185 lines
6.9 MiB
JSON
185 lines
6.9 MiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2016-12-29",
|
||
|
"extends_uuid": "",
|
||
|
"info": "Android spyware",
|
||
|
"publish_timestamp": "1483002623",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1483002615",
|
||
|
"uuid": "5864c43a-b9d0-4182-93c2-4557950d210f",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#3c6b00",
|
||
|
"name": "malware_classification:malware-category=\"Spyware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#37ab00",
|
||
|
"name": "enisa:nefarious-activity-abuse=\"mobile-malware\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#211c1c",
|
||
|
"name": "Android Malware"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#5f0077",
|
||
|
"name": "ms-caro-malware:malware-platform=\"AndroidOS\""
|
||
|
},
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "sent by sms",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483002021",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5864c4d6-8f90-4e19-9dfe-498e950d210f",
|
||
|
"value": "http://bit.ly/2fY0Zhw"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Link behind bit.ly address",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1482999063",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5864c518-c36c-4e3b-a66c-4d6a950d210f",
|
||
|
"value": "http://185.38.248.94/api/Service/DownloadFr"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1482999208",
|
||
|
"to_ids": false,
|
||
|
"type": "md5",
|
||
|
"uuid": "5864c5a8-2dd0-4e33-9684-4a1b950d210f",
|
||
|
"value": "f082fc253b41f5d5cc0bdce121202d26"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1482999237",
|
||
|
"to_ids": false,
|
||
|
"type": "sha256",
|
||
|
"uuid": "5864c5c5-4070-4952-84eb-4326950d210f",
|
||
|
"value": "48e450e25dad0e4190f8ea052de647202451b6b135b0dc12be7168552db1f7d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1482999299",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5864c603-fb0c-432f-b494-408a950d210f",
|
||
|
"value": "https://virustotal.com/en/file/48e450e25dad0e4190f8ea052de647202451b6b135b0dc12be7168552db1f7d3/analysis/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1482999394",
|
||
|
"to_ids": false,
|
||
|
"type": "ip-dst",
|
||
|
"uuid": "5864c662-fde8-40b4-a5a5-4045950d210f",
|
||
|
"value": "185.38.248.94"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"data": "UEsDBBQAAAAIAAAAAAClc3Z3wREAADRXAAATAAAAQW5kcm9pZE1hbmlmZXN0LnhtbL1caWxc1RW+4yVxVjsLWe04ixNn8yRxnB0I43gl3rCdOAkBx/EWJ7bjjMdOgEDCHvY9bEGlIFUUqaGl/ClFiFbdRCsUCuUHqihCEbRSG0pbVYgfod897zzPmTfveu5MQ7C+zHt33v3Odu+55943Il1lqZIWpQIqV51artQLKvrfo2nR6zlACdAIDABPAi8CvwQ+Av4JjA8oNQMoADYDVUA/cAdwGjgLvAWcAz4DFPiXAqXALuAgcDLNkfsS8A1wEchJV6oMOAY8CLwBvA38BvgU+A8wI0Op/cAbwAWgLFOp54DzQMEYpQ4AZ4G/AgVjleoCzgBf6+sspV4F1DilKoD7gT8DS8cr1QG8CHwCzJqg1I3Ai8B/gWsnoi/wA+ATYP0kpRqA08CrwEUgd7JSK4EO4BjwFvAeUJIN/wCvAxeBihzYBvwdqJsCGcDEqZAHvAOMn6ZUDXAGuABcPV2pfcCbwMIrEBPgQ6B4BnwInAY+AubNVOou4D1g4yyl7gHOAdNnQyfgbeBdYCICvAu4DXgXmDVXqYeBr4G9uXgOUHnoD2TMg2+B3HylXgHmzUc78CmwawGeBf4IbFwIXwK5ixBj4BxQUaDUx0DBYugMnAeal6APsLFQqZuB14EJalh1qrAaVD3qsOpX2/BvB1riv6lTbaqPvpmEzzZ1TDXhyUNqZ8xTzrc9uPL/NkdF0DesutEeMTyTgX9dWdmYBWG0R3DXjn+dZ2pwp7XrxRNZ+L5THVFD+E5fdZDu3fiuHJxe7glg7sXfYXVUleK6HfKHaKZl4Jl2fioTT7Sp/SxhHN05OlcBbfR8JrQ5gDtHzymQ0U7yO8FQj6seutLWRkakZ5E1+k7/G1E3UVsnfDlAbRHWfzzutd7ak4NC+0xYrfUfIplZ9L2W3wymAWobS1K17r3MNYmt6sKz3YjvAXzbT7YM4tupJL2dOHXcK8jbfcg/2t+OBYPstyGy2NW9hxnGUbR1i7a6g/TWejhxa6ennOf6cV9FFkWIRVs/hvwW9eNY0q6D+vaQ/svxbQR/A2qzWoW/6PNtuA56ng+StX14TkfpED7DpMGqOF7FWjpjoI08gvmIll6KWRfp2IdRokdWL/rsNMwU+z7ROZRF+mu/dZF+EYrFMHoM4sku3AdxNQAf9VC09N1BulYqXa3BfTEl9mK1lqKzHi2rVRHuN+CzBFhNT2RBk0GSUATo2abnVLTNf5wVxHnV77mgCsEL2zDPmvDXqlpUNcZPNa6aMCJDQDm4ClPi0jx1uGvFXK9Hu2arxlUdGOdaMmoGrUMjMTWj5zLLno14XutSjfhpHUohuR4MrWitV7WqAVqVE3dZEqwN4K0XNtarHeCoxKfWtJLYQ2CuwbdKLUpC1xD0aAV/FXmo3BOBeSla3QRLtSbzk9ZkG+nRTDFtJo4FlhwtYKkmvf1Y5iatiWtDbgry3b75SfmvHp9acgjRLaMxq9RsSwYd/1oasSH0Wsm5LD7HOdlPZxi72eSMvJ3QpozYlVpn5N5P10cpQ4QtPFwFVj3atN27R+bKdtgRQsv2lEdQiOZYHe5CpPGyFCJYrnaNZADN1zqiaQjzrTzlcenMUic3Vf4f9kmO1PKkk9layKbtnnlfYD3qqtCnjjxiyuL28ycEPaJ5e3sSfSvJllaS2sQjJy+JmeP4M5oF7fNFE4+06JxPfVzIMZufpOVObPW6UMcZb5lVTWD2SjFZVcvjxR31S5Mer4ln0kRRVXRRlRxBS5iqnfgV6ABV1B3IM230TJBqX12zDlCN2Q8rg7BxEDrpXXEq/XXt6Ga5bnwepl1Bp2/NWIzPPsuV0amGB6jq03sGWeEvsIxXE7WHDCxZVJXq++GRfcLSUZl1vRmM6+XI6aVK+QCkeTknUf8I1/lFtEfopfsw1eZtYs/lFwXZOxjzdJDyfzXVa1lsXSdFwan75yfg8vYIYsyFaF7obOWsYWN5jRom/+lxtsbS+32kYw/vQ3ROlbq0kGy9y+igMdPkkeLsOPV1D++RFarwSyG5lK7acNVOMYuM7MOikgqSisLolevCpLh2UJ5s5HqinLNms2+2HI3HVKcGLX04SPvKQ3SCEKR9WB/+hsivch5547YqJf4msqIDWjtPVgvLvBIKU5IQ4vOFPp9ol6Q06xs4B3bCz3rXXklx6aexHOGZFS+rMKko6vi1jLqLSeRxk/Z15JejNEMOxZxYxOscv0vqZ68epb11D63R8RVNa0zVU0Zr9Wi61uJa5wUdsy5o3uujyxLL1aYbzwzSZzs9XUmffvG4NKuXW93YaxhljB0B3nUwe4RPnyLps40BZnRsU2qF5YxwfaH97Pijhk+KOimi4bi5VpwCs567gzQD+olF74cSyVmcZFR7+N5PllKrk9S6kdZAR8OwyG2jZaEiSxldwjMVdB2vc4e1P7r4/HU/rVydfP7izLg6GjWt5ANdS+4cWTnG0XmYllgEWW10pevF5Hw+7DnlXWjZv4/qOIehmDJxA+UJvYPZnUQ9EevJWD/U0ucgnTC6OTjWo4usPSrreDfbSm+uTVLfipHMk+wYW2yc+bKGlCvRaCvPIks2Z3c2GpPtTryUTkT03mYb7Tabxd5viQ+Hvh6mO0eTZp/ditO/lc5YajhHNlIOTI2vhcajrrZ05VXlw5wh5ky+YU+i1+B+knqUnghStaR3aX18Nu+efRdYRiFEo0tfl9J49atSp1g9ZStxG7+1qRCt/2+ebqOZoq3p8NkZbUqRbYD2vO1Us7hZsJ/3eQ2e7+Klrk1SajvXvs6Y1tHtoXoi2jdEbfGSVidt3wAx9TNHJ83tML2H02+CjvrIWHUJZDhnv87Jv7vv0OeYuvb0O19JtIvUM6iCdpI1lDFDSevovAWLenuQ3qv1c2Z15YfpLVwvZQXnez0OqtB7v4+nrrrEWjRSXA7H5AE9C4eIzztzqi+xdPMZyk7Puxx9fllPd7o+j33LszXpueDsmHXuCPN7NncPEaS7DvRoo1XUvZYrXHx2KrsMGtRRZnR2KqPtXTddUl0cW7Wc/pj36vE1tm1l4la93urHr6KM9/SKS7AvqeT3EI0xo2jzd2JBtWeWx1u05juRG38S5a0kkpEcX4X46aBzVEOclELrSjOW0f2tQLzeldZ6t9OIHqQMFJ9vY88E423aNtLbGzWvd6dg9Ozn3wd0k75O/mwVGiiMvMutt3si5adzsnmij07qB/mkvm9kRjkVS63vt/GjveoySI3Oh16ecV0kPUz/2pwMmX8l4OxS3fdHIXpv5bzXaIqpUr2MwxwJd9x7uRqp2tC1eiNX7Bsvg6e8Y2K99QiVOwLXpvj9bGeC/WyyVWyEuJzfwzh7EWdHpK9rY1q9krZ8Z5IS1bb5Bq52y1PsZN+mRGveBUnXvM5et4XODUrp/F+pk4Es7LiUmpsWCOQCR4CJwACQrgKBccDDuL4dOAmk4T4A7EnHBz7nAblADjAGKACWAJOBfGAmMAuYA0wBisBRqDRFjprl/CRVfYv/+OeOKg3tp0S7/m8hrqfjL5N/rZXHn/q7LOfnqtQWoDmqV0OVXsDf51MGcNoWcdt82iVSW85MbltA+33nuSWsxz56txTVo5D1SBd6pAs9srktQ7TNdO0SbdN0P7Z/vIdfy91Ib1Gj7UtZbkDIzaR3wo6+ywSft5/LN8mCbznzLRd8kwx8ky34VjDfCsE32cCXbcG3kvlWCr5sA1+OBV8R8xUJvhwD31QLviDzBQXfVAPfNAu+Vcy3SvBNM/BNt+BbzXyrBd90A98VFnxrmG+N4LvCwDfDgq+Y+YoF3wwD30wLvrXMt1bwzTTwzbLgK2G+EsE3y8A324JvHfOtE3yzDXxzLPjWM996wTfHwDfXgm8D820QfHMNfLkWfBuZb6PgyzXw5VnwbWK+TYIvz8A3z4JvM/NtFnzzDHz5FnxbmG+L4Ms38M234LuS+a4UfPMNfAss+K5ivqsE3wID30ILvquZ72rBt9DAt8iCbyvzbRV8iwx8BRZ81zDfNYKvwMC32I
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483000213",
|
||
|
"to_ids": false,
|
||
|
"type": "attachment",
|
||
|
"uuid": "5864c995-92e8-4098-83c9-4906950d210f",
|
||
|
"value": "picture.apk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483000806",
|
||
|
"to_ids": false,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5864cbe6-055c-4dfc-9da3-4d0f950d210f",
|
||
|
"value": "935d6933cd679085185d2f05645bf843f849654a"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483000854",
|
||
|
"to_ids": false,
|
||
|
"type": "sha224",
|
||
|
"uuid": "5864cc16-c8e4-4ed9-a4d6-4b7f950d210f",
|
||
|
"value": "5d6dc524ce96b1bb5e96d8dc116ff53b457ffb7f16afd9019a0dd8e9"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483000913",
|
||
|
"to_ids": false,
|
||
|
"type": "sha384",
|
||
|
"uuid": "5864cc51-1664-418a-8e9b-4520950d210f",
|
||
|
"value": "302d83d92882003081448357ba1ebbfc5528f7c164b615e7a5c532eb6209f35eb05c442460222236a13732a28aa0f4d3"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483000952",
|
||
|
"to_ids": false,
|
||
|
"type": "sha512",
|
||
|
"uuid": "5864cc78-423c-458b-8b76-48c9950d210f",
|
||
|
"value": "68cdc9f8bbe6dec883b27a79d9382a536e3cb84a66517e60b49bdbd9c52090bef4c31d4ac98c2871198d4ac83f105506662a96d48c24a5281fd6e4a3077639c4"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483000980",
|
||
|
"to_ids": false,
|
||
|
"type": "filename",
|
||
|
"uuid": "5864cc94-f1d0-4171-94e8-4fdd950d210f",
|
||
|
"value": "picture.apk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "Content of the SMS text. XXX was redacted and the name of the victim",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1483001331",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "5864cdf3-dafc-4f45-a412-4ff6950d210f",
|
||
|
"value": "Bonjour XXX jai trouA tes photos privAs ici http://bit.ly/2fY0Zhw clique pour les voir"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|