misp-circl-feed/feeds/circl/stix-2.1/58fce117-452c-42ed-a2dc-b64a950d210f.json

{
    "type": "bundle",
    "id": "bundle--58fce117-452c-42ed-a2dc-b64a950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T21:00:49.000Z",
            "modified": "2017-04-23T21:00:49.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--58fce117-452c-42ed-a2dc-b64a950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T21:00:49.000Z",
            "modified": "2017-04-23T21:00:49.000Z",
            "name": "OSINT - FlexSpy Application Analysis",
            "published": "2017-04-23T21:01:36Z",
            "object_refs": [
                "observed-data--58fce124-1a0c-4d73-904b-dbd5950d210f",
                "url--58fce124-1a0c-4d73-904b-dbd5950d210f",
                "x-misp-attribute--58fce13b-fadc-4e55-a0d4-46ea950d210f",
                "indicator--58fce173-d508-4f0f-8a89-dba6950d210f",
                "indicator--58fce174-1b68-4e69-b27f-dba6950d210f",
                "indicator--58fce175-c7b4-4488-8f4d-dba6950d210f",
                "indicator--58fce1bc-783c-4960-a449-dba5950d210f",
                "indicator--58fce1bd-c0a4-4862-a657-dba5950d210f",
                "indicator--58fd15fe-c4ac-4a6c-bbd3-4815950d210f",
                "indicator--58fd1600-dcf8-4103-af30-4e0f950d210f"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "circl:incident-classification=\"malware\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--58fce124-1a0c-4d73-904b-dbd5950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T17:19:31.000Z",
            "modified": "2017-04-23T17:19:31.000Z",
            "first_observed": "2017-04-23T17:19:31Z",
            "last_observed": "2017-04-23T17:19:31Z",
            "number_observed": 1,
            "object_refs": [
                "url--58fce124-1a0c-4d73-904b-dbd5950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\"",
                "osint:source-type=\"blog-post\"",
                "admiralty-scale:source-reliability=\"f\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--58fce124-1a0c-4d73-904b-dbd5950d210f",
            "value": "http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--58fce13b-fadc-4e55-a0d4-46ea950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T17:19:32.000Z",
            "modified": "2017-04-23T17:19:32.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\"",
                "osint:source-type=\"blog-post\"",
                "admiralty-scale:source-reliability=\"f\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "On 04/22/2017 FlexiDie released source code and binaries for FlexiSpy\u00e2\u20ac\u2122s mobile spyware program. Being a good reverse engineer that I am, my analysis is below. The IOC section is intended for other reverse engineers and antivirus vendors. General Overview is intended for journalists. I will release a detailed technical teardown in a day or two."
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58fce173-d508-4f0f-8a89-dba6950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T17:16:35.000Z",
            "modified": "2017-04-23T17:16:35.000Z",
            "description": "(found in com.vvt.phoenix.prot.test.CSMTest",
            "pattern": "[url:value = 'http://58.137.119.229/RainbowCore/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-04-23T17:16:35Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58fce174-1b68-4e69-b27f-dba6950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T17:16:36.000Z",
            "modified": "2017-04-23T17:16:36.000Z",
            "description": "found in source//location_capture/tests/location_capture_tests/src/com/vvt/locationcapture/tests/Location_capture_testsActivity.java:",
            "pattern": "[url:value = 'http://trkps.com/m.php?lat=\\\\%f&long=\\\\%f&t=\\\\%s&i=\\\\%s&z=5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-04-23T17:16:36Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58fce175-c7b4-4488-8f4d-dba6950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T17:16:37.000Z",
            "modified": "2017-04-23T17:16:37.000Z",
            "description": "On port 8880",
            "pattern": "[url:value = 'http://202.176.88.55']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-04-23T17:16:37Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58fce1bc-783c-4960-a449-dba5950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T17:17:48.000Z",
            "modified": "2017-04-23T17:17:48.000Z",
            "description": "Another IP address was found commented out in the code base //private String mUrl =",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.176.88.55']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-04-23T17:17:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58fce1bd-c0a4-4862-a657-dba5950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T17:17:49.000Z",
