2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5a3bd321-a8a4-45a6-b246-445b950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "grouping",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "grouping--5a3bd321-a8a4-45a6-b246-445b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"name": "OSINT - New Android trojan targeting over 60 banks and social apps",
|
|
|
|
"context": "suspicious-activity",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f",
|
|
|
|
"url--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f",
|
|
|
|
"indicator--5be00902-b980-420b-b2ec-4f5c950d210f",
|
|
|
|
"indicator--5be00903-5d98-4214-adad-4a3e950d210f",
|
|
|
|
"indicator--5be00903-2a20-42ce-950d-4c80950d210f",
|
|
|
|
"indicator--5be00904-4e3c-40cb-a9b2-4fa9950d210f",
|
|
|
|
"indicator--5be00904-30e4-47c3-bf2a-4574950d210f",
|
|
|
|
"indicator--5be00905-440c-430f-ad81-493a950d210f",
|
|
|
|
"indicator--5be0090b-67a4-4f5d-b6c0-432b950d210f",
|
|
|
|
"indicator--5be00910-e888-4bcc-b09e-4305950d210f",
|
|
|
|
"indicator--5be00916-f90c-4316-b57e-4b19950d210f",
|
|
|
|
"indicator--5be00917-5d7c-405d-98b7-41ed950d210f",
|
|
|
|
"indicator--5be00917-0acc-46f0-b09c-4787950d210f",
|
|
|
|
"indicator--5be00918-5540-4d4f-b69a-4d1b950d210f",
|
|
|
|
"indicator--5be0091b-06e4-4e7d-985e-484e950d210f",
|
|
|
|
"indicator--5be0091c-40e4-4418-9b45-4156950d210f",
|
|
|
|
"indicator--5be0091c-efa4-4113-9486-4b55950d210f",
|
|
|
|
"indicator--5be0091d-0768-4e0c-a531-4b09950d210f",
|
|
|
|
"indicator--5be0091d-62b4-4656-955f-4f98950d210f",
|
|
|
|
"indicator--5be0091e-7e30-4a29-87fe-4be8950d210f",
|
|
|
|
"indicator--5be0091e-f0f4-476f-887e-42c1950d210f",
|
|
|
|
"indicator--5be0091f-5ae0-4f08-b72d-4cc3950d210f",
|
|
|
|
"indicator--5be0091f-52c0-4150-8174-48e7950d210f",
|
|
|
|
"indicator--5be00920-d8e8-40fc-a007-46d7950d210f",
|
|
|
|
"indicator--5be00920-c910-41ce-98bd-4fde950d210f",
|
|
|
|
"indicator--5be00921-371c-4fe2-b8bd-440b950d210f",
|
|
|
|
"indicator--5be00926-fc48-4be4-838f-4433950d210f",
|
|
|
|
"indicator--5be00927-2870-48f6-8bcc-4459950d210f",
|
|
|
|
"indicator--5be0092c-bc38-44de-ad74-4554950d210f",
|
|
|
|
"indicator--5be00932-9a7c-4a79-a0e7-42ff950d210f",
|
|
|
|
"indicator--5be00935-ca10-44db-9229-4274950d210f",
|
|
|
|
"indicator--5be00936-4cf8-458e-96ec-45de950d210f",
|
|
|
|
"indicator--5be00937-5020-45f2-92ab-410b950d210f",
|
|
|
|
"indicator--5be00937-72bc-4be7-8ee7-4e26950d210f",
|
|
|
|
"indicator--5be00938-7ee0-444a-b175-4ed8950d210f",
|
|
|
|
"indicator--5be00938-b9a8-4e82-bb77-4acd950d210f",
|
|
|
|
"indicator--5be0093e-1374-465c-a1dd-48cb950d210f",
|
|
|
|
"indicator--5be0093e-bc28-4fe5-b503-467a950d210f",
|
|
|
|
"indicator--5be0093f-da20-42eb-8a31-4b9f950d210f",
|
|
|
|
"indicator--5be0093f-b708-4408-9ef2-4480950d210f",
|
|
|
|
"indicator--5be00940-ded0-4a5a-875d-4e86950d210f",
|
|
|
|
"indicator--5be00940-ba98-4490-b995-4ffe950d210f",
|
|
|
|
"indicator--5be00941-18b4-47d9-b237-483c950d210f",
|
|
|
|
"indicator--5be00941-2318-45e1-85df-4887950d210f",
|
|
|
|
"indicator--5be00947-b94c-43ec-bc06-49e1950d210f",
|
|
|
|
"indicator--5be0094c-71f4-4a86-b021-4a1c950d210f",
|
|
|
|
"indicator--5be00952-1f28-46bf-ba31-4ae0950d210f",
|
|
|
|
"indicator--5be00952-6854-4df8-a2f6-461e950d210f",
|
|
|
|
"indicator--5be00953-7558-4388-90ea-4154950d210f",
|
|
|
|
"indicator--5be00953-a7e0-43ef-bdb7-4045950d210f",
|
|
|
|
"indicator--5be00954-453c-4023-9c05-4cb9950d210f",
|
|
|
|
"indicator--5be00954-94c4-4bf0-86e9-4c62950d210f",
|
|
|
|
"indicator--5be0095a-40dc-4974-8c55-4742950d210f",
|
|
|
|
"indicator--5be0095a-eaac-4514-93b0-4711950d210f",
|
|
|
|
"indicator--5be0095b-4af8-41cd-b882-46cc950d210f",
|
|
|
|
"indicator--5be0095b-cfd4-440f-b31e-4bd7950d210f",
|
|
|
|
"indicator--5be0095c-5074-4848-ba5f-4eda950d210f",
|
|
|
|
"indicator--5be00961-3534-4459-936e-483a950d210f",
|
|
|
|
"indicator--5be00962-9384-4d42-82b8-48b9950d210f",
|
|
|
|
"indicator--5be00962-9b84-402d-8d4c-4359950d210f",
|
|
|
|
"indicator--5be00963-abf0-49b5-94c9-4439950d210f",
|
|
|
|
"indicator--5be00a34-4b9c-4687-9c4d-4ec1950d210f",
|
|
|
|
"indicator--5be00a77-0660-46c9-b0ba-4ecd950d210f",
|
|
|
|
"indicator--5be00a93-8b48-476d-8339-447d950d210f",
|
|
|
|
"indicator--5be00ac5-d1fc-4bf9-a034-4310950d210f",
|
|
|
|
"indicator--5be00b1b-0528-448b-8a8b-4e99950d210f",
|
|
|
|
"indicator--5be00b36-902c-4741-83cf-4181950d210f",
|
|
|
|
"indicator--5be00e7e-0b14-4d66-9d81-4c28950d210f",
|
|
|
|
"indicator--5be00ea6-2f90-474b-985f-47e8950d210f",
|
|
|
|
"indicator--5be00ec0-85b4-4013-97d5-4c84950d210f",
|
|
|
|
"indicator--5be00edc-135c-4b87-a00c-4130950d210f",
|
|
|
|
"indicator--5be00efc-bef0-4544-a31f-45a0950d210f",
|
|
|
|
"indicator--5be00f1d-f554-44d1-b523-4c7f950d210f",
|
|
|
|
"indicator--5be00f44-c444-4b0a-a2d0-48c0950d210f",
|
|
|
|
"indicator--5be00f5a-e7d8-4b33-90ab-44cc950d210f",
|
|
|
|
"indicator--5be00f86-96e8-42f6-b0e4-4f00950d210f",
|
|
|
|
"indicator--5be00fa6-7fcc-4908-8faa-4c22950d210f",
|
|
|
|
"indicator--5be00fbe-9458-4f15-9256-4bb1950d210f",
|
|
|
|
"indicator--5be00fe4-cbb4-4f0a-bfdc-4487950d210f",
|
|
|
|
"indicator--9f7d8819-3d8a-408b-a2e2-1c567a72a326",
|
|
|
|
"x-misp-object--74ce551d-b3c7-4489-891b-9bb420fb6276",
|
|
|
|
"indicator--126ad6b0-f4b8-457c-8d48-9e4ee46162c9",
|
|
|
|
"x-misp-object--1f22ffe1-7948-4b1e-8d3a-1a77e8471f8c",
|
|
|
|
"indicator--9484a796-e5ef-4046-8d57-606eb714dc29",
|
|
|
|
"x-misp-object--a593cf8a-7c7e-455a-8bcb-5ad677a458d7",
|
|
|
|
"indicator--caaced19-acae-40d4-9fb2-d07ead24a799",
|
|
|
|
"x-misp-object--a3d75b8e-253d-4f2e-ba8c-63da524edce2",
|
|
|
|
"indicator--431e8d26-a3bb-4287-a762-4f53842fc5e7",
|
|
|
|
"x-misp-object--f29f6d28-1558-4169-8999-bd1c9642f404",
|
|
|
|
"indicator--a2bae36c-99aa-470b-92f8-8a56fb411fa6",
|
|
|
|
"x-misp-object--1cbf8ea2-a375-4be9-9fde-125385db9c8f",
|
|
|
|
"indicator--9fbc8b1a-89d4-483e-b052-b99cfedd6875",
|
|
|
|
"x-misp-object--d238b22a-5bad-42f4-9c46-0ed532cf269d",
|
|
|
|
"indicator--9f13df2b-b613-4785-9056-1c2a274ca947",
|
|
|
|
"x-misp-object--102efbb1-1732-487f-a636-5c36fed361f7",
|
|
|
|
"indicator--485cf634-0b1d-42c0-a31c-fb18e81e0af5",
|
|
|
|
"x-misp-object--d4ce5e52-b6cf-40ff-bc26-cd25ffcfde97",
|
|
|
|
"indicator--88d0599b-6cd5-4a20-bc0f-20f7e3884c62",
|
|
|
|
"x-misp-object--09999b9f-0371-488d-ac20-fd35bb5876f2",
|
|
|
|
"indicator--48e2f409-5348-4ced-b30b-158e53f3d0db",
|
|
|
|
"x-misp-object--01251890-fba9-46cb-9a6e-aef9caf1e169",
|
|
|
|
"indicator--0b905bfe-ab69-4e5e-b622-992b80399025",
|
|
|
|
"x-misp-object--d77cfe3b-6bb5-4575-ad9b-d61f81915468",
|
|
|
|
"indicator--28783d4f-45a8-4fbe-be77-ffe4efd9ed79",
|
|
|
|
"x-misp-object--be178841-563d-4a56-bae7-a3697e9089fc",
|
|
|
|
"indicator--42d6118d-c5e5-4228-9715-459d795be3d5",
|
|
|
|
"x-misp-object--f3886734-574c-4d19-a9bf-cf32a298640b",
|
|
|
|
"indicator--28fea41d-1585-41c1-81d9-2bed8addb3dd",
|
|
|
|
"x-misp-object--517ba780-62b4-4f69-ab78-268ff60ba619",
