2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--5d01fda4-353c-4011-854f-459c950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-08-23T09:59:37.000Z" ,
"modified" : "2019-08-23T09:59:37.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5d01fda4-353c-4011-854f-459c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-08-23T09:59:37.000Z" ,
"modified" : "2019-08-23T09:59:37.000Z" ,
"name" : "OSINT - Trojan downloader found on Google Play by @Maler360" ,
"published" : "2019-08-23T09:59:48Z" ,
"object_refs" : [
"x-misp-object--5d021052-19e0-4c1a-9f4e-4beb950d210f" ,
"indicator--5d02112e-2e34-48ce-9cc6-42aa950d210f" ,
"indicator--5d0211c5-e644-494f-9fb6-4475950d210f" ,
"indicator--1aff6893-393f-4b72-ac4d-9e083901d021" ,
"x-misp-object--97e74bae-c5ce-4338-8ccc-42d85a523d67" ,
"indicator--43258e1d-e7f7-4d86-81e2-be8ea5699a06" ,
"x-misp-object--e77b5597-90c3-4499-8562-25ffbea00286" ,
2023-05-19 09:05:37 +00:00
"relationship--aa7da1c8-d9bc-469d-ab3e-106e04606232" ,
"relationship--05e4a661-b0df-439f-ab97-bdb7dfb1fd44"
2023-04-21 14:44:17 +00:00
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"ms-caro-malware:malware-type=\"Trojan\"" ,
"ms-caro-malware-full:malware-type=\"Trojan\"" ,
"ecsirt:malicious-code=\"trojan\"" ,
"CERT-XLM:malicious-code=\"trojan-malware\"" ,
"malware_classification:malware-category=\"Trojan\"" ,
"type:OSINT" ,
"osint:lifetime=\"perpetual\"" ,
"osint:certainty=\"50\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--5d021052-19e0-4c1a-9f4e-4beb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-13T08:58:58.000Z" ,
"modified" : "2019-06-13T08:58:58.000Z" ,
"labels" : [
"misp:name=\"microblog\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "text" ,
"object_relation" : "post" ,
"value" : "Trojan downloader found on Google Play by @Maler360\r\n\r\n\r\n-once launched, hides itself icon\r\n-downloads additional app over HTTP\r\n-makes user install it\r\n-second app can then download additional apps & make user install them as \"Update Alert\" + display ads\r\n-100,000+ installs\r\n-reported" ,
"category" : "Other" ,
"uuid" : "5d021052-eaa4-46aa-834d-47e0950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "type" ,
"value" : "Twitter" ,
"category" : "Other" ,
"uuid" : "5d021053-7740-497d-b628-4080950d210f"
} ,
{
"type" : "url" ,
"object_relation" : "url" ,
"value" : "https://mobile.twitter.com/LukasStefanko/status/1138764352411131905" ,
"category" : "Network activity" ,
"to_ids" : true ,
"uuid" : "5d021053-c424-4754-a928-4d60950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username-quoted" ,
"value" : "@Maler360" ,
"category" : "Other" ,
"uuid" : "5d021053-5310-4d89-9100-4cc4950d210f"
} ,
{
"type" : "text" ,
"object_relation" : "username" ,
"value" : "LukasStefanko" ,
"category" : "Other" ,
"uuid" : "5d021053-f308-4168-8167-4f9a950d210f"
} ,
{
"type" : "datetime" ,
"object_relation" : "creation-date" ,
"value" : "2019-06-12T13:05:00" ,
"category" : "Other" ,
"uuid" : "5d021053-5a70-46c7-938e-47dc950d210f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "microblog"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d02112e-2e34-48ce-9cc6-42aa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-13T09:02:38.000Z" ,
"modified" : "2019-06-13T09:02:38.000Z" ,
"pattern" : "[file:hashes.MD5 = '6d48cf90e0af21da5e516f0009efcc7f' AND file:name = 'com.pippa.amazingmonstercar']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-13T09:02:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5d0211c5-e644-494f-9fb6-4475950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-06-13T09:05:09.000Z" ,
