1074 lines
47 KiB
JSON
1074 lines
47 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5a57af9d-a0ec-4e54-a44d-483302de0b81",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-12T03:00:34.000Z",
|
||
|
"modified": "2018-01-12T03:00:34.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5a57af9d-a0ec-4e54-a44d-483302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-12T03:00:34.000Z",
|
||
|
"modified": "2018-01-12T03:00:34.000Z",
|
||
|
"name": "OSINT - First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services",
|
||
|
"published": "2018-02-16T08:46:57Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5a57afa7-8ce0-494d-ab37-a42202de0b81",
|
||
|
"url--5a57afa7-8ce0-494d-ab37-a42202de0b81",
|
||
|
"x-misp-attribute--5a57afb4-44f4-4a4e-8220-466302de0b81",
|
||
|
"indicator--5a57afdd-4bf0-4561-9258-395902de0b81",
|
||
|
"indicator--5a57afdd-6840-472e-a6aa-395902de0b81",
|
||
|
"indicator--5a57b018-2d2c-4378-9cfc-3c5902de0b81",
|
||
|
"indicator--5a57b018-1330-4ca7-b9f9-3c5902de0b81",
|
||
|
"indicator--5a57b019-1f5c-4013-9bb8-3c5902de0b81",
|
||
|
"indicator--5a57b019-7774-4f34-bf82-3c5902de0b81",
|
||
|
"indicator--5a57b019-1000-45df-a397-3c5902de0b81",
|
||
|
"indicator--5a57b019-e96c-4880-b290-3c5902de0b81",
|
||
|
"indicator--5a57b019-6488-4aef-ab2f-3c5902de0b81",
|
||
|
"indicator--5a57b019-4864-4123-b207-3c5902de0b81",
|
||
|
"indicator--5a57b019-3e78-43ff-a9fb-3c5902de0b81",
|
||
|
"indicator--5a57b019-7df4-48b1-b615-3c5902de0b81",
|
||
|
"indicator--bc1cef6c-4d5a-436a-9579-8cd4b6d782b2",
|
||
|
"x-misp-object--1bf0aa26-cd3c-47a6-81ac-3afdca27d963",
|
||
|
"indicator--476c045c-ea54-420b-a03a-8b26fbe58a1b",
|
||
|
"x-misp-object--2105ed48-0685-4700-b987-90f75b49e94a",
|
||
|
"indicator--e894048c-7d7d-493b-8f2c-70fad8bcd38a",
|
||
|
"x-misp-object--ad758221-7d66-4cec-901f-37c6833698ec",
|
||
|
"indicator--76c68a27-afc3-4d94-866b-ffb5c7cdd2c4",
|
||
|
"x-misp-object--0a23e347-6cea-4755-b85b-f90a9c9e7541",
|
||
|
"indicator--080d7c7a-d09d-4d58-86fb-b3a5f2e8481e",
|
||
|
"x-misp-object--f0b92dc7-6edb-4f1e-8ea7-00651f07c42c",
|
||
|
"indicator--85c68cf1-f521-42e7-83e5-6809af80abad",
|
||
|
"x-misp-object--13297574-af51-485e-8807-1c7b66f655ec",
|
||
|
"indicator--ee58fd13-7578-4389-9c9c-c1ce4f99df7f",
|
||
|
"x-misp-object--c6570cb6-61e3-4cd2-8e44-cb309a0726cb",
|
||
|
"indicator--59c0d9e3-395f-444f-9080-64f72087ac06",
|
||
|
"x-misp-object--23fad007-c563-45d2-90d1-cda2d4d05347",
|
||
|
"indicator--05de6304-76c1-4b35-822e-bcde5a58d1f8",
|
||
|
"x-misp-object--d2c9839e-e81e-4a2b-91b4-f8520b27adee",
|
||
|
"relationship--dfa0db5a-0592-4c89-aa8a-4645f551db6a",
|
||
|
"relationship--7fee40cc-5c0d-4811-9888-a5d1ee7c9c1d",
|
||
|
"relationship--843e1811-747d-498e-8be3-c8fea7da0202",
|
||
|
"relationship--3dc6372c-c2ce-4749-b64e-2554a238c173",
|
||
|
"relationship--7ecec9e1-caea-4ab3-a934-51913e32da99",
|
||
|
"relationship--ebe90b08-32f1-4fa3-8de3-6d902a835a0f",
|
||
|
"relationship--f16875c4-7102-4d9c-a8a3-b1509d097835",
|
||
|
"relationship--c87482be-da31-4bc9-b260-7f3444116ddc",
|
||
|
"relationship--157511f1-c9c7-4acf-9b3e-b8791ba7f077"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"enisa:nefarious-activity-abuse=\"mobile-malware\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a57afa7-8ce0-494d-ab37-a42202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:45:10.000Z",
|
||
|
"modified": "2018-01-11T18:45:10.000Z",
|
||
|
"first_observed": "2018-01-11T18:45:10Z",
|
||
|
"last_observed": "2018-01-11T18:45:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a57afa7-8ce0-494d-ab37-a42202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a57afa7-8ce0-494d-ab37-a42202de0b81",
|
||
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/first-kotlin-developed-malicious-app-signs-users-premium-sms-services/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a57afb4-44f4-4a4e-8220-466302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:45:09.000Z",
|
||
|
"modified": "2018-01-11T18:45:09.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin\u00e2\u20ac\u201dan open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has 1,000-5,000 installs as of writing, is capable of remote command execution, information theft, SMS sending, URL forwarding, and click ad fraud. It can also sign up users for premium SMS subscription services without their permission."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57afdd-4bf0-4561-9258-395902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:06.000Z",