|
|
|
|
"indicator--d8dd3d7e-8a2c-4299-aeaf-575f0883a6db",
|
|
|
|
"x-misp-object--9515ed0b-2b92-4226-9e66-897a967e5836",
|
|
|
|
"indicator--205d63fb-7676-4ef1-8bab-547ed5120bca",
|
|
|
|
"x-misp-object--d46a3784-5b8c-4d3d-9ca1-c4707774c607",
|
|
|
|
"indicator--b4ecec0d-f83e-48aa-a503-17c4f19d5eba",
|
|
|
|
"x-misp-object--e408196c-b99e-4c41-860a-70a9a92f4854",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--448eff2f-4f44-4d84-90e6-6b62b3ecfa18",
|
|
|
|
"relationship--da3a615d-ce24-4074-99c8-33c78e254eea",
|
|
|
|
"relationship--04c492a7-b9ea-4e7b-a0b4-9b449a844d5e",
|
|
|
|
"relationship--8f2c9e6d-5f3a-43d3-a050-782637fe5194",
|
|
|
|
"relationship--20500800-1593-4e43-bf35-5838bd11b389",
|
|
|
|
"relationship--0cf9a452-fd27-496b-987d-026a1495d183",
|
|
|
|
"relationship--614418c7-a765-4824-bc20-a07c6bbc4802",
|
|
|
|
"relationship--999367ff-a282-42ff-ba41-f76f9a0324d9",
|
|
|
|
"relationship--a17f00fb-8a17-4bf1-9a51-b287981501d4",
|
|
|
|
"relationship--1d4bafb6-1036-43dd-b8f3-134b756704c2",
|
|
|
|
"relationship--ba8035a1-6b99-4605-aab9-adeb7f9f7b8b",
|
|
|
|
"relationship--aece340b-426e-4eee-99d6-6289c7a44c75",
|
|
|
|
"relationship--13f143f0-be30-4e17-b023-fa06dc2a43de",
|
|
|
|
"relationship--0bfa9431-cd8c-4872-b48a-495bb817b70f",
|
|
|
|
"relationship--8f0c3211-951d-4cdc-b0ae-fd4be93e0a62",
|
|
|
|
"relationship--5c58b6cb-0ba6-44a0-9cc0-a1ee0c3cb714",
|
|
|
|
"relationship--ce45ba5d-c45a-4d19-85bb-ac021438da1c",
|
|
|
|
"relationship--d94fb1f7-f362-49f3-8953-488cda33e992"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"workflow:state=\"incomplete\"",
|
|
|
|
"workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
|
|
|
|
"workflow:todo=\"create-missing-misp-galaxy-cluster\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-12-21T15:28:44.000Z",
|
|
|
|
"modified": "2017-12-21T15:28:44.000Z",
|
|
|
|
"first_observed": "2017-12-21T15:28:44Z",
|
|
|
|
"last_observed": "2017-12-21T15:28:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f",
|
|
|
|
"value": "https://clientsidedetection.com/new_android_trojan_targeting_over_60_banks_and_social_apps.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00902-b980-420b-b2ec-4f5c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:26.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aib.ibank.android']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00903-5d98-4214-adad-4a3e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:27.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:27.000Z",
|
|
|
|
"pattern": "[file:name = 'au.com.bankwest.mobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00903-2a20-42ce-950d-4c80950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:27.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:27.000Z",
|
|
|
|
"pattern": "[file:name = 'au.com.cua.mb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00904-4e3c-40cb-a9b2-4fa9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:28.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:28.000Z",
|
|
|
|
"pattern": "[file:name = 'au.com.mebank.banking']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00904-30e4-47c3-bf2a-4574950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:28.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:28.000Z",
|
|
|
|
"pattern": "[file:name = 'au.com.nab.mobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00905-440c-430f-ad81-493a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:29.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:29.000Z",
|
|
|
|
"pattern": "[file:name = 'au.com.newcastlepermanent']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0090b-67a4-4f5d-b6c0-432b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:35.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:35.000Z",
|
|
|
|
"pattern": "[file:name = 'au.com.suncorp.SuncorpBank']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00910-e888-4bcc-b09e-4305950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:40.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:40.000Z",
|
|
|
|
"pattern": "[file:name = 'com.anz.android.gomoney']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00916-f90c-4316-b57e-4b19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:46.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:46.000Z",
|
|
|
|
"pattern": "[file:name = 'com.axis.mobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00917-5d7c-405d-98b7-41ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:47.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:47.000Z",
|
|
|
|
"pattern": "[file:name = 'com.bankofireland.mobilebanking']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00917-0acc-46f0-b09c-4787950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:47.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:47.000Z",
|
|
|
|
"pattern": "[file:name = 'com.bbva.bbvacontigo']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00918-5540-4d4f-b69a-4d1b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:48.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:48.000Z",
|
|
|
|
"pattern": "[file:name = 'com.caisseepargne.android.mobilebanking']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091b-06e4-4e7d-985e-484e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:51.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'com.chase.sig.android']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091c-40e4-4418-9b45-4156950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:52.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:52.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'com.citibank.mobile.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091c-efa4-4113-9486-4b55950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:52.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:52.000Z",
|
|
|
|
"pattern": "[file:name = 'com.cm_prod.bad']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091d-0768-4e0c-a531-4b09950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:53.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:53.000Z",
|
|
|
|
"pattern": "[file:name = 'com.comarch.security.mobilebanking']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091d-62b4-4656-955f-4f98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:53.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:53.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'com.commbank.netbank']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091e-7e30-4a29-87fe-4be8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:54.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:54.000Z",
|
|
|
|
"pattern": "[file:name = 'com.csam.icici.bank.imobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091e-f0f4-476f-887e-42c1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:54.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:54.000Z",
|
|
|
|
