000Z",
"description": "Version 3.0",
"pattern": "[file:hashes.MD5 = 'b714b092d2f28fcf78ef8d02b46dbf9c' AND file:name = 'Alnaharegypt.news_v2.0.apk' AND file:name = 'familyinnovation_app.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:41:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2ad5-f324-4b6f-bec6-41f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:41:41.000Z",
"modified": "2018-05-04T09:41:41.000Z",
"description": "Version 3.0",
"pattern": "[file:hashes.MD5 = 'ac4402e04de0949d7beed975db84e594' AND file:name = 'com.ann.newspaper.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:41:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2dc4-5bec-4615-954d-4b19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:54:12.000Z",
"modified": "2018-05-04T09:54:12.000Z",
"description": "Version 4.0",
"pattern": "[file:hashes.MD5 = '519018ecfc50c0cf6cd0c88cc41b2a69' AND file:name = 'FirewallFA.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:54:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2dd5-d610-4d7f-9902-438b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:54:29.000Z",
"modified": "2018-05-04T09:54:29.000Z",
"description": "Version 4.0",
"pattern": "[file:hashes.MD5 = '5ad36f6dd060e52771a8e4a1dd90c50c' AND file:name = 'DVPNEasy.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:54:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec2dea-61c4-47b6-acde-45a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T09:54:50.000Z",
"modified": "2018-05-04T09:54:50.000Z",
"description": "Version 4.0",
"pattern": "[file:hashes.MD5 = 'b44b91b14f176fbf93d998141931a4aa' AND file:name = 'DeleteTelegram.apk' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T09:54:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aec413c-f01c-4c19-9761-4a1a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:17:16.000Z",
"modified": "2018-05-04T11:17:16.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "asgharkhof@gmail.com",
"category": "Attribution",
"uuid": "5aec413c-96e0-42d7-9cef-4504950d210f"
},
{
"type": "domain",
"object_relation": "domain",
"value": "androidupdaters.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5aec413c-73e4-48a7-9eb5-4d1c950d210f"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "178.162.214.146",
"category": "Network activity",
"to_ids": true,
"uuid": "5aec413d-12e0-454d-9188-4856950d210f"
},
{
"type": "whois-registrant-name",
"object_relation": "registrant-name",
"value": "parspack 62555",
"category": "Attribution",
"uuid": "5aec413d-767c-40ef-9001-46d7950d210f"
},
{
"type": "whois-registrant-phone",
"object_relation": "registrant-phone",
"value": "+982188561212",
"category": "Attribution",
"uuid": "5aec413e-c298-44cd-8ffc-4a8c950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aec419c-5240-4635-ab6f-14ac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:18:52.000Z",
"modified": "2018-05-04T11:18:52.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "silent.city2020@mail.com",
"category": "Attribution",
"uuid": "5aec419d-4218-46d5-82bc-14ac950d210f"
},
{
"type": "domain",
"object_relation": "domain",
"value": "dlgmail.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5aec419d-80cc-4668-9cc2-14ac950d210f"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "46.4.41.195",
"category": "Network activity",
"to_ids": true,
"uuid": "5aec419e-04e8-4822-b841-14ac950d210f"
},
{
"type": "whois-registrant-name",
"object_relation": "registrant-name",
"value": "mohammad hosein asna ashar",
"category": "Attribution",
"uuid": "5aec419e-8508-45dc-a7b1-14ac950d210f"
},
{
"type": "whois-registrant-phone",
"object_relation": "registrant-phone",
"value": "+982188888299",
"category": "Attribution",
"uuid": "5aec419f-0dc0-41a8-ab47-14ac950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5aec41f0-bfb0-40d4-bd05-1703950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:20:16.000Z",
"modified": "2018-05-04T11:20:16.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "pilton86@yahoo.com",
"category": "Attribution",
"uuid": "5aec41f0-0070-4f0e-a930-1703950d210f"
},
{
"type": "domain",
"object_relation": "domain",
"value": "rhubarb2.com",
"category": "Network activity",
"to_ids": true,
"uuid": "5aec41f1-424c-472e-a5a9-1703950d210f"
},
{
"type": "ip-src",
"object_relation": "ip-address",
"value": "109.200.28.162",