|
||
|
"modified": "2018-01-11T18:44:06.000Z",
|
||
|
"description": "C&C servers",
|
||
|
"pattern": "[url:value = 'http://adx.gmpmobi.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57afdd-6840-472e-a6aa-395902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:06.000Z",
|
||
|
"modified": "2018-01-11T18:44:06.000Z",
|
||
|
"description": "C&C servers",
|
||
|
"pattern": "[url:value = 'http://52.76.80.41']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b018-2d2c-4378-9cfc-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:32.000Z",
|
||
|
"modified": "2018-01-11T18:42:32.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = '77d0c7dd4b3d87be6d9dfb0a9c371b4d8eeadccb8fde41d942f1c35e5e3ec063']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b018-1330-4ca7-b9f9-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:32.000Z",
|
||
|
"modified": "2018-01-11T18:42:32.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = '5886316c0b54bbb7ce6978acdb1ab4e2cf2b1494647b9d9ad014802e6bf5c7b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-1f5c-4013-9bb8-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:32.000Z",
|
||
|
"modified": "2018-01-11T18:42:32.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = 'aeef3ff7cc543bbacb6ab4df8da639b98be8f3c225678a4d0935f467bc6d720e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-7774-4f34-bf82-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:33.000Z",
|
||
|
"modified": "2018-01-11T18:42:33.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = '621092856e20e628a577dbe9248649eae78d1af611d9168635b22057c6c7552b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-1000-45df-a397-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:33.000Z",
|
||
|
"modified": "2018-01-11T18:42:33.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = '329b9c5670ecdf25248e484e23c21bbc86f943d7573ff131c0dc71bc80812d1c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-e96c-4880-b290-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:33.000Z",
|
||
|
"modified": "2018-01-11T18:42:33.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = '2856f3d1282ddc6bcfe65b0c91a87d998edccb777387e3f998bc3b6f1d0b3342']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-6488-4aef-ab2f-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:33.000Z",
|
||
|
"modified": "2018-01-11T18:42:33.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = '4f649e0ea6a6f022e7a5701cecb5b7653d1334eb40918e52db8f3daacfb3b660']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-4864-4123-b207-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:33.000Z",
|
||
|
"modified": "2018-01-11T18:42:33.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ab2c4886a4e0681a55b29c653b506b66721a3f36a1b098afa7f56da6f89bf5de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-3e78-43ff-a9fb-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:33.000Z",
|
||
|
"modified": "2018-01-11T18:42:33.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = '7d3e61c2c58906e09d56121be94601744e362e6f8c6b7bf87472b62b0cf8ce57']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a57b019-7df4-48b1-b615-3c5902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:42:33.000Z",
|
||
|
"modified": "2018-01-11T18:42:33.000Z",
|
||
|
"description": "Malicious app",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b4822eeb71c83e4aab5ddfecfb58459e5c5e10d382a2364da1c42621f58e119b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:42:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--bc1cef6c-4d5a-436a-9579-8cd4b6d782b2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:09.000Z",
|
||
|
"modified": "2018-01-11T18:44:09.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '1d64514bc3391a1c0490d66fd219922e' AND file:hashes.SHA1 = '0a2b8a1012fbaeb0285025a43a4e467823eb1b2e' AND file:hashes.SHA256 = '5886316c0b54bbb7ce6978acdb1ab4e2cf2b1494647b9d9ad014802e6bf5c7b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--1bf0aa26-cd3c-47a6-81ac-3afdca27d963",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:06.000Z",
|
||
|
