1603 lines
68 KiB
JSON
1603 lines
68 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--568e62b7-0930-4398-a617-4147950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:25.000Z",
|
||
|
"modified": "2016-01-07T13:10:25.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--568e62b7-0930-4398-a617-4147950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:25.000Z",
|
||
|
"modified": "2016-01-07T13:10:25.000Z",
|
||
|
"name": "OSINT - Android-based Smart TVs Hit By Backdoor Spread Via Malicious App",
|
||
|
"published": "2016-01-07T13:16:54Z",
|
||
|
"object_refs": [
|
||
|
"indicator--568e62e2-2f28-49f9-922c-4e83950d210f",
|
||
|
"indicator--568e62e2-5ca0-4372-a2ec-416f950d210f",
|
||
|
"indicator--568e62e3-eaac-483d-a258-49e5950d210f",
|
||
|
"indicator--568e62e3-b858-4036-b895-418d950d210f",
|
||
|
"indicator--568e62e3-1f14-4777-88a4-4794950d210f",
|
||
|
"x-misp-attribute--568e62f5-5968-4ecd-aa1d-41dd950d210f",
|
||
|
"observed-data--568e6301-9e58-4d9e-9d50-4e9d950d210f",
|
||
|
"url--568e6301-9e58-4d9e-9d50-4e9d950d210f",
|
||
|
"indicator--568e6352-a348-4021-990b-477c950d210f",
|
||
|
"indicator--568e6352-e0dc-40ad-bf4f-424a950d210f",
|
||
|
"indicator--568e6353-0dcc-4534-a13e-4b35950d210f",
|
||
|
"indicator--568e6353-8714-4aa9-b185-4110950d210f",
|
||
|
"indicator--568e6383-119c-4873-83ba-4812950d210f",
|
||
|
"indicator--568e6384-0c50-48d4-9b78-4ff9950d210f",
|
||
|
"indicator--568e6384-77f4-4512-a391-4a53950d210f",
|
||
|
"indicator--568e6384-1608-4f0b-bc59-4b7a950d210f",
|
||
|
"indicator--568e6384-9bd8-4e0e-91c5-4c8d950d210f",
|
||
|
"indicator--568e6385-4588-4e5c-b311-44ee950d210f",
|
||
|
"indicator--568e6385-7e78-4e4e-acd1-4704950d210f",
|
||
|
"indicator--568e6385-f1f8-455e-8f29-4f7d950d210f",
|
||
|
"indicator--568e6386-7f40-4f47-8a4d-4b2b950d210f",
|
||
|
"indicator--568e6386-ae48-4da7-a9c3-40f2950d210f",
|
||
|
"indicator--568e6386-5374-4aee-92f2-4362950d210f",
|
||
|
"indicator--568e6387-1f20-41ae-a99a-4287950d210f",
|
||
|
"indicator--568e6387-a9ec-4b7a-888f-4c72950d210f",
|
||
|
"indicator--568e6387-9a10-4b21-bea4-48d3950d210f",
|
||
|
"indicator--568e6388-0e44-4fae-a102-4992950d210f",
|
||
|
"indicator--568e6388-9b68-4542-a92d-415a950d210f",
|
||
|
"indicator--568e6388-3c38-466f-88e3-456f950d210f",
|
||
|
"indicator--568e6389-8988-40df-a924-4ddf950d210f",
|
||
|
"indicator--568e6389-0730-4d66-9ee9-4bd7950d210f",
|
||
|
"indicator--568e6389-1fac-4445-998f-48cf950d210f",
|
||
|
"indicator--568e6389-08e4-4ba9-ad03-4240950d210f",
|
||
|
"indicator--568e638a-f630-453e-b1f6-40ce950d210f",
|
||
|
"indicator--568e63c1-1f3c-4f86-8fe9-472e02de0b81",
|
||
|
"indicator--568e63c1-e9e8-4778-95f4-4e8902de0b81",
|
||
|
"indicator--568e63c1-86ac-45fa-a825-436c02de0b81",
|
||
|
"indicator--568e63c2-98d0-45c6-aa02-4f1e02de0b81",
|
||
|
"indicator--568e63c2-ce5c-41f6-9f4b-40c802de0b81",
|
||
|
"indicator--568e63c2-e168-47d6-8574-4a3902de0b81",
|
||
|
"indicator--568e63c2-cfa8-44c7-a0b5-4eb102de0b81",
|
||
|
"indicator--568e63c3-fa4c-40ad-9151-4c1d02de0b81",
|
||
|
"indicator--568e63c3-4284-4067-ade4-463e02de0b81",
|
||
|
"indicator--568e63c3-ae30-49f7-8037-486802de0b81",
|
||
|
"indicator--568e63c3-4df4-4e6e-80da-4e8402de0b81",
|
||
|
"indicator--568e63c4-b3e8-4caa-b251-417d02de0b81",
|
||
|
"indicator--568e63c4-8ce4-4fb6-82c0-481b02de0b81",
|
||
|
"indicator--568e63c4-5660-47bd-baa4-48db02de0b81",
|
||
|
"indicator--568e63c4-5348-461f-9774-4aa002de0b81",
|
||
|
"indicator--568e63c5-2350-498b-9e6d-4ee402de0b81",
|
||
|
"indicator--568e63c5-e294-48ca-86c3-4e2102de0b81",
|
||
|
"indicator--568e63c5-3dbc-4201-b241-4f2d02de0b81",
|
||
|
"indicator--568e63c5-a654-4cc5-a8a2-445902de0b81",
|
||
|
"indicator--568e63c6-6e88-4ac6-b70f-42a802de0b81",
|
||
|
"indicator--568e63c6-01ac-4fd0-85cb-44f102de0b81",
|
||
|
"indicator--568e63c6-eef4-42e1-bf5a-424002de0b81",
|
||
|
"indicator--568e63c6-5bf8-4768-81d2-4a7b02de0b81",
|
||
|
"indicator--568e63c7-f144-40eb-b943-48b802de0b81",
|
||
|
"indicator--568e63c7-eb40-44c7-821e-4aa902de0b81",
|
||
|
"indicator--568e63c7-8274-4b09-a7c4-49cb02de0b81",
|
||
|
"indicator--568e63c7-8e90-42a2-a409-43e702de0b81",
|
||
|
"indicator--568e63c8-74e8-4ae2-954d-4bed02de0b81",
|
||
|
"indicator--568e63c8-be7c-45c2-af72-486b02de0b81",
|
||
|
"indicator--568e63c8-f2fc-4aa2-8122-422a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e62e2-2f28-49f9-922c-4e83950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:06:42.000Z",
|
||
|
"modified": "2016-01-07T13:06:42.000Z",
|
||
|
"description": "Sites that serve malware to smart TVs",
|
||
|
"pattern": "[url:value = 'http://pf3a.res4f.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:06:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e62e2-5ca0-4372-a2ec-416f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:06:42.000Z",
|
||
|
"modified": "2016-01-07T13:06:42.000Z",
|
||
|
"description": "Sites that serve malware to smart TVs",
|
||
|
"pattern": "[url:value = 'http://www.htvmarket.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:06:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e62e3-eaac-483d-a258-49e5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:06:43.000Z",
|
||
|
"modified": "2016-01-07T13:06:43.000Z",
|
||
|
"description": "Sites that serve malware to smart TVs",
|
||
|
"pattern": "[url:value = 'http://mak.wak2p.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:06:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e62e3-b858-4036-b895-418d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:06:43.000Z",
|
||
|
"modified": "2016-01-07T13:06:43.000Z",
|
||
|
"description": "Sites that serve malware to smart TVs",
|
||
|
"pattern": "[url:value = 'http://wh.waks2.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:06:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e62e3-1f14-4777-88a4-4794950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:06:43.000Z",
|
||
|
"modified": "2016-01-07T13:06:43.000Z",
|
||
|
"description": "Sites that serve malware to smart TVs",
|
||
|
"pattern": "[url:value = 'https://sites.google.com/site/htvfanshare/2012summer_collection']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:06:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--568e62f5-5968-4ecd-aa1d-41dd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:07:01.000Z",
|
||
|
"modified": "2016-01-07T13:07:01.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "With the year-end shopping season over, many consumers now have new various smart gadgets in their homes. One particularly popular usage of this so-called Internet of Things (IoT) are smart TVs. These TVs are more than just passive display devices; many of them can even run Android apps as well. Some may find these features useful, but these capabilities bring their own risks. (This was something we noted two years ago when we first looked some of the issues of smart TVs.)\r\n\r\nApps that allow users to watch channels from other parts of the world (that would otherwise be unavailable via other methods) are something that many users would find useful. However, some of these apps may put users at risk. These apps contain a backdoor that abuses an old flaw (CVE-2014-7911) in Android versions before Lollipop 5.0 (Cupcake 1.5 to Kitkat 4.4W.2). (We detect these malicious apps as ANDROIDOS_ROOTSTV.A.)\r\n\r\nMost smart TVs today use older versions of Android, which still contain this flaw. TV brands that sell vulnerable smart TVs include Changhong, Konka, Mi, Philips, Panasonic, and Sharp. In addition, other Android devices with older versions installed are also at risk: it just happens to be that because of these kinds of apps are mainly used in smart TVs or smart TV boxes."
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--568e6301-9e58-4d9e-9d50-4e9d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:07:13.000Z",
|
||
|
"modified": "2016-01-07T13:07:13.000Z",
|
||
|
"first_observed": "2016-01-07T13:07:13Z",
|
||
|
"last_observed": "2016-01-07T13:07:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--568e6301-9e58-4d9e-9d50-4e9d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--568e6301-9e58-4d9e-9d50-4e9d950d210f",
|
||
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-based-smart-tvs-hit-by-backdoor-spread-via-malicious-app/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6352-a348-4021-990b-477c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:08:34.000Z",
|
||
|
"modified": "2016-01-07T13:08:34.000Z",
|
||
|
"description": "In addition to the websites above, the malware also uses the following download server",
|
||
|
"pattern": "[domain-name:value = 'meiz.le2ui.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:08:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6352-e0dc-40ad-bf4f-424a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:08:34.000Z",
|
||
|
"modified": "2016-01-07T13:08:34.000Z",
|
||
|
"description": "In addition to the websites above, the malware also uses the following download server",
|
||
|
"pattern": "[url:value = 'http://meiz.le2ui.com:80/marketdatas/apk/chinesevideo2.11.1.apk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:08:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6353-0dcc-4534-a13e-4b35950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:08:35.000Z",
|
||
|
"modified": "2016-01-07T13:08:35.000Z",
|
||
|
"description": "In addition to the websites above, the malware also uses the following download server",
|
||
|
"pattern": "[domain-name:value = 'yaz.e3wsv.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:08:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6353-8714-4aa9-b185-4110950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:08:35.000Z",
|
||
|
"modified": "2016-01-07T13:08:35.000Z",
|
||
|
"description": "In addition to the websites above, the malware also uses the following download server",
|
||
|
"pattern": "[url:value = 'http://yaz.e3wsv.com:80/marketdatas/apk/chinesevideo2.11.1.apk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:08:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6383-119c-4873-83ba-4812950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:23.000Z",
|
||
|
"modified": "2016-01-07T13:09:23.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '019d4326d3340609b3f8326d51e031cafc6bf9a0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6384-0c50-48d4-9b78-4ff9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:24.000Z",
|
||
|
"modified": "2016-01-07T13:09:24.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '01a0b3fbf3e4e840e6aa441353ff29e4c5bf3e10']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6384-77f4-4512-a391-4a53950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:24.000Z",
|
||
|
"modified": "2016-01-07T13:09:24.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '0637b9116af595e7451dea655a05c32aa89fcbdb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6384-1608-4f0b-bc59-4b7a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:24.000Z",
|
||
|
"modified": "2016-01-07T13:09:24.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '069138865d4a58b3683f1aa687408b40c92fe9cf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6384-9bd8-4e0e-91c5-4c8d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:24.000Z",
|
||
|
"modified": "2016-01-07T13:09:24.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '0937b9598a58c6fad80c8e41f08e11e6d036d4b4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6385-4588-4e5c-b311-44ee950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:25.000Z",
|
||
|
"modified": "2016-01-07T13:09:25.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '0c6a075e0cf4e94d57afe085d39423400fa88b7c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6385-7e78-4e4e-acd1-4704950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:25.000Z",
|
||
|
"modified": "2016-01-07T13:09:25.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '2bbcf7511d6953a64f4284f2454dce119bd1063e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6385-f1f8-455e-8f29-4f7d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:25.000Z",
|
||
|
"modified": "2016-01-07T13:09:25.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '2daabbe1d2213594c2a8017401f4fa82e24a2475']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6386-7f40-4f47-8a4d-4b2b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:26.000Z",
|
||
|
"modified": "2016-01-07T13:09:26.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '396cb2137a6cd6880c96035464712513f44d52b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6386-ae48-4da7-a9c3-40f2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:26.000Z",
|
||
|
"modified": "2016-01-07T13:09:26.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '3fd7f0b2e8249ff5f08a82f5df003f2713744824']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6386-5374-4aee-92f2-4362950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:26.000Z",
|
||
|
"modified": "2016-01-07T13:09:26.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '583722e9c6bbbf78d7d4d9689679d22ff6a2c4e9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6387-1f20-41ae-a99a-4287950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:27.000Z",
|
||
|
"modified": "2016-01-07T13:09:27.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '6357da20ed2661d9b8943275c515c3bd6b9b46c6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6387-a9ec-4b7a-888f-4c72950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:27.000Z",
|
||
|
"modified": "2016-01-07T13:09:27.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '8f999a80497bc29f633301f7f96489fe9be4eab5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6387-9a10-4b21-bea4-48d3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:27.000Z",
|
||
|
"modified": "2016-01-07T13:09:27.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '9434f41147eb7259dcf4f1dd8ed7d1209b1546b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6388-0e44-4fae-a102-4992950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:28.000Z",
|
||
|
"modified": "2016-01-07T13:09:28.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = '9ecbff5df641da74910439aefd4ab0596afaff6f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6388-9b68-4542-a92d-415a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:28.000Z",
|
||
|
"modified": "2016-01-07T13:09:28.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a54341b76b88034de6a47bb5904e6c01c53f3cc4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6388-3c38-466f-88e3-456f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:28.000Z",
|
||
|
"modified": "2016-01-07T13:09:28.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bde06adde1d6f4ac3a1865a4314ca45ca807b39c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6389-8988-40df-a924-4ddf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:29.000Z",
|
||
|
"modified": "2016-01-07T13:09:29.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd1af06e54e294dbc106c03650ac8a556c1b1e1e9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6389-0730-4d66-9ee9-4bd7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:29.000Z",
|
||
|
"modified": "2016-01-07T13:09:29.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd1f005e07d5369230d2624de94cfcbdad14cd914']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6389-1fac-4445-998f-48cf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:29.000Z",
|
||
|
"modified": "2016-01-07T13:09:29.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd3ab0dd0ac28181e0c531909460dcdd417178d2d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e6389-08e4-4ba9-ad03-4240950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:29.000Z",
|
||
|
"modified": "2016-01-07T13:09:29.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = 'dbf3a4d820db3974edc8063d852afa40217a9750']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e638a-f630-453e-b1f6-40ce950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:09:30.000Z",
|
||
|
"modified": "2016-01-07T13:09:30.000Z",
|
||
|
"description": "Related malware APK",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fe86ae99ee7b75abf2bce047f4b5f2f1b20d3492']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:09:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c1-1f3c-4f86-8fe9-472e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:25.000Z",
|
||
|
"modified": "2016-01-07T13:10:25.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: fe86ae99ee7b75abf2bce047f4b5f2f1b20d3492",
|
||
|
"pattern": "[file:hashes.SHA256 = '5769f8e5133688978b2e2e5878f968aaac88a8c8ba9dff39bafe74d04c21b40c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c1-e9e8-4778-95f4-4e8902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:25.000Z",
|
||
|
"modified": "2016-01-07T13:10:25.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: fe86ae99ee7b75abf2bce047f4b5f2f1b20d3492",
|
||
|
"pattern": "[file:hashes.MD5 = '7bc47c8f0c7fa0b175313f3a3ad3684a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c1-86ac-45fa-a825-436c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:25.000Z",
|
||
|
"modified": "2016-01-07T13:10:25.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/5769f8e5133688978b2e2e5878f968aaac88a8c8ba9dff39bafe74d04c21b40c/analysis/1451099188/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c2-98d0-45c6-aa02-4f1e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:26.000Z",
|
||
|
"modified": "2016-01-07T13:10:26.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: d1f005e07d5369230d2624de94cfcbdad14cd914",
|
||
|
"pattern": "[file:hashes.SHA256 = 'df8ad96388a470adf83b9c55193fdbaba79221fec5756d99323b68bf2503a209']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c2-ce5c-41f6-9f4b-40c802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:26.000Z",
|
||
|
"modified": "2016-01-07T13:10:26.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: d1f005e07d5369230d2624de94cfcbdad14cd914",
|
||
|
"pattern": "[file:hashes.MD5 = 'd959d626986bdf760d86d0ae0fccc601']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c2-e168-47d6-8574-4a3902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:26.000Z",
|
||
|
"modified": "2016-01-07T13:10:26.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/df8ad96388a470adf83b9c55193fdbaba79221fec5756d99323b68bf2503a209/analysis/1451580916/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c2-cfa8-44c7-a0b5-4eb102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:26.000Z",
|
||
|
"modified": "2016-01-07T13:10:26.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: d1af06e54e294dbc106c03650ac8a556c1b1e1e9",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd8aca3508ee537c0f5b07c6652f2a771c9d7cddd728196669bfcba93b2e5eb2c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c3-fa4c-40ad-9151-4c1d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:27.000Z",
|
||
|
"modified": "2016-01-07T13:10:27.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: d1af06e54e294dbc106c03650ac8a556c1b1e1e9",
|
||
|
"pattern": "[file:hashes.MD5 = 'bac94ec32061d46b175ad3ff5321d122']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c3-4284-4067-ade4-463e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:27.000Z",
|
||
|
"modified": "2016-01-07T13:10:27.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/d8aca3508ee537c0f5b07c6652f2a771c9d7cddd728196669bfcba93b2e5eb2c/analysis/1452012139/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c3-ae30-49f7-8037-486802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:27.000Z",
|
||
|
"modified": "2016-01-07T13:10:27.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: bde06adde1d6f4ac3a1865a4314ca45ca807b39c",
|
||
|
"pattern": "[file:hashes.SHA256 = '0114edb7dbc86bf3e2fe70589749b1dd4bf06ec87fabd85a83e28e4c45569a24']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c3-4df4-4e6e-80da-4e8402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:27.000Z",
|
||
|
"modified": "2016-01-07T13:10:27.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: bde06adde1d6f4ac3a1865a4314ca45ca807b39c",
|
||
|
"pattern": "[file:hashes.MD5 = '78dac33206fe0fee2d099a9105f4c571']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c4-b3e8-4caa-b251-417d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:28.000Z",
|
||
|
"modified": "2016-01-07T13:10:28.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0114edb7dbc86bf3e2fe70589749b1dd4bf06ec87fabd85a83e28e4c45569a24/analysis/1451374040/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c4-8ce4-4fb6-82c0-481b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:28.000Z",
|
||
|
"modified": "2016-01-07T13:10:28.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: a54341b76b88034de6a47bb5904e6c01c53f3cc4",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b4a8a6b8cd302fe614331d7549ca09b586b0542993d8329d77b65b3cbca3ea37']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c4-5660-47bd-baa4-48db02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:28.000Z",
|
||
|
"modified": "2016-01-07T13:10:28.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: a54341b76b88034de6a47bb5904e6c01c53f3cc4",
|
||
|
"pattern": "[file:hashes.MD5 = '9b435a61b788fb15801a846fdd92ce90']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c4-5348-461f-9774-4aa002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:28.000Z",
|
||
|
"modified": "2016-01-07T13:10:28.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b4a8a6b8cd302fe614331d7549ca09b586b0542993d8329d77b65b3cbca3ea37/analysis/1451374146/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c5-2350-498b-9e6d-4ee402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:29.000Z",
|
||
|
"modified": "2016-01-07T13:10:29.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 9434f41147eb7259dcf4f1dd8ed7d1209b1546b8",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e74ab5be38acd2aa87b3e05aad86e8b9f2fa8bc15c5015b364b8ae810b9d9143']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c5-e294-48ca-86c3-4e2102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:29.000Z",
|
||
|
"modified": "2016-01-07T13:10:29.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 9434f41147eb7259dcf4f1dd8ed7d1209b1546b8",
|
||
|
"pattern": "[file:hashes.MD5 = '24c2f9014a5ac73134af86917ffc9ae3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c5-3dbc-4201-b241-4f2d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:29.000Z",
|
||
|
"modified": "2016-01-07T13:10:29.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e74ab5be38acd2aa87b3e05aad86e8b9f2fa8bc15c5015b364b8ae810b9d9143/analysis/1451655976/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c5-a654-4cc5-a8a2-445902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:29.000Z",
|
||
|
"modified": "2016-01-07T13:10:29.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 2bbcf7511d6953a64f4284f2454dce119bd1063e",
|
||
|
"pattern": "[file:hashes.SHA256 = '8963b16b3002bbeeba934d6bfd5194dc7682cdf916c3da2933f93c19de194aab']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c6-6e88-4ac6-b70f-42a802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:30.000Z",
|
||
|
"modified": "2016-01-07T13:10:30.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 2bbcf7511d6953a64f4284f2454dce119bd1063e",
|
||
|
"pattern": "[file:hashes.MD5 = 'ef66245c2b082ee69b52176ec5093f5a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c6-01ac-4fd0-85cb-44f102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:30.000Z",
|
||
|
"modified": "2016-01-07T13:10:30.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8963b16b3002bbeeba934d6bfd5194dc7682cdf916c3da2933f93c19de194aab/analysis/1451524569/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c6-eef4-42e1-bf5a-424002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:30.000Z",
|
||
|
"modified": "2016-01-07T13:10:30.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 0c6a075e0cf4e94d57afe085d39423400fa88b7c",
|
||
|
"pattern": "[file:hashes.SHA256 = '26ced0b8c425bad44b14b016fd7ac028adb4fa87593e77f5c9e19705474e8719']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c6-5bf8-4768-81d2-4a7b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:30.000Z",
|
||
|
"modified": "2016-01-07T13:10:30.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 0c6a075e0cf4e94d57afe085d39423400fa88b7c",
|
||
|
"pattern": "[file:hashes.MD5 = '0761c655ac70d09b7dd0ef9e4f2df363']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c7-f144-40eb-b943-48b802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:31.000Z",
|
||
|
"modified": "2016-01-07T13:10:31.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/26ced0b8c425bad44b14b016fd7ac028adb4fa87593e77f5c9e19705474e8719/analysis/1451374070/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c7-eb40-44c7-821e-4aa902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:31.000Z",
|
||
|
"modified": "2016-01-07T13:10:31.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 0637b9116af595e7451dea655a05c32aa89fcbdb",
|
||
|
"pattern": "[file:hashes.SHA256 = '96d4ad62d42f2fc20e90f0ef6c8afbf83831f5f1592b0cd0ab4fdb4a090ef86b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c7-8274-4b09-a7c4-49cb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:31.000Z",
|
||
|
"modified": "2016-01-07T13:10:31.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 0637b9116af595e7451dea655a05c32aa89fcbdb",
|
||
|
"pattern": "[file:hashes.MD5 = '4d5f96c7b149547a1c9dac98c491d8b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c7-8e90-42a2-a409-43e702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:31.000Z",
|
||
|
"modified": "2016-01-07T13:10:31.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/96d4ad62d42f2fc20e90f0ef6c8afbf83831f5f1592b0cd0ab4fdb4a090ef86b/analysis/1452012192/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c8-74e8-4ae2-954d-4bed02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:32.000Z",
|
||
|
"modified": "2016-01-07T13:10:32.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 019d4326d3340609b3f8326d51e031cafc6bf9a0",
|
||
|
"pattern": "[file:hashes.SHA256 = 'abcf3b1b631f0fa776bf22f1bee8bfc6b95a00b345c103ee82a3d26b466b2dd6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c8-be7c-45c2-af72-486b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:32.000Z",
|
||
|
"modified": "2016-01-07T13:10:32.000Z",
|
||
|
"description": "Related malware APK - Xchecked via VT: 019d4326d3340609b3f8326d51e031cafc6bf9a0",
|
||
|
"pattern": "[file:hashes.MD5 = 'e1924b0c16629a0c6a5c9bdf85c86920']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--568e63c8-f2fc-4aa2-8122-422a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-01-07T13:10:32.000Z",
|
||
|
"modified": "2016-01-07T13:10:32.000Z",
|
||
|
"pattern": "[url:value = 'https://www.virustotal.com/file/abcf3b1b631f0fa776bf22f1bee8bfc6b95a00b345c103ee82a3d26b466b2dd6/analysis/1451374062/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-01-07T13:10:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "External analysis"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|