"category": "Network activity",
"to_ids": true,
"uuid": "5aec41f1-3e28-4e7c-b5fe-1703950d210f"
},
{
"type": "whois-registrant-name",
"object_relation": "registrant-name",
"value": "Mohsen Malekian",
"category": "Attribution",
"uuid": "5aec41f2-5424-4f0e-bf2b-1703950d210f"
},
{
"type": "whois-registrant-phone",
"object_relation": "registrant-phone",
"value": "+989303938251",
"category": "Attribution",
"uuid": "5aec41f2-1678-4088-9251-1703950d210f"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5aec4229-9244-4408-b095-4408950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:21:13.000Z",
"modified": "2018-05-04T11:21:13.000Z",
"pattern": "[domain-name:value = 'rhubarb3.com' AND domain-name:resolves_to_refs[*].value = '5.144.130.33' AND domain-name:resolves_to_refs[*].value = '46.4.74.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:21:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"domain-ip\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--27686eee-e891-46e5-b144-cb0e10e53c8f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:23.000Z",
"modified": "2018-05-04T11:39:23.000Z",
"pattern": "[file:hashes.MD5 = '7d7ad116e6a42d4e518378e2313e9392' AND file:hashes.SHA1 = '237ccbbe5641bc2cb7283757d91d65bc641d6a26' AND file:hashes.SHA256 = 'f7fe4e299599a60a4797f9a13468e366394dc2d86ab768f681a0876d8ff052e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--35191532-c69c-43b6-837e-36ca962d6e48",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:21.000Z",
"modified": "2018-05-04T11:39:21.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:06:24",
"category": "Other",
"uuid": "5aec4669-e710-4033-b4f7-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/62",
"category": "Other",
"uuid": "5aec466a-b1dc-40ab-b171-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/f7fe4e299599a60a4797f9a13468e366394dc2d86ab768f681a0876d8ff052e0/analysis/1525352784/",
"category": "External analysis",
"uuid": "5aec466a-3240-4c5d-8fff-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--30b25aaa-3cb2-4cd1-abf5-08129005f43d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:25.000Z",
"modified": "2018-05-04T11:39:25.000Z",
"pattern": "[file:hashes.MD5 = 'ac4402e04de0949d7beed975db84e594' AND file:hashes.SHA1 = 'd4e379313afdd60da889ba6516c754d7018802a1' AND file:hashes.SHA256 = '91659d5f35a8fea1c98f3ea32bcdd71a222f11095de680eb635ec8210fb5dc04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f3617dcc-af62-4280-9c9a-ab9d3d299f03",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:24.000Z",
"modified": "2018-05-04T11:39:24.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:05:58",
"category": "Other",
"uuid": "5aec466c-5b68-4eb8-917a-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/61",
"category": "Other",
"uuid": "5aec466c-8730-48e8-aa3d-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/91659d5f35a8fea1c98f3ea32bcdd71a222f11095de680eb635ec8210fb5dc04/analysis/1525352758/",
"category": "External analysis",
"uuid": "5aec466c-7560-4eef-8a29-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--603ec016-9820-4262-b877-f42d0c72a95c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:28.000Z",
"modified": "2018-05-04T11:39:28.000Z",
"pattern": "[file:hashes.MD5 = '6a388edbce88bb0331ae875ceeb2f319' AND file:hashes.SHA1 = 'a3e88929cc9347708caf88b371e8555a0b40bbae' AND file:hashes.SHA256 = '041b4d2280cae9720a62350de4541172933909380bb02701a7d20f87e670bac4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d6a1412f-41bc-4263-8422-139cc4ec59a8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:26.000Z",
"modified": "2018-05-04T11:39:26.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:06:17",
"category": "Other",
"uuid": "5aec466f-5368-47e6-a785-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/62",
"category": "Other",
"uuid": "5aec466f-c880-422c-ae4b-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/041b4d2280cae9720a62350de4541172933909380bb02701a7d20f87e670bac4/analysis/1525352777/",
"category": "External analysis",
"uuid": "5aec466f-a100-4c3c-847e-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1f4deeda-c969-4626-8eae-d5f557f2937a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:30.000Z",
"modified": "2018-05-04T11:39:30.000Z",