"modified": "2018-01-11T18:44:06.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/5886316c0b54bbb7ce6978acdb1ab4e2cf2b1494647b9d9ad014802e6bf5c7b8/analysis/1515614450/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b076-d2f4-4ab7-90a0-41b102de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "4/63",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b076-7f24-41a0-90c9-4ccb02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-10T20:00:50",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b076-3af4-4a65-a72c-4fe402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--476c045c-ea54-420b-a03a-8b26fbe58a1b",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:09.000Z",
|
||
|
"modified": "2018-01-11T18:44:09.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'd50e0523db467cf821df7ce3d8c0dc75' AND file:hashes.SHA1 = '9c79b28664797ae1b8af916226aeebd5060b1760' AND file:hashes.SHA256 = '77d0c7dd4b3d87be6d9dfb0a9c371b4d8eeadccb8fde41d942f1c35e5e3ec063']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--2105ed48-0685-4700-b987-90f75b49e94a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:06.000Z",
|
||
|
"modified": "2018-01-11T18:44:06.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/77d0c7dd4b3d87be6d9dfb0a9c371b4d8eeadccb8fde41d942f1c35e5e3ec063/analysis/1515685812/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b076-8eac-4262-9b4b-448e02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "13/63",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b076-1410-454e-8d2c-432902de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-11T15:50:12",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b076-ed18-4a2e-8f84-4c8202de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--e894048c-7d7d-493b-8f2c-70fad8bcd38a",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:09.000Z",
|
||
|
"modified": "2018-01-11T18:44:09.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'c0ffae6b8cdb5148533ea11810fb870e' AND file:hashes.SHA1 = '7e7f9e4fcca6f7517b1882e83d2e64470460c815' AND file:hashes.SHA256 = '329b9c5670ecdf25248e484e23c21bbc86f943d7573ff131c0dc71bc80812d1c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--ad758221-7d66-4cec-901f-37c6833698ec",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:07.000Z",
|
||
|
"modified": "2018-01-11T18:44:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/329b9c5670ecdf25248e484e23c21bbc86f943d7573ff131c0dc71bc80812d1c/analysis/1515614398/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-229c-466c-9fb3-482a02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "5/63",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-4148-4bb2-b46d-41f402de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-10T19:59:58",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-e530-42b2-b507-4e3002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--76c68a27-afc3-4d94-866b-ffb5c7cdd2c4",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:10.000Z",
|
||
|
"modified": "2018-01-11T18:44:10.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '9c66ff93022d399ab592d5587661c777' AND file:hashes.SHA1 = '3ec367d4aea942dbf161aef627f2dc8f3847a3a6' AND file:hashes.SHA256 = '7d3e61c2c58906e09d56121be94601744e362e6f8c6b7bf87472b62b0cf8ce57']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--0a23e347-6cea-4755-b85b-f90a9c9e7541",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:07.000Z",
|
||
|
"modified": "2018-01-11T18:44:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/7d3e61c2c58906e09d56121be94601744e362e6f8c6b7bf87472b62b0cf8ce57/analysis/1515693693/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-8070-4497-9e7a-4bd602de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "15/61",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-7aac-448d-a455-42da02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-11T18:01:33",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-dbc8-4d10-ae56-4eec02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--080d7c7a-d09d-4d58-86fb-b3a5f2e8481e",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:10.000Z",
|
||
|
"modified": "2018-01-11T18:44:10.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '05c310308d916af4c56a89f8bbe45783' AND file:hashes.SHA1 = '2cbffddfbfd727d7595e3c37cc4e1bf588486e2c' AND file:hashes.SHA256 = 'aeef3ff7cc543bbacb6ab4df8da639b98be8f3c225678a4d0935f467bc6d720e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--f0b92dc7-6edb-4f1e-8ea7-00651f07c42c",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:07.000Z",