"modified" : "2019-06-13T09:05:09.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f64cbd33651a99b08a9168607a2374d1' AND file:name = 'nightdescent.apk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-06-13T09:05:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--1aff6893-393f-4b72-ac4d-9e083901d021" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-08-23T09:59:23.000Z" ,
"modified" : "2019-08-23T09:59:23.000Z" ,
"pattern" : "[file:hashes.MD5 = 'f64cbd33651a99b08a9168607a2374d1' AND file:hashes.SHA1 = 'a16bb93ee35e7636e4f824010ddbba975a7db5ed' AND file:hashes.SHA256 = '3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-08-23T09:59:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--97e74bae-c5ce-4338-8ccc-42d85a523d67" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-08-23T09:59:23.000Z" ,
"modified" : "2019-08-23T09:59:23.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-30T19:04:50" ,
"category" : "Other" ,
"uuid" : "230977f5-f6de-4656-b687-80da6fea7b01"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7/analysis/1561921490/" ,
"category" : "Payload delivery" ,
"uuid" : "cace9e83-b407-4f5f-8650-67b59112656b"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "24/61" ,
"category" : "Payload delivery" ,
"uuid" : "7f114609-9d79-47f5-a3f9-1ab3d9abd96f"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--43258e1d-e7f7-4d86-81e2-be8ea5699a06" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-08-23T09:59:24.000Z" ,
"modified" : "2019-08-23T09:59:24.000Z" ,
"pattern" : "[file:hashes.MD5 = '6d48cf90e0af21da5e516f0009efcc7f' AND file:hashes.SHA1 = '83dbf7f9097aa314c64d1ed50a7a112ca87ed38d' AND file:hashes.SHA256 = '32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2019-08-23T09:59:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "file"
}
] ,
"labels" : [
"misp:name=\"file\"" ,
"misp:meta-category=\"file\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-object" ,
"spec_version" : "2.1" ,
"id" : "x-misp-object--e77b5597-90c3-4499-8562-25ffbea00286" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2019-08-23T09:59:24.000Z" ,
"modified" : "2019-08-23T09:59:24.000Z" ,
"labels" : [
"misp:name=\"virustotal-report\"" ,
"misp:meta-category=\"misc\""
] ,
"x_misp_attributes" : [
{
"type" : "datetime" ,
"object_relation" : "last-submission" ,
"value" : "2019-06-30T19:04:34" ,
"category" : "Other" ,
"uuid" : "bd891f80-8e4c-4dc6-801a-dc838de32a1a"
} ,
{
"type" : "link" ,
"object_relation" : "permalink" ,
"value" : "https://www.virustotal.com/file/32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c/analysis/1561921474/" ,
"category" : "Payload delivery" ,
"uuid" : "24a845de-e030-41f1-893e-d0b69cdfb811"
} ,
{
"type" : "text" ,
"object_relation" : "detection-ratio" ,
"value" : "16/60" ,
"category" : "Payload delivery" ,
"uuid" : "55169594-dc67-4c52-8b57-5b134a3fdd8e"
}
] ,
"x_misp_meta_category" : "misc" ,
"x_misp_name" : "virustotal-report"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--aa7da1c8-d9bc-469d-ab3e-106e04606232" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-08-23T09:59:25.000Z" ,
"modified" : "2019-08-23T09:59:25.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--1aff6893-393f-4b72-ac4d-9e083901d021" ,
"target_ref" : "x-misp-object--97e74bae-c5ce-4338-8ccc-42d85a523d67"
} ,
{
"type" : "relationship" ,
"spec_version" : "2.1" ,
2023-05-19 09:05:37 +00:00
"id" : "relationship--05e4a661-b0df-439f-ab97-bdb7dfb1fd44" ,
2023-04-21 14:44:17 +00:00
"created" : "2019-08-23T09:59:25.000Z" ,
"modified" : "2019-08-23T09:59:25.000Z" ,
"relationship_type" : "analysed-with" ,
"source_ref" : "indicator--43258e1d-e7f7-4d86-81e2-be8ea5699a06" ,
"target_ref" : "x-misp-object--e77b5597-90c3-4499-8562-25ffbea00286"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}