"pattern": "[file:name = 'com.finansbank.mobile.cepsube']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091f-5ae0-4f08-b72d-4cc3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:55.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:55.000Z",
|
|
|
|
"pattern": "[file:name = 'com.garanti.cepsubesi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0091f-52c0-4150-8174-48e7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:55.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:55.000Z",
|
|
|
|
"pattern": "[file:name = 'com.infonow.bofa']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00920-d8e8-40fc-a007-46d7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:56.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:56.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'com.instagram.android']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00920-c910-41ce-98bd-4fde950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:56.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:56.000Z",
|
|
|
|
"pattern": "[file:name = 'com.konylabs.capitalone']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00921-371c-4fe2-b8bd-440b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:10:57.000Z",
|
|
|
|
"modified": "2018-11-05T09:10:57.000Z",
|
|
|
|
"pattern": "[file:name = 'com.konylabs.cbplpat']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:10:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00926-fc48-4be4-838f-4433950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:02.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:02.000Z",
|
|
|
|
"pattern": "[file:name = 'com.latuabancaperandroid']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00927-2870-48f6-8bcc-4459950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:03.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:03.000Z",
|
|
|
|
"pattern": "[file:name = 'com.nearform.ptsb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0092c-bc38-44de-ad74-4554950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:08.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'com.palatine.android.mobilebanking.prod']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00932-9a7c-4a79-a0e7-42ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:14.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:14.000Z",
|
|
|
|
"pattern": "[file:name = 'com.pozitron.iscep']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00935-ca10-44db-9229-4274950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:17.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:17.000Z",
|
|
|
|
"pattern": "[file:name = 'com.sbi.SBIFreedomPlus']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00936-4cf8-458e-96ec-45de950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:18.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:18.000Z",
|
|
|
|
"pattern": "[file:name = 'com.snapwork.hdfc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00937-5020-45f2-92ab-410b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:19.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:19.000Z",
|
|
|
|
"pattern": "[file:name = 'com.suntrust.mobilebanking']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00937-72bc-4be7-8ee7-4e26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:19.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:19.000Z",
|
|
|
|
"pattern": "[file:name = 'com.tmobtech.halkbank']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00938-7ee0-444a-b175-4ed8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:20.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'com.unionbank.ecommerce.mobile.android']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00938-b9a8-4e82-bb77-4acd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:20.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:20.000Z",
|
|
|
|
"pattern": "[file:name = 'com.vakifbank.mobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0093e-1374-465c-a1dd-48cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:26.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:26.000Z",
|
|
|
|
"pattern": "[file:name = 'com.wf.wellsfargomobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0093e-bc28-4fe5-b503-467a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:26.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'com.ykb.android']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0093f-da20-42eb-8a31-4b9f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:27.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:27.000Z",
|
|
|
|
"pattern": "[file:name = 'com.ziraat.ziraatmobil']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0093f-b708-4408-9ef2-4480950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:27.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'de.comdirect.android']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00940-ded0-4a5a-875d-4e86950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:28.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:28.000Z",
|
|
|
|
"pattern": "[file:name = 'de.commerzbanking.mobil']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00940-ba98-4490-b995-4ffe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:28.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:28.000Z",
|
|
|
|
"pattern": "[file:name = 'de.postbank.finanzassistent']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00941-18b4-47d9-b237-483c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:29.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:29.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'es.cm.android']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00941-2318-45e1-85df-4887950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:29.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:29.000Z",
|
|
|
|
"pattern": "[file:name = 'es.lacaixa.mobile.android.newwapicon']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00947-b94c-43ec-bc06-49e1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:35.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:35.000Z",
|
|
|
|
"pattern": "[file:name = 'eu.eleader.mobilebanking.pekao']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0094c-71f4-4a86-b021-4a1c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:40.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:40.000Z",
|
|
|
|
"pattern": "[file:name = 'fr.banquepopulaire.cyberplus']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00952-1f28-46bf-ba31-4ae0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:46.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:46.000Z",
|
|
|
|
"pattern": "[file:name = 'fr.creditagricole.androidapp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00952-6854-4df8-a2f6-461e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:46.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:46.000Z",
|
|
|
|