"pattern": "[file:hashes.MD5 = 'cb67abd070ae188390fc040cbe60e677' AND file:hashes.SHA1 = 'c9fb4cd14d88fc7ea6212f213e1f07f5a781edba' AND file:hashes.SHA256 = 'd7da061b55d24a54988a3fca60009da907d14c2bcd32f2e53ef13bd8085b96cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--dd172fdf-c047-47b9-bc67-8cae925cf527",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:29.000Z",
"modified": "2018-05-04T11:39:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:06:30",
"category": "Other",
"uuid": "5aec4671-c914-422f-8d45-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "11/62",
"category": "Other",
"uuid": "5aec4672-3614-4500-af7b-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d7da061b55d24a54988a3fca60009da907d14c2bcd32f2e53ef13bd8085b96cc/analysis/1525352790/",
"category": "External analysis",
"uuid": "5aec4672-056c-42a9-94e1-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--042c8757-07c8-4c84-8b0c-300b1d946d41",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:33.000Z",
"modified": "2018-05-04T11:39:33.000Z",
"pattern": "[file:hashes.MD5 = '699a7eedd244f402303bcffdee1f0ed1' AND file:hashes.SHA1 = '09b2108e72f0b9e0b382a43ead5c0a0e16cb50fa' AND file:hashes.SHA256 = '7a7eee78dfffa5974a2da9bdd3337fb16e5e1d658cbe5284ef352114ef446f6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--66ec9834-1856-4819-81d0-a7a19e5f8eea",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:32.000Z",
"modified": "2018-05-04T11:39:32.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:06:03",
"category": "Other",
"uuid": "5aec4674-045c-48ca-aec0-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/63",
"category": "Other",
"uuid": "5aec4674-2c68-429c-a76d-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7a7eee78dfffa5974a2da9bdd3337fb16e5e1d658cbe5284ef352114ef446f6a/analysis/1525352763/",
"category": "External analysis",
"uuid": "5aec4674-6cc0-4564-963b-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c6337b0c-b9a1-4c12-92e5-3223c4abd133",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:36.000Z",
"modified": "2018-05-04T11:39:36.000Z",
"pattern": "[file:hashes.MD5 = 'b714b092d2f28fcf78ef8d02b46dbf9c' AND file:hashes.SHA1 = '5a0d2064f7de0c98e91cabaeca2b7f5aa6da70f5' AND file:hashes.SHA256 = '24ee4589a7ed9c7fc630ecbb79d4114ab7ae8ae36b31da42e3fcfbb9edaafdc6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a4c9366f-a617-4a9e-bd17-da10b804814b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:34.000Z",
"modified": "2018-05-04T11:39:34.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:06:47",
"category": "Other",
"uuid": "5aec4677-e27c-4427-a864-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "29/60",
"category": "Other",
"uuid": "5aec4677-4d90-4f08-9843-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/24ee4589a7ed9c7fc630ecbb79d4114ab7ae8ae36b31da42e3fcfbb9edaafdc6/analysis/1525352807/",
"category": "External analysis",
"uuid": "5aec4677-0f6c-47b1-b347-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a57227d9-7325-46f3-ace1-e19ca49e51ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:38.000Z",
"modified": "2018-05-04T11:39:38.000Z",
"pattern": "[file:hashes.MD5 = 'e2f62b5acf3795a62e9d54e1301c4e7b' AND file:hashes.SHA1 = '163cb08bd60eb61b71a7c4f1891d1269b1954e6c' AND file:hashes.SHA256 = '59ece87dfa254ba8d47503e069e5e2cb99e22140e9a2e6e56d382a6427171889']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--07699f23-1898-4fd7-86d3-29fa7c088378",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:37.000Z",
"modified": "2018-05-04T11:39:37.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T13:06:10",
"category": "Other",
"uuid": "5aec4679-3a48-4bbc-b5b3-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "17/60",
"category": "Other",
"uuid": "5aec4679-97e0-4927-9f54-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/59ece87dfa254ba8d47503e069e5e2cb99e22140e9a2e6e56d382a6427171889/analysis/1525352770/",
"category": "External analysis",
"uuid": "5aec4679-f774-4d70-87bc-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d0ecc2c5-6e10-4077-ac69-28ed3a6a374f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:41.000Z",
"modified": "2018-05-04T11:39:41.000Z",
"pattern": "[file:hashes.MD5 = 'ec5a6f0e743f4b858aba9de96a33fb0c' AND file:hashes.SHA1 = '06fb916999081a9496715eaf72a77452a11ab09c' AND file:hashes.SHA256 = '76fa36d35e0e16b0ea416726b0da2a66dfe7d7b35504cf6c475eac4cfa95fe3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--70ca0203-d569-42dd-8538-112a5385c7bd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:39.000Z",