            "modified": "2017-04-23T17:17:49.000Z",
            "description": "(found in com.vvt.phoenix.prot.test.CSMTest)",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.229']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-04-23T17:17:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58fd15fe-c4ac-4a6c-bbd3-4815950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T21:00:46.000Z",
            "modified": "2017-04-23T21:00:46.000Z",
            "description": "In sample comments",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.224']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-04-23T21:00:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58fd1600-dcf8-4103-af30-4e0f950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-04-23T21:00:48.000Z",
            "modified": "2017-04-23T21:00:48.000Z",
            "description": "In sample comments",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.239']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-04-23T21:00:48Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}
chg: [misp-stix] STIX 2.1 export added 2023-04-21 14:44:17 +00:00			`{`
			`"type": "bundle",`
			`"id": "bundle--58fce117-452c-42ed-a2dc-b64a950d210f",`
			`"objects": [`
			`{`
			`"type": "identity",`
			`"spec_version": "2.1",`
			`"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T21:00:49.000Z",`
			`"modified": "2017-04-23T21:00:49.000Z",`
			`"name": "CIRCL",`
			`"identity_class": "organization"`
			`},`
			`{`
			`"type": "report",`
			`"spec_version": "2.1",`
			`"id": "report--58fce117-452c-42ed-a2dc-b64a950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T21:00:49.000Z",`
			`"modified": "2017-04-23T21:00:49.000Z",`
			`"name": "OSINT - FlexSpy Application Analysis",`
			`"published": "2017-04-23T21:01:36Z",`
			`"object_refs": [`
			`"observed-data--58fce124-1a0c-4d73-904b-dbd5950d210f",`
			`"url--58fce124-1a0c-4d73-904b-dbd5950d210f",`
			`"x-misp-attribute--58fce13b-fadc-4e55-a0d4-46ea950d210f",`
			`"indicator--58fce173-d508-4f0f-8a89-dba6950d210f",`
			`"indicator--58fce174-1b68-4e69-b27f-dba6950d210f",`
			`"indicator--58fce175-c7b4-4488-8f4d-dba6950d210f",`
			`"indicator--58fce1bc-783c-4960-a449-dba5950d210f",`
			`"indicator--58fce1bd-c0a4-4862-a657-dba5950d210f",`
			`"indicator--58fd15fe-c4ac-4a6c-bbd3-4815950d210f",`
			`"indicator--58fd1600-dcf8-4103-af30-4e0f950d210f"`
			`],`
			`"labels": [`
			`"Threat-Report",`
			`"misp:tool=\"MISP-STIX-Converter\"",`
			`"circl:incident-classification=\"malware\""`
			`],`
			`"object_marking_refs": [`
			`"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"`
			`]`
			`},`
			`{`
			`"type": "observed-data",`
			`"spec_version": "2.1",`
			`"id": "observed-data--58fce124-1a0c-4d73-904b-dbd5950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T17:19:31.000Z",`
			`"modified": "2017-04-23T17:19:31.000Z",`
			`"first_observed": "2017-04-23T17:19:31Z",`
			`"last_observed": "2017-04-23T17:19:31Z",`
			`"number_observed": 1,`
			`"object_refs": [`
			`"url--58fce124-1a0c-4d73-904b-dbd5950d210f"`
			`],`
			`"labels": [`
			`"misp:type=\"link\"",`
			`"misp:category=\"External analysis\"",`
			`"osint:source-type=\"blog-post\"",`
			`"admiralty-scale:source-reliability=\"f\""`
			`]`
			`},`
			`{`
			`"type": "url",`
			`"spec_version": "2.1",`
			`"id": "url--58fce124-1a0c-4d73-904b-dbd5950d210f",`
			`"value": "http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html"`
			`},`
			`{`
			`"type": "x-misp-attribute",`
			`"spec_version": "2.1",`
			`"id": "x-misp-attribute--58fce13b-fadc-4e55-a0d4-46ea950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T17:19:32.000Z",`
			`"modified": "2017-04-23T17:19:32.000Z",`
			`"labels": [`
			`"misp:type=\"text\"",`
			`"misp:category=\"External analysis\"",`
			`"osint:source-type=\"blog-post\"",`
			`"admiralty-scale:source-reliability=\"f\""`
			`],`
			`"x_misp_category": "External analysis",`
			`"x_misp_type": "text",`
			`"x_misp_value": "On 04/22/2017 FlexiDie released source code and binaries for FlexiSpy\u00e2\u20ac\u2122s mobile spyware program. Being a good reverse engineer that I am, my analysis is below. The IOC section is intended for other reverse engineers and antivirus vendors. General Overview is intended for journalists. I will release a detailed technical teardown in a day or two."`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58fce173-d508-4f0f-8a89-dba6950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T17:16:35.000Z",`
			`"modified": "2017-04-23T17:16:35.000Z",`
			`"description": "(found in com.vvt.phoenix.prot.