"pattern": "[file:name = 'fr.laposte.lapostemobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00953-7558-4388-90ea-4154950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:47.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:47.000Z",
|
|
|
|
"pattern": "[file:name = 'fr.lcl.android.customerarea']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00953-a7e0-43ef-bdb7-4045950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:47.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:47.000Z",
|
|
|
|
"pattern": "[file:name = 'in.co.bankofbaroda.mpassbook']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00954-453c-4023-9c05-4cb9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:48.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:48.000Z",
|
|
|
|
"pattern": "[file:name = 'it.nogood.container']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00954-94c4-4bf0-86e9-4c62950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:48.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:48.000Z",
|
|
|
|
"pattern": "[file:name = 'net.bnpparibas.mescomptes']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0095a-40dc-4974-8c55-4742950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:54.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:54.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'org.stgeorge.bankorg.westpac.bank']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0095a-eaac-4514-93b0-4711950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:54.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:54.000Z",
|
|
|
|
"pattern": "[file:name = 'pl.bzwbk.bzwbk24']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0095b-4af8-41cd-b882-46cc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:55.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:55.000Z",
|
|
|
|
"pattern": "[file:name = 'pl.bzwbk.mobile.tab.bzwbk24']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0095b-cfd4-440f-b31e-4bd7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:55.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:55.000Z",
|
|
|
|
"pattern": "[file:name = 'pl.eurobank']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be0095c-5074-4848-ba5f-4eda950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:11:56.000Z",
|
|
|
|
"modified": "2018-11-05T09:11:56.000Z",
|
|
|
|
"pattern": "[file:name = 'pl.ipko.mobile']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:11:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00961-3534-4459-936e-483a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:12:01.000Z",
|
|
|
|
"modified": "2018-11-05T09:12:01.000Z",
|
|
|
|
"pattern": "[file:name = 'pl.mbank']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:12:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00962-9384-4d42-82b8-48b9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:12:02.000Z",
|
|
|
|
"modified": "2018-11-05T09:12:02.000Z",
|
|
|
|
"pattern": "[file:name = 'pl.millennium.corpApp']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:12:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00962-9b84-402d-8d4c-4359950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:12:02.000Z",
|
|
|
|
"modified": "2018-11-05T09:12:02.000Z",
|
|
|
|
"pattern": "[file:name = 'src.com.idbi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:12:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00963-abf0-49b5-94c9-4439950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:12:03.000Z",
|
|
|
|
"modified": "2018-11-05T09:12:03.000Z",
|
|
|
|
"pattern": "[file:name = 'wit.android.bcpBankingApp.millenniumPL']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:12:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00a34-4b9c-4687-9c4d-4ec1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:15:32.000Z",
|
|
|
|
"modified": "2018-11-05T09:15:32.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a7c9cfa4ad14b0b9f907db0a1bef626327e1348515a4ae61a20387d6ec8fea78' AND file:name = 'com.patixof.dxtrix' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:15:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00a77-0660-46c9-b0ba-4ecd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:16:39.000Z",
|
|
|
|
"modified": "2018-11-05T09:16:39.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'bb0c8992c9eb052934c7f341a6b7992f8bb01c078865c4e562fd9b84637c1e1b' AND file:name = 'com.acronic' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:16:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00a93-8b48-476d-8339-447d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:17:07.000Z",
|
|
|
|
"modified": "2018-11-05T09:17:07.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '79424db82573e1d7e60f94489c5ca1992f8d65422dbb8805d65f418d20bbd03a' AND file:name = 'com.glsoftwre.fmc' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:17:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00ac5-d1fc-4bf9-a034-4310950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:17:57.000Z",
|
|
|
|
"modified": "2018-11-05T09:17:57.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4d74b31907745ba0715d356e7854389830e519f5051878485c4be8779bb55736' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:17:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00b1b-0528-448b-8a8b-4e99950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:19:23.000Z",
|
|
|
|
"modified": "2018-11-05T09:19:23.000Z",
|
|
|
|
"description": "Viber",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '2dc19f81352e84a45bd7f916afa3353d7f710338494d44802f271e1f3d972aed' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:19:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00b36-902c-4741-83cf-4181950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:19:50.000Z",
|
|
|
|
"modified": "2018-11-05T09:19:50.000Z",
|
|
|
|
"description": "Android Update",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '307f1b6eae57b6475b4436568774f0b23aa370a1a48f3b991af9c9b336733630' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:19:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00e7e-0b14-4d66-9d81-4c28950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:33:50.000Z",
|
|
|
|
"modified": "2018-11-05T09:33:50.000Z",
|
|
|
|
"description": "Update Google Market",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '359341b5b4306ef36343b2ed5625bbbb8c051f2957d268b57be9c84424affd29' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:33:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00ea6-2f90-474b-985f-47e8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:34:30.000Z",
|
|
|
|
"modified": "2018-11-05T09:34:30.000Z",
|
|
|
|
"description": "WhatsApp",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9eaa3bb33c36626cd13fc94f9de88b0f390ac5219cc04a08ee5961d59bf4946b' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:34:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00ec0-85b4-4013-97d5-4c84950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:34:56.000Z",
|
|
|
|
"modified": "2018-11-05T09:34:56.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dc11d9eb2b09c2bf74136b313e752075afb05c2f82d1f5fdd2379e46089eb776' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00edc-135c-4b87-a00c-4130950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:35:24.000Z",
|
|
|
|
"modified": "2018-11-05T09:35:24.000Z",
|
|
|
|
"description": "Update WhatsApp",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '58391ca1e3001311efe9fba1c05c15a2b1a7e5026e0f7b642a929a8fed25b187' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:35:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00efc-bef0-4544-a31f-45a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:35:56.000Z",
|
|
|
|
"modified": "2018-11-05T09:35:56.000Z",
|
|
|
|
"description": "Android Update",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '36cbe3344f027c2960f7ac0d661ddbefff631af2da90b5122a65c407d0182b69' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:35:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00f1d-f554-44d1-b523-4c7f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:36:29.000Z",
|
|
|
|
"modified": "2018-11-05T09:36:29.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a5db9e4deadb2f7e075ba8a3beb6d927502b76237afaf0e2c28d00bb01570fae' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:36:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00f44-c444-4b0a-a2d0-48c0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:37:08.000Z",
|
|
|
|
"modified": "2018-11-05T09:37:08.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0d0490d2844726314b7569827013d0555af242dd32b7e36ff5e28da3982a4f88' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:37:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00f5a-e7d8-4b33-90ab-44cc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:37:30.000Z",
|
|
|
|
"modified": "2018-11-05T09:37:30.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3e47f075b9d0b2eb840b8bbd49017ffb743f9973c274ec04b4db209af73300d6' AND file:name = 'com.excellentsft.xss' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:37:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00f86-96e8-42f6-b0e4-4f00950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:38:14.000Z",
|
|
|
|
"modified": "2018-11-05T09:38:14.000Z",
|
|
|
|
"description": "ebookreader",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '05ea7239e4df91e7ffd57fba8cc81751836d03fa7c2c4aa1913739f023b046f0' AND file:name = 'com.clx.rms' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:38:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00fa6-7fcc-4908-8faa-4c22950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:38:46.000Z",
|
|
|
|
"modified": "2018-11-05T09:38:46.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '9446a9a13848906ca3040e399fd84bfebf21c40825f7d52a63c7ccccec4659b7' AND file:name = 'com.glsoftwre.fmc' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:38:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00fbe-9458-4f15-9256-4bb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:39:10.000Z",
|
|
|
|
"modified": "2018-11-05T09:39:10.000Z",
|
|
|
|
"description": "Update Flash Player",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3a5ddb598e20ca7dfa79a9682751322a869695c500bdfb0c91c8e2ffb02cd6da' AND file:name = 'com.kmc.prod' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:39:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5be00fe4-cbb4-4f0a-bfdc-4487950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-11-05T09:39:48.000Z",
|
|
|
|
"modified": "2018-11-05T09:39:48.000Z",
|
|
|
|
"description": "Android Update",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b83bd8c755cb7546ef28bac157e51f04257686a045bbf9d64bec7eeb9116fd8a' AND file:name = 'com.kmc.prod' AND file:x_misp_state = 'Malicious']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-05T09:39:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--9f7d8819-3d8a-408b-a2e2-1c567a72a326",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:37.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '49bb47f0444b08c2462b4ba2584ba314' AND file:hashes.SHA1 = 'ac244f3691616c004e1b5d5a9b4812ad8e2892e7' AND file:hashes.SHA256 = 'dc11d9eb2b09c2bf74136b313e752075afb05c2f82d1f5fdd2379e46089eb776']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--74ce551d-b3c7-4489-891b-9bb420fb6276",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:37.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:15:50",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "91571960-c106-4286-8b1f-e71337e549e9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/dc11d9eb2b09c2bf74136b313e752075afb05c2f82d1f5fdd2379e46089eb776/analysis/1530144950/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "3b766bce-672e-4592-b362-25d0ff50a045"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "aae7b9c7-57d7-4189-921e-bfb85852554b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--126ad6b0-f4b8-457c-8d48-9e4ee46162c9",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:37.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fba6fde1cc56a835fc9e4eeb0b718796' AND file:hashes.SHA1 = '2e428e67c5664ae1c5bd40439654364c2aaae9f2' AND file:hashes.SHA256 = '36cbe3344f027c2960f7ac0d661ddbefff631af2da90b5122a65c407d0182b69']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1f22ffe1-7948-4b1e-8d3a-1a77e8471f8c",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:37.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-07-01 00:02:03",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6e4e24af-a3bc-4f62-a270-bd2c7e0bf3ad"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/36cbe3344f027c2960f7ac0d661ddbefff631af2da90b5122a65c407d0182b69/analysis/1530403323/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c601acd8-769e-4790-bbbf-103b4d5d0041"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "34/58",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9317b977-c0f8-4387-9897-b06eab560434"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--9484a796-e5ef-4046-8d57-606eb714dc29",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:37.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6cf9e7ab21953d1f613a9c04878796c8' AND file:hashes.SHA1 = '8db8d422536cb50e0df5d1c80f2b6d55608825b4' AND file:hashes.SHA256 = '359341b5b4306ef36343b2ed5625bbbb8c051f2957d268b57be9c84424affd29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a593cf8a-7c7e-455a-8bcb-5ad677a458d7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:37.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:37.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:21:14",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7742d522-2b1a-4182-94ac-ded00931840b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/359341b5b4306ef36343b2ed5625bbbb8c051f2957d268b57be9c84424affd29/analysis/1530145274/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c8c757a0-eca6-4d7a-b403-7dd57cf8b338"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/63",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "2cda08e3-3e2b-407d-b29f-c1d360beedd9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--caaced19-acae-40d4-9fb2-d07ead24a799",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:37.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c13f3d72e5900f3e3b7af2a1ad2cbd3a' AND file:hashes.SHA1 = '08cd1e2a2f7accebb66da15597253658eb6889e0' AND file:hashes.SHA256 = '9446a9a13848906ca3040e399fd84bfebf21c40825f7d52a63c7ccccec4659b7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--a3d75b8e-253d-4f2e-ba8c-63da524edce2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:38.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-11-27 10:44:50",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "10621f3d-c2e2-4eab-a9e0-fdd511f798d4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9446a9a13848906ca3040e399fd84bfebf21c40825f7d52a63c7ccccec4659b7/analysis/1511779490/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1a2ec0c9-9479-4358-ae85-65681f40ddce"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/63",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "9536753e-efcb-4173-a72c-d4c492170aad"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--431e8d26-a3bb-4287-a762-4f53842fc5e7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:38.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:38.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4293504296dad91b884b5e7be64f8294' AND file:hashes.SHA1 = '0229b26c1aa5f9000a2549b159f530a10e575970' AND file:hashes.SHA256 = 'b83bd8c755cb7546ef28bac157e51f04257686a045bbf9d64bec7eeb9116fd8a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f29f6d28-1558-4169-8999-bd1c9642f404",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:38.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-11-03 11:47:20",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "a7d34c6c-4156-48fb-bddd-82184cc94f04"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/b83bd8c755cb7546ef28bac157e51f04257686a045bbf9d64bec7eeb9116fd8a/analysis/1541245640/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "7521d55d-bd4b-4032-a37d-cbf1fc36528a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/60",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "018dc8e5-946e-4799-b07c-259a50f91f7b"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--a2bae36c-99aa-470b-92f8-8a56fb411fa6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:38.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:38.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4b9c329bf53b975cf3d2c4b3ef86fd16' AND file:hashes.SHA1 = '9591194d6bf57996699c0d5841ee7f54b91f0636' AND file:hashes.SHA256 = '2dc19f81352e84a45bd7f916afa3353d7f710338494d44802f271e1f3d972aed']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--1cbf8ea2-a375-4be9-9fde-125385db9c8f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:38.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:38.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-07-30 15:31:50",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "76845609-3bd5-4558-8bad-c5eb44959f8b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/2dc19f81352e84a45bd7f916afa3353d7f710338494d44802f271e1f3d972aed/analysis/1532964710/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "e698e64c-e63b-4ae1-a604-e41ebd8a724a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "39/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "af021bf6-bef7-4aff-9902-6c0e9f123f69"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--9fbc8b1a-89d4-483e-b052-b99cfedd6875",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6de77433b4e42505af2e8d89df9aff90' AND file:hashes.SHA1 = '97c9c935a62aaef587408bbf80d99dd45863efaf' AND file:hashes.SHA256 = '79424db82573e1d7e60f94489c5ca1992f8d65422dbb8805d65f418d20bbd03a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d238b22a-5bad-42f4-9c46-0ed532cf269d",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:20:55",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5a047e0a-4579-40a4-ba92-68211a1370d6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/79424db82573e1d7e60f94489c5ca1992f8d65422dbb8805d65f418d20bbd03a/analysis/1530145255/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "097c6416-7840-42f3-9bbe-bcd394266ac2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "2af64d9f-41ae-43e7-8297-f76f1ac6ddce"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--9f13df2b-b613-4785-9056-1c2a274ca947",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '81e30f25d93c328bcc4817a1e3cf257c' AND file:hashes.SHA1 = '77a05118841bdae24801af09a7c5601a1dce163f' AND file:hashes.SHA256 = 'a5db9e4deadb2f7e075ba8a3beb6d927502b76237afaf0e2c28d00bb01570fae']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--102efbb1-1732-487f-a636-5c36fed361f7",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:23:50",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "d273ba7e-aa03-4d10-a106-9b9388d7ce7c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/a5db9e4deadb2f7e075ba8a3beb6d927502b76237afaf0e2c28d00bb01570fae/analysis/1530145430/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "83039d46-fd52-47ee-bfce-546e03c5cfa8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ac94e92d-e0a3-491b-b204-72f1bca78077"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--485cf634-0b1d-42c0-a31c-fb18e81e0af5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7f95fd9377a11b61dc3aff05ce74e832' AND file:hashes.SHA1 = '11d8c608db2e57274c015875f8e09c0e5e5537db' AND file:hashes.SHA256 = '9eaa3bb33c36626cd13fc94f9de88b0f390ac5219cc04a08ee5961d59bf4946b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d4ce5e52-b6cf-40ff-bc26-cd25ffcfde97",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:23:30",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9476afce-c9e8-4064-af77-d8e4afd4f863"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/9eaa3bb33c36626cd13fc94f9de88b0f390ac5219cc04a08ee5961d59bf4946b/analysis/1530145410/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "43da92cd-7f9a-490a-8f79-790dac363237"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/62",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "dfd8a8d3-258f-4e62-a6c7-1beb7d03aee6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--88d0599b-6cd5-4a20-bc0f-20f7e3884c62",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e2bc41199a703833a6e4cef25b1a3493' AND file:hashes.SHA1 = '61db53263305a19c67c86291ad91aa8a3f1fda6c' AND file:hashes.SHA256 = '3a5ddb598e20ca7dfa79a9682751322a869695c500bdfb0c91c8e2ffb02cd6da']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--09999b9f-0371-488d-ac20-fd35bb5876f2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-30 00:23:10",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "f574e94b-9740-4974-bc27-7c9357ecfdcb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/3a5ddb598e20ca7dfa79a9682751322a869695c500bdfb0c91c8e2ffb02cd6da/analysis/1530318190/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "be5ebf42-a397-40e6-9cde-888672290fad"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/59",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c10ed715-d14a-4d49-8c10-a50e8010bf7d"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--48e2f409-5348-4ced-b30b-158e53f3d0db",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '78fd32b454a66ed8e945e091d3b403d6' AND file:hashes.SHA1 = 'f8cccfe36520b8154a20a801d7d931800613575d' AND file:hashes.SHA256 = '4d74b31907745ba0715d356e7854389830e519f5051878485c4be8779bb55736']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--01251890-fba9-46cb-9a6e-aef9caf1e169",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-03-19 10:03:37",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "7af7c9c5-2149-468c-8a03-201aabc44e05"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/4d74b31907745ba0715d356e7854389830e519f5051878485c4be8779bb55736/analysis/1552989817/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "78578bcd-c1cf-456f-8350-5af5739576d8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "30/58",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "ac561bcb-7c08-4964-830a-5c44edf23c8e"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--0b905bfe-ab69-4e5e-b622-992b80399025",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:39.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:39.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5e64925054bca30c176025f31feaa356' AND file:hashes.SHA1 = '9c0be92b82c130cd95039024c9145231396a2714' AND file:hashes.SHA256 = '3e47f075b9d0b2eb840b8bbd49017ffb743f9973c274ec04b4db209af73300d6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d77cfe3b-6bb5-4575-ad9b-d61f81915468",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:19:07",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6dfca490-d81b-4c69-bc51-64e0488ef119"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/3e47f075b9d0b2eb840b8bbd49017ffb743f9973c274ec04b4db209af73300d6/analysis/1530145147/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "4cb1358a-02bc-4189-9fbf-fd59338997ad"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "36/63",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "0c8a994e-8b44-4fb3-97e0-760b759fd438"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--28783d4f-45a8-4fbe-be77-ffe4efd9ed79",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c6203cf8895830df2845d4517a580b6b' AND file:hashes.SHA1 = 'ca25aa07266669a6eb581bf3f87fca486f9ce0ef' AND file:hashes.SHA256 = 'a7c9cfa4ad14b0b9f907db0a1bef626327e1348515a4ae61a20387d6ec8fea78']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--be178841-563d-4a56-bae7-a3697e9089fc",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-07-30 15:31:46",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "cf6b0341-2947-4dac-8259-6b8b3abe288d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/a7c9cfa4ad14b0b9f907db0a1bef626327e1348515a4ae61a20387d6ec8fea78/analysis/1532964706/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "308a3034-f6f4-4db6-bdb9-11880ffc277e"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/61",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "d0c22a30-8036-4f78-9190-fafd844f1711"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--42d6118d-c5e5-4228-9715-459d795be3d5",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e886a9a2d62ac2eebc2822fde7fd8b5c' AND file:hashes.SHA1 = '3c5eaa5742ffb913e5dd83503b66c34e7157dc8d' AND file:hashes.SHA256 = '05ea7239e4df91e7ffd57fba8cc81751836d03fa7c2c4aa1913739f023b046f0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--f3886734-574c-4d19-a9bf-cf32a298640b",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-30 00:25:31",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "bf334823-f675-4114-8ddd-eb968700f549"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/05ea7239e4df91e7ffd57fba8cc81751836d03fa7c2c4aa1913739f023b046f0/analysis/1530318331/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "c146da75-928a-41a9-b562-764720f249fb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/58",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "efe4e745-15c9-4df4-adf5-383010884ab6"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--28fea41d-1585-41c1-81d9-2bed8addb3dd",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '53185e1673a00c577cdaa013013ea08d' AND file:hashes.SHA1 = '89d728636574847f48484f0b0b3a7ea9aee4b04d' AND file:hashes.SHA256 = 'bb0c8992c9eb052934c7f341a6b7992f8bb01c078865c4e562fd9b84637c1e1b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--517ba780-62b4-4f69-ab78-268ff60ba619",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:17:31",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "6c42aa63-10b3-47ff-966e-a9ed8eff515d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/bb0c8992c9eb052934c7f341a6b7992f8bb01c078865c4e562fd9b84637c1e1b/analysis/1530145051/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "7d759e72-41b4-44dc-a834-3601ab33fcdc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/63",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "3803b585-bc38-4fdb-9e18-e0a0b79df275"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d8dd3d7e-8a2c-4299-aeaf-575f0883a6db",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '329d3ca4d54ea906655a498e5479fa8e' AND file:hashes.SHA1 = 'f019916e1a2e6d7886597a4497a6cd304361bdbe' AND file:hashes.SHA256 = '0d0490d2844726314b7569827013d0555af242dd32b7e36ff5e28da3982a4f88']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--9515ed0b-2b92-4226-9e66-897a967e5836",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:12:23",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "9112bdbe-15db-4bd3-b4f5-d96c4a40b423"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/0d0490d2844726314b7569827013d0555af242dd32b7e36ff5e28da3982a4f88/analysis/1530144743/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1b10f6ad-ff42-4db3-9697-43b01f882f35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "39/63",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "3832fcdb-dbd2-46f2-a001-c25e33a90f90"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--205d63fb-7676-4ef1-8bab-547ed5120bca",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7e646920afa80664d8ccbbba476280d9' AND file:hashes.SHA1 = '10e7d6fb4ed122b0690684a2c80057c275bfcd22' AND file:hashes.SHA256 = '307f1b6eae57b6475b4436568774f0b23aa370a1a48f3b991af9c9b336733630']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d46a3784-5b8c-4d3d-9ca1-c4707774c607",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:40.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:40.