|
||
|
"modified": "2018-01-11T18:44:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/aeef3ff7cc543bbacb6ab4df8da639b98be8f3c225678a4d0935f467bc6d720e/analysis/1515685805/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-d794-475e-a057-488002de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "9/63",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-94bc-4055-9c9f-414702de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-11T15:50:05",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-d464-4a45-b8e6-45c402de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--85c68cf1-f521-42e7-83e5-6809af80abad",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:10.000Z",
|
||
|
"modified": "2018-01-11T18:44:10.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '1cf1ed1a16ebe9aa92acd0857a73632a' AND file:hashes.SHA1 = 'd8d9b5b6ee549f842450f5fd73e88ba48c0fb1ba' AND file:hashes.SHA256 = 'ab2c4886a4e0681a55b29c653b506b66721a3f36a1b098afa7f56da6f89bf5de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--13297574-af51-485e-8807-1c7b66f655ec",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:07.000Z",
|
||
|
"modified": "2018-01-11T18:44:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/ab2c4886a4e0681a55b29c653b506b66721a3f36a1b098afa7f56da6f89bf5de/analysis/1515685808/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-7e74-4b45-a123-44bd02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "13/63",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-497c-49ec-a8ed-437202de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-11T15:50:08",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-b3f8-4044-bb43-491a02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ee58fd13-7578-4389-9c9c-c1ce4f99df7f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:10.000Z",
|
||
|
"modified": "2018-01-11T18:44:10.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'f15f17a6dd14785a12ab4b804cb16d3e' AND file:hashes.SHA1 = '3096250fe90826f05aee32474c7e20fe8a268e5b' AND file:hashes.SHA256 = '621092856e20e628a577dbe9248649eae78d1af611d9168635b22057c6c7552b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--c6570cb6-61e3-4cd2-8e44-cb309a0726cb",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:07.000Z",
|
||
|
"modified": "2018-01-11T18:44:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/621092856e20e628a577dbe9248649eae78d1af611d9168635b22057c6c7552b/analysis/1515688818/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b077-7ed8-4033-9d28-4a8c02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "12/62",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-ca70-4101-b2cc-476302de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-11T16:40:18",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-6bb0-47e3-bcbe-4ffb02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c0d9e3-395f-444f-9080-64f72087ac06",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:11.000Z",
|
||
|
"modified": "2018-01-11T18:44:11.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '43183779b1da5cb60b949ab38d3c69c0' AND file:hashes.SHA1 = '78a6859349f3503c40b54f8706ec97e6272c496c' AND file:hashes.SHA256 = 'b4822eeb71c83e4aab5ddfecfb58459e5c5e10d382a2364da1c42621f58e119b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--23fad007-c563-45d2-90d1-cda2d4d05347",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:08.000Z",
|
||
|
"modified": "2018-01-11T18:44:08.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/b4822eeb71c83e4aab5ddfecfb58459e5c5e10d382a2364da1c42621f58e119b/analysis/1515685803/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-a5fc-4c98-a267-45ad02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "9/63",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-5600-43a6-b9d7-408302de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-11T15:50:03",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-c784-4dc8-afa2-4c8002de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--05de6304-76c1-4b35-822e-bcde5a58d1f8",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:11.000Z",
|
||
|