"modified": "2018-05-04T11:39:39.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-04T08:50:01",
"category": "Other",
"uuid": "5aec467b-cc64-4270-ab55-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "9/61",
"category": "Other",
"uuid": "5aec467b-e32c-4658-8ada-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/76fa36d35e0e16b0ea416726b0da2a66dfe7d7b35504cf6c475eac4cfa95fe3a/analysis/1525423801/",
"category": "External analysis",
"uuid": "5aec467b-e7fc-4d73-a04c-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--29f9cb3b-24a0-48f9-b03b-55160ffa3040",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"pattern": "[file:hashes.MD5 = '5efddd7f0fc2125e78a2ca18b68464ec' AND file:hashes.SHA1 = '82a5907e3be0cac185913f143e2e77c6e8578e7d' AND file:hashes.SHA256 = '0601fc10951b780efb7da41b25f1e41fdb347374e81858cc894e8d8fd2106b7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-04T11:39:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--36852ace-b32b-49ce-b563-4c1d366459d8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-04T11:39:41.000Z",
"modified": "2018-05-04T11:39:41.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-03T21:28:50",
"category": "Other",
"uuid": "5aec467d-ed5c-441c-8497-753902de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "10/62",
"category": "Other",
"uuid": "5aec467e-0adc-4e9c-ad61-753902de0b81"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0601fc10951b780efb7da41b25f1e41fdb347374e81858cc894e8d8fd2106b7b/analysis/1525382930/",
"category": "External analysis",
"uuid": "5aec467e-d5a8-4a15-ad0b-753902de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--878e9d91-9f2a-4228-800b-db488889d344",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:42.000Z",
"modified": "2018-05-04T11:39:42.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--27686eee-e891-46e5-b144-cb0e10e53c8f",
"target_ref": "x-misp-object--35191532-c69c-43b6-837e-36ca962d6e48"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--fc0c5272-b1d7-4772-9e7e-583977b5d9d0",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--30b25aaa-3cb2-4cd1-abf5-08129005f43d",
"target_ref": "x-misp-object--f3617dcc-af62-4280-9c9a-ab9d3d299f03"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--150eee68-7d22-440a-ba46-0fb0eda74e23",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--603ec016-9820-4262-b877-f42d0c72a95c",
"target_ref": "x-misp-object--d6a1412f-41bc-4263-8422-139cc4ec59a8"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--d6759d15-a2f6-4e27-a2a6-2b2bc24243f0",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--1f4deeda-c969-4626-8eae-d5f557f2937a",
"target_ref": "x-misp-object--dd172fdf-c047-47b9-bc67-8cae925cf527"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--1dfb0f72-b1ed-4e8f-a716-dea124f29b76",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--042c8757-07c8-4c84-8b0c-300b1d946d41",
"target_ref": "x-misp-object--66ec9834-1856-4819-81d0-a7a19e5f8eea"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--405857ba-2184-44ae-aef4-9c5385743dfc",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--c6337b0c-b9a1-4c12-92e5-3223c4abd133",
"target_ref": "x-misp-object--a4c9366f-a617-4a9e-bd17-da10b804814b"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--4cdea0f6-9c9d-4af7-9121-38240080fa5b",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a57227d9-7325-46f3-ace1-e19ca49e51ec",
"target_ref": "x-misp-object--07699f23-1898-4fd7-86d3-29fa7c088378"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--37a4550c-65a4-421f-88bb-606ca466e0bf",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d0ecc2c5-6e10-4077-ac69-28ed3a6a374f",
"target_ref": "x-misp-object--70ca0203-d569-42dd-8538-112a5385c7bd"
},
{
"type": "relationship",
"spec_version": "2.1",
chg: [feeds] updated
2024-08-07 08:13:15 +00:00
"id": "relationship--c162b294-94fe-4602-b9f8-305b7eaf8915",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"created": "2018-05-04T11:39:43.000Z",
"modified": "2018-05-04T11:39:43.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--29f9cb3b-24a0-48f9-b03b-55160ffa3040",
"target_ref": "x-misp-object--36852ace-b32b-49ce-b563-4c1d366459d8"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink