misp-circl-feed/feeds/circl/misp/5a23a972-e6a0-4a05-b505-4e8f02de0b81.json

579 lines
132 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
"Event": {
"analysis": "0",
"date": "2017-11-27",
"extends_uuid": "",
"info": "OSINT - Tizi: Detecting and blocking socially engineered spyware on Android",
"publish_timestamp": "1514467618",
"published": true,
"threat_level_id": "3",
"timestamp": "1512356440",
"uuid": "5a23a972-e6a0-4a05-b505-4e8f02de0b81",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#0088cc",
"name": "misp-galaxy:android=\"Tizi\""
},
{
"colour": "#ffffff",
"name": "tlp:white"
},
{
"colour": "#5f0077",
"name": "ms-caro-malware:malware-platform=\"AndroidOS\""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "Google blog post - Tizi: Detecting and blocking socially engineered spyware on Android",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512294575",
"to_ids": false,
"type": "link",
"uuid": "5a23af9f-e5a4-4eaf-9fe1-4bfc02de0b81",
"value": "https://security.googleblog.com/2017/11/tizi-detecting-and-blocking-socially.html",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#005fa4",
"name": "osint:source-type=\"manual-analysis\""
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#007ad2",
"name": "osint:certainty=\"100\""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512294574",
"to_ids": false,
"type": "text",
"uuid": "5a23afb2-9518-4ef0-835c-44e202de0b81",
"value": "Google is constantly working to improve our systems that protect users from Potentially Harmful Applications (PHAs). Usually, PHA authors attempt to install their harmful apps on as many devices as possible. However, a few PHA authors spend substantial effort, time, and money to create and install their harmful app on a small number of devices to achieve a certain goal. This blog post covers Tizi, a backdoor family with some rooting capabilities that was used in a targeted attack against devices in African countries, specifically: Kenya, Nigeria, and Tanzania. We'll talk about how the Google Play Protect and Threat Analysis teams worked together to detect and investigate Tizi-infected apps and remove and block them from Android devices.",
"Tag": [
{
"colour": "#00223b",
"name": "osint:source-type=\"blog-post\""
},
{
"colour": "#005fa4",
"name": "osint:source-type=\"manual-analysis\""
},
{
"colour": "#0071c3",
"name": "osint:lifetime=\"perpetual\""
},
{
"colour": "#007ad2",
"name": "osint:certainty=\"100\""
}
]
},
{
"category": "Targeting data",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512298989",
"to_ids": false,
"type": "target-location",
"uuid": "5a23d9ed-fd14-4993-975d-4ed602de0b81",
"value": "Kenya"
},
{
"category": "Targeting data",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512298989",
"to_ids": false,
"type": "target-location",
"uuid": "5a23d9ed-6a88-49ce-84a5-4ed602de0b81",
"value": "Nigeria"
},
{
"category": "Targeting data",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512298989",
"to_ids": false,
"type": "target-location",
"uuid": "5a23d9ed-5898-41c8-b8b2-4ed602de0b81",
"value": "Tanzania"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-6458-4b0d-adc0-495702de0b81",
"value": "CVE-2012-4220"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-b19c-458e-8817-407302de0b81",
"value": "CVE-2013-2596"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-5848-459b-94fb-4db802de0b81",
"value": "CVE-2013-2597"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-3244-4e21-9716-4e3602de0b81",
"value": "CVE-2013-2595"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-b1a0-43f8-8b7f-4c5202de0b81",
"value": "CVE-2013-2094"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-e6c4-4fd5-8c05-47e902de0b81",
"value": "CVE-2013-6282"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-7cc8-4e32-a834-42b602de0b81",
"value": "CVE-2014-3153"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-b3e0-4500-917a-40d302de0b81",
"value": "CVE-2015-3636"
},
{
"category": "Payload delivery",
"comment": "Tizi can root the device by exploiting one of the following local vulnerabilities:",
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299428",
"to_ids": false,
"type": "vulnerability",
"uuid": "5a23dba4-9e68-471d-845e-490302de0b81",
"value": "CVE-2015-1805"
},
{
"category": "Payload delivery",
"comment": "Here is an example social media post promoting a Tizi-infected app",
"data": "iVBORw0KGgoAAAANSUhEUgAAAZAAAADmCAIAAAB00UTzAAAAA3NCSVQICAjb4U/gAAAAX3pUWHRSYXcgcHJvZmlsZSB0eXBlIEFQUDEAAAiZ40pPzUstykxWKCjKT8vMSeVSAANjEy4TSxNLo0QDAwMLAwgwNDAwNgSSRkC2OVQo0QAFmJibpQGhuVmymSmIzwUAT7oVaBst2IwAACAASURBVHic7H13nF1F2f/zzMw557btu9nNpmfTCwkEEiCFDiJIkSZIEdRXEbFiQRRF8EWQpj9sAfElgKAgLUDoJQFCSYH0ZFM2bbO933LOmXme3x/n3rt3Sxqiop/9fmBz77lzZubMmfnO8zzzzDMYT3kwgAEMYACfMDBzZyLFzLkXxb+rNgMYwAAGcLAYIKwBDGAA/zEYIKwBDGAA/zFQ/8jNCACIiAiBnpn5t5faeRAZIgohmJmI+n7NQgiBiNmv2eJ6JQtuN8b0qrOQAgCJKLgxyCq3zkGhuVcweMwcBL/2elJEzF7pm+1HQK9MBCIdZIa5VRrAAP7TcdCExQAIoKQQiAJ7D+RglBMxMRtDBztQPM9LJBKhUCgcDjOz1joejyulotFoDhGIRCLhe156MANIKaWUnucVFBRkOQsRtdZdnV35BfkBAQGAEAKYd9XWe55XWVEeDjtGG9/3jSHHsbM3dsUTIceRUmQZzfP9VMoFBIEiKCIcchjAUrkNiCnXtZQSQgTPElTsH6Fv1/MkCstWRIwIXYlkJBw68ByEEL6vhUQE3H/qAQzgE4+DUwkZQAkM2cpWUslegk4aCCAF2ko6tlISD3y0SimXL1t29plnfO3KK0OWdGz1zMKFnzv/3N/cdRcRqYAaEMO2vPv//b+TTjj+gvPPveTiz3/qpBN/cdNNv/n1b46bNzdkySwcW61du+Yzp3+6qakpYBAhRMp1n1j0yvZdtYb42Zff2Fqzy7atdZu23HXPA/FEQiBKKRuamm+6a35tfYNSMqiYknLn7rpHF77w8OPP3f2nvzzy5KLHn3t5+ap1S5d9YCklpZBCSCmVEk+/8FptXYOUEoDv+OMDyz5cKzArhqIUIqgJAAiBQqCUsp8WzMC21ZJ3lv/p4cdtSyEiAN738OOclhwx2/pCpHPoNXsgolLy//3poa6uRLbcAQzg34JA3el1UYjeist+cRASlkB0rH0NMMioMADAzALRVsqS7PrmQBQZRIwn4u++s/Tdd5bedvvtRUVFr77y8huvvz5m7PiWltZUKjly5MhkMrmltvbcc8877fTT//rII7+65dZVa9ZYthUKhc46+6x4yqupqREohJShkDNmzNjf/WF+aWlpIBMR0aJXlhwxbVJrR9eu2rpDp05c9Nqbg8rOIKKddY01O2sPmTReCrH8w7XM7LpeR2eXbVlKqa54YkjFoK9/4YKmlta/Lnz5ixeeFbKtrqTHwO0dnR1dXVJIIi4tKTzr1BOUkFLghuodsWh4956GRDIVCjldiQQytHd22ZYqKSqUUja2tEohu+KJ4sL8WCzaS29NNwhAMpVqaG59/rW3Tz72aF+blraOgAHr6psMUUlRQSQcrm9sLi4qkFIkkiljKBaNMDMiIOLzryzpiCeIeEC+GsC/EYiYSrnxRLKstDjb1aUQzW3ttqWikciBayEHOvFKKRxb7ZcOs6afbEpEdGyl5IEVxDzrqNnR/MI3Xntt1/aajdXV84493nHst956c1zVKGbauH7tmFEjItHIjOmHDBkyBMCaOnnChLFVL7/88vEnntzZ2XX9T66/8aYbJ4wdfe0Pf7hy5cpZhx/a0tIihJBCNLW0EdPO2oamltYhgwe98fb7VSOGNjQ2CyGOnD5545YaKUVza5uvzfjRI3ytX178zs7ddUrJ9z9YvXr9Jp/YM2SMSbmeZ2jVuo3vLPugoanl/Q/WvL70/TvveTCRTD71/Ku76+qVwDffW3neZ04hMvWNzZaSb72z4oG/P/Ph2o3Pvfrmex+ssS3541t//8bS91euWb/g0YUdnV3B5IMAvWQu1/VOP3Huzt17duzakxHQ8OXFS19f+v57K1Y/8dwr2ugnn391+87dIUs99/KSnbV1UkoAEEKs37SltKRo1NDKXqa9AQzgX4zAzHL/o0+vXr8p7FgA4NhWzc7d9z38RHNL+0EJWQfEI0oKR8kDybWvcRoAEMCSwpK4XxYl5qrRo67++tXPPvvMBx9+OGbMmEOmHeJ57syZsw47bMaSJW9WV2++5LIvlJWVpXxjjAHQDGAAiKilvqmirPje++6dM2cOAFxx+eWFBfnZWgFiKpVi4qTrzj1yxqDSkpFDKy0lQ46jtRkxpKKzK97ZFd9VW1deVhIJh0KOM7yyvGZnrdF6d13j6BFDuYdFDgHY9/XYqpHnnHZSSVHh2Z86tqSoyBiSUrR1JnbuqS8syCstLn572QdKoK/1lPFjzjr1uNNPnLdxS00i6YUd68R5R51/+omTJ1QtXvq+bUkAMMTPvPT65m07AtIJGiQaDh952NTF7yw3hiwl99Q3bNux+/wzTjn/rFNs21q3ceu8I2es3lDNAJu27pg0rsoYg4jxeLJmZ+3M6ZOVFLZt4YBKOIB/H4hoUFnJRWd/+rFnXl61vjriWLvr6v/08BOfOfGYkcOHHNSEuv9+HBik/oHaAgAgoqWUJfZPem3t7ZdceslfHnrwuh//5Oyzzg6HI27KHTVi6Lxjj7nvT396auEzZ5/9Wdu2mQM1J11/BATbAYCVy1f8/IafPfTI30484ThAkf4RgJkLCvKbWjvaO7p27Kz929MvxpMpKWX5oFJtjEA4+vBpry55r7G5ddjgQUKgIZowrmr77trmtnYiUz6olLj3EiQgWALeW7mmKx6fPWsGICCCpdTSZSsjIefhx5+t2blryfsfuJqEEEMGlzFDLBaVQqQ8r6ggLz8vZgCGVVbUN7UE7SIEHjp1YnlZSe4rNGSmThoHzCtXrwuHQl3xRElRoWVZAqC0uKi5rW3E0AptzNvLVx1+yETbksxsW2rp8g9Xb6h+8vnXNm3b8fLipe0dnQdrLBjAAD5GGGOGVpZ/80sXPfzk80+/tPjX9z78pYs+O3nCmH6NIfvAfggLERyr287F6T9MwAygAfbBjQxA6VvSsJQU+xw2ZKi5qblq9Mjphx1RV19/yJRJqWTC9TxPmy9/+St/eXBBY33DodOnBVqn1hogva/I933wOnbW7jnhuGPmHXPM5Anj1q9f397aCgDMaQNWYX7eoZPHA8CH6zadftI8bYyvDQCSoZTnT5s49rWl7+9paBoxfIjrelrrorzooNLiJ559ZfYRhzIDMzCzr3XwRIZIoKiu2fXE86/OnTWjrqExmUwxc2tH57sr137va5dfeel5V1563klzZr70xtshx35nxeqmltaNm7ZIIfJjkZ17GtdtrG5taXv7vZXTJo03mXYcUlGeH0sviSKA1sYYAoAzTz3+pcVLE8nU4PKyPQ1N27fvrK1v3lyzc1hlRSQcKSkqfOTJF446YprnGwDwfD3z0KkXn3PazMMOKSrMnzh2dDgcggHnhgH8W+H7urS46MrLzl+5ZsMXP3dW1ahhnu8fbCbyuh//ZB8/O1YPijHAyIAMBEwIZFASIEK/i+YBYSGnf9QIAlEA0N68HRDdVKqwqOjQ6YeOrqqaO2fOrCOPTCSSo0aPmjRpSmVF2Q033PCFyy8/9dOnBQJIKpWqGjN27ty5zJiIx8eOnzBx4sT8/PzBgytXfvDh7traIcOGjZ8w/ogjZoVCdkABFYNKtTaRcDiRTOZFI2NHj8iPRVOuGwmHKsvLwiFncHnZsMHlHV3x8rLSgoK8WDTyylvvnX/Gyb6vEZGIjK+HDx0shPA8LxoN79pTX1pU0NLSvn3XnoL8vJBjM0NFWcnI4UNcXxuG8rKSXXvqGUAb09TU2trROeuwqaVFBS8veXfwoNLNNbsKC/JmzzosO8/ken8JIeOJ5KDS4lgsFnKcspJCgTh9ysTysuIVazbsrmuoGjFs8rgxKBAAouHQ5AljsneHHDs/L684P5pyvfFjRocce8AbawD/dhBRfiw6e+
"deleted": false,
"disable_correlation": false,
"timestamp": "1512299720",
"to_ids": false,
"type": "attachment",
"uuid": "5a23dcc8-dbbc-440d-8330-4ed402de0b81",
"value": "tizi1.png"
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "6",
"timestamp": "1512297690",
"uuid": "5a23d49c-4b5c-4fee-b173-4b1d02de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512297690",
"to_ids": true,
"type": "filename",
"uuid": "5a23d49c-7248-4a34-8ed5-420402de0b81",
"value": "com.press.nasa.com.tanofresh"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512297690",
"to_ids": true,
"type": "sha256",
"uuid": "5a23d49c-a5fc-4147-b92e-4d8502de0b81",
"value": "4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "certificate",
"timestamp": "1512297690",
"to_ids": true,
"type": "x509-fingerprint-sha1",
"uuid": "5a23d49c-28a8-4e89-81e5-456702de0b81",
"value": "816bbee3cab5eed00b8bd16df56032a96e243201"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "state",
"timestamp": "1512297690",
"to_ids": false,
"type": "text",
"uuid": "5a23d49c-8bd4-42ea-ab63-478402de0b81",
"value": "Malicious"
}
]
},
{
"comment": "To encourage further research in the security community, here are some sample applications embedding Tizi that were already on VirusTotal.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "6",
"timestamp": "1512298628",
"uuid": "5a23d884-e6e0-4a9b-95ab-4b7802de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512298628",
"to_ids": true,
"type": "filename",
"uuid": "5a23d884-9bc4-4319-b836-45aa02de0b81",
"value": "com.dailyworkout.tizi"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512298628",
"to_ids": true,
"type": "sha256",
"uuid": "5a23d884-650c-487b-983c-446102de0b81",
"value": "7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "certificate",
"timestamp": "1512298628",
"to_ids": true,
"type": "x509-fingerprint-sha1",
"uuid": "5a23d884-a29c-4050-8085-4a2302de0b81",
"value": "404b4d1a7176e219eaa457b0050b4081c22a9a1a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1512298628",
"to_ids": false,
"type": "text",
"uuid": "5a23d884-cf20-4504-9d04-483602de0b81",
"value": "Malicious"
}
]
},
{
"comment": "To encourage further research in the security community, here are some sample applications embedding Tizi that were already on VirusTotal.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "6",
"timestamp": "1512298712",
"uuid": "5a23d8d8-2218-48a0-886b-46b602de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512298712",
"to_ids": true,
"type": "filename",
"uuid": "5a23d8d8-cbf8-4dc6-bdb6-451d02de0b81",
"value": "com.system.update.systemupdate"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512298712",
"to_ids": true,
"type": "sha256",
"uuid": "5a23d8d8-8c24-4fd5-8906-452602de0b81",
"value": "7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "certificate",
"timestamp": "1512298712",
"to_ids": true,
"type": "x509-fingerprint-sha1",
"uuid": "5a23d8d8-78e4-4eab-941d-407202de0b81",
"value": "4d2962ac1f6551435709a5a874595d855b1fa8ab"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "state",
"timestamp": "1512298712",
"to_ids": false,
"type": "text",
"uuid": "5a23d8d8-2040-40c3-9916-45dc02de0b81",
"value": "Malicious"
}
]
},
{
"comment": "To encourage further research in the security community, here are some sample digests of exploits and utilities that were used or abused by Tizi.",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "6",
"timestamp": "1512298774",
"uuid": "5a23d916-cc6c-4ccb-a420-48a702de0b81",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512298774",
"to_ids": true,
"type": "filename",
"uuid": "5a23d916-0740-4912-8224-43be02de0b81",
"value": "run_root_shell"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512298774",
"to_ids": true,
"type": "sha256",
"uuid": "5a23d916-1d20-4716-8e19-4fb402de0b81",
"value": "f2e45ea50fc71b62d9ea59990ced755636286121437ced6237aff90981388f6a"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "state",
"timestamp": "1512298774",
"to_ids": false,
"type": "text",
"uuid": "5a23d916-2e3c-46fa-a32b-490502de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "6",
"timestamp": "1512298862",
"uuid": "5a23d94e-5c80-47a5-a958-433a02de0b81",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "text",
"timestamp": "1512298862",
"to_ids": false,
"type": "text",
"uuid": "5a23d94f-3458-4ac4-b823-410502de0b81",
"value": "To encourage further research in the security community, here are some sample digests of exploits and utilities that were used or abused by Tizi."
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "filename",
"timestamp": "1512298862",
"to_ids": true,
"type": "filename",
"uuid": "5a23d94f-30b4-4604-9cc4-4fc802de0b81",
"value": "iovyroot"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1512298862",
"to_ids": true,
"type": "sha256",
"uuid": "5a23d94f-2324-4733-88c4-42cb02de0b81",
"value": "4d0887f41d0de2f31459c14e3133debcdf758ad8bbe57128d3bec2c907f2acf3"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "state",
"timestamp": "1512298862",
"to_ids": false,
"type": "text",
"uuid": "5a23d94f-de58-48f5-b81f-4ec102de0b81",
"value": "Malicious"
}
]
},
{
"comment": "",
"deleted": false,
"description": "Victim object describes the target of an attack or abuse.",
"meta-category": "misc",
"name": "victim",
"template_uuid": "a8806e40-39ad-435f-be02-ac2a13d6fc7d",
"template_version": "1",
"timestamp": "1512299195",
"uuid": "5a23dabb-d6fc-4f37-8b83-4a4602de0b81",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "classification",
"timestamp": "1512299195",
"to_ids": false,
"type": "text",
"uuid": "5a23dabb-3ae0-4721-b1d8-468f02de0b81",
"value": "class"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "name",
"timestamp": "1512299195",
"to_ids": false,
"type": "text",
"uuid": "5a23dabb-54fc-410f-b964-40f502de0b81",
"value": "Kenya, Nigeria, and Tanzania"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "description",
"timestamp": "1512299195",
"to_ids": false,
"type": "text",
"uuid": "5a23dabb-2120-472b-a09b-4bb902de0b81",
"value": "This blog post covers Tizi, a backdoor family with some rooting capabilities that was used in a targeted attack against devices in African countries, specifically: Kenya, Nigeria, and Tanzania."
}
]
}
]
}
}