"modified": "2018-01-11T18:44:11.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'a18a70c259276e30b6a6305f568ed700' AND file:hashes.SHA1 = 'd4743b60452d2ca240f0045fed4b4b90b9a8b638' AND file:hashes.SHA256 = '2856f3d1282ddc6bcfe65b0c91a87d998edccb777387e3f998bc3b6f1d0b3342']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-11T18:44:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--d2c9839e-e81e-4a2b-91b4-f8520b27adee",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-11T18:44:08.000Z",
|
||
|
"modified": "2018-01-11T18:44:08.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/2856f3d1282ddc6bcfe65b0c91a87d998edccb777387e3f998bc3b6f1d0b3342/analysis/1515685814/",
|
||
|
"category": "External analysis",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-58cc-4fc9-affe-415602de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "12/63",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-7444-4c22-8bb0-471802de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-11T15:50:14",
|
||
|
"category": "Other",
|
||
|
"comment": "Malicious app",
|
||
|
"uuid": "5a57b078-d3f8-4875-885b-436202de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--dfa0db5a-0592-4c89-aa8a-4645f551db6a",
|
||
|
"created": "2018-02-16T08:46:56.000Z",
|
||
|
"modified": "2018-02-16T08:46:56.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--bc1cef6c-4d5a-436a-9579-8cd4b6d782b2",
|
||
|
"target_ref": "x-misp-object--1bf0aa26-cd3c-47a6-81ac-3afdca27d963"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--7fee40cc-5c0d-4811-9888-a5d1ee7c9c1d",
|
||
|
"created": "2018-02-16T08:46:56.000Z",
|
||
|
"modified": "2018-02-16T08:46:56.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--476c045c-ea54-420b-a03a-8b26fbe58a1b",
|
||
|
"target_ref": "x-misp-object--2105ed48-0685-4700-b987-90f75b49e94a"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--843e1811-747d-498e-8be3-c8fea7da0202",
|
||
|
"created": "2018-02-16T08:46:57.000Z",
|
||
|
"modified": "2018-02-16T08:46:57.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--e894048c-7d7d-493b-8f2c-70fad8bcd38a",
|
||
|
"target_ref": "x-misp-object--ad758221-7d66-4cec-901f-37c6833698ec"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--3dc6372c-c2ce-4749-b64e-2554a238c173",
|
||
|
"created": "2018-02-16T08:46:57.000Z",
|
||
|
"modified": "2018-02-16T08:46:57.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--76c68a27-afc3-4d94-866b-ffb5c7cdd2c4",
|
||
|
"target_ref": "x-misp-object--0a23e347-6cea-4755-b85b-f90a9c9e7541"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--7ecec9e1-caea-4ab3-a934-51913e32da99",
|
||
|
"created": "2018-02-16T08:46:57.000Z",
|
||
|
"modified": "2018-02-16T08:46:57.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--080d7c7a-d09d-4d58-86fb-b3a5f2e8481e",
|
||
|
"target_ref": "x-misp-object--f0b92dc7-6edb-4f1e-8ea7-00651f07c42c"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--ebe90b08-32f1-4fa3-8de3-6d902a835a0f",
|
||
|
"created": "2018-02-16T08:46:57.000Z",
|
||
|
"modified": "2018-02-16T08:46:57.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--85c68cf1-f521-42e7-83e5-6809af80abad",
|
||
|
"target_ref": "x-misp-object--13297574-af51-485e-8807-1c7b66f655ec"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--f16875c4-7102-4d9c-a8a3-b1509d097835",
|
||
|
"created": "2018-02-16T08:46:57.000Z",
|
||
|
"modified": "2018-02-16T08:46:57.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ee58fd13-7578-4389-9c9c-c1ce4f99df7f",
|
||
|
"target_ref": "x-misp-object--c6570cb6-61e3-4cd2-8e44-cb309a0726cb"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--c87482be-da31-4bc9-b260-7f3444116ddc",
|
||
|
"created": "2018-02-16T08:46:57.000Z",
|
||
|
"modified": "2018-02-16T08:46:57.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--59c0d9e3-395f-444f-9080-64f72087ac06",
|
||
|
"target_ref": "x-misp-object--23fad007-c563-45d2-90d1-cda2d4d05347"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--157511f1-c9c7-4acf-9b3e-b8791ba7f077",
|
||
|
"created": "2018-02-16T08:46:57.000Z",
|
||
|
"modified": "2018-02-16T08:46:57.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--05de6304-76c1-4b35-822e-bcde5a58d1f8",
|
||
|
"target_ref": "x-misp-object--d2c9839e-e81e-4a2b-91b4-f8520b27adee"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|