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:23:19",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "3fc9f342-2374-4c7a-a0e1-c534651b7592"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/307f1b6eae57b6475b4436568774f0b23aa370a1a48f3b991af9c9b336733630/analysis/1530145399/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "2100616f-bbb9-4cf1-9cba-f6c2fe5bf83a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "35/59",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "db26311c-7eba-4f19-9d64-2bc6f2376971"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--b4ecec0d-f83e-48aa-a503-17c4f19d5eba",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0d41f9bfa7b19ad72c5efe9b8e7ca75f' AND file:hashes.SHA1 = 'a1aaaebe7ccb3674b0b18b5d3e842562e72a5766' AND file:hashes.SHA256 = '58391ca1e3001311efe9fba1c05c15a2b1a7e5026e0f7b642a929a8fed25b187']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-03-27T12:17:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e408196c-b99e-4c41-860a-70a9a92f4854",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2018-06-28 00:06:38",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5bf3eefc-e69e-490c-bd0b-a023d5221b23"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/58391ca1e3001311efe9fba1c05c15a2b1a7e5026e0f7b642a929a8fed25b187/analysis/1530144398/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "231e62cf-a41c-4dcb-9b0f-dd378a69d8c9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "37/63",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"uuid": "1eae565a-1e89-4f63-8522-c12d9a7c25c9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--448eff2f-4f44-4d84-90e6-6b62b3ecfa18",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--9f7d8819-3d8a-408b-a2e2-1c567a72a326",
|
|
|
|
"target_ref": "x-misp-object--74ce551d-b3c7-4489-891b-9bb420fb6276"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--da3a615d-ce24-4074-99c8-33c78e254eea",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--126ad6b0-f4b8-457c-8d48-9e4ee46162c9",
|
|
|
|
"target_ref": "x-misp-object--1f22ffe1-7948-4b1e-8d3a-1a77e8471f8c"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--04c492a7-b9ea-4e7b-a0b4-9b449a844d5e",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--9484a796-e5ef-4046-8d57-606eb714dc29",
|
|
|
|
"target_ref": "x-misp-object--a593cf8a-7c7e-455a-8bcb-5ad677a458d7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--8f2c9e6d-5f3a-43d3-a050-782637fe5194",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--caaced19-acae-40d4-9fb2-d07ead24a799",
|
|
|
|
"target_ref": "x-misp-object--a3d75b8e-253d-4f2e-ba8c-63da524edce2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--20500800-1593-4e43-bf35-5838bd11b389",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--431e8d26-a3bb-4287-a762-4f53842fc5e7",
|
|
|
|
"target_ref": "x-misp-object--f29f6d28-1558-4169-8999-bd1c9642f404"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--0cf9a452-fd27-496b-987d-026a1495d183",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--a2bae36c-99aa-470b-92f8-8a56fb411fa6",
|
|
|
|
"target_ref": "x-misp-object--1cbf8ea2-a375-4be9-9fde-125385db9c8f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--614418c7-a765-4824-bc20-a07c6bbc4802",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--9fbc8b1a-89d4-483e-b052-b99cfedd6875",
|
|
|
|
"target_ref": "x-misp-object--d238b22a-5bad-42f4-9c46-0ed532cf269d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--999367ff-a282-42ff-ba41-f76f9a0324d9",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--9f13df2b-b613-4785-9056-1c2a274ca947",
|
|
|
|
"target_ref": "x-misp-object--102efbb1-1732-487f-a636-5c36fed361f7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--a17f00fb-8a17-4bf1-9a51-b287981501d4",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--485cf634-0b1d-42c0-a31c-fb18e81e0af5",
|
|
|
|
"target_ref": "x-misp-object--d4ce5e52-b6cf-40ff-bc26-cd25ffcfde97"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--1d4bafb6-1036-43dd-b8f3-134b756704c2",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--88d0599b-6cd5-4a20-bc0f-20f7e3884c62",
|
|
|
|
"target_ref": "x-misp-object--09999b9f-0371-488d-ac20-fd35bb5876f2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--ba8035a1-6b99-4605-aab9-adeb7f9f7b8b",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--48e2f409-5348-4ced-b30b-158e53f3d0db",
|
|
|
|
"target_ref": "x-misp-object--01251890-fba9-46cb-9a6e-aef9caf1e169"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--aece340b-426e-4eee-99d6-6289c7a44c75",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--0b905bfe-ab69-4e5e-b622-992b80399025",
|
|
|
|
"target_ref": "x-misp-object--d77cfe3b-6bb5-4575-ad9b-d61f81915468"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--13f143f0-be30-4e17-b023-fa06dc2a43de",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--28783d4f-45a8-4fbe-be77-ffe4efd9ed79",
|
|
|
|
"target_ref": "x-misp-object--be178841-563d-4a56-bae7-a3697e9089fc"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--0bfa9431-cd8c-4872-b48a-495bb817b70f",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:41.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:41.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--42d6118d-c5e5-4228-9715-459d795be3d5",
|
|
|
|
"target_ref": "x-misp-object--f3886734-574c-4d19-a9bf-cf32a298640b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--8f0c3211-951d-4cdc-b0ae-fd4be93e0a62",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:42.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:42.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--28fea41d-1585-41c1-81d9-2bed8addb3dd",
|
|
|
|
"target_ref": "x-misp-object--517ba780-62b4-4f69-ab78-268ff60ba619"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--5c58b6cb-0ba6-44a0-9cc0-a1ee0c3cb714",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:42.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:42.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--d8dd3d7e-8a2c-4299-aeaf-575f0883a6db",
|
|
|
|
"target_ref": "x-misp-object--9515ed0b-2b92-4226-9e66-897a967e5836"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--ce45ba5d-c45a-4d19-85bb-ac021438da1c",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:42.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:42.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--205d63fb-7676-4ef1-8bab-547ed5120bca",
|
|
|
|
"target_ref": "x-misp-object--d46a3784-5b8c-4d3d-9ca1-c4707774c607"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--d94fb1f7-f362-49f3-8953-488cda33e992",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2019-03-27T12:17:42.000Z",
|
|
|
|
"modified": "2019-03-27T12:17:42.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--b4ecec0d-f83e-48aa-a503-17c4f19d5eba",
|
|
|
|
"target_ref": "x-misp-object--e408196c-b99e-4c41-860a-70a9a92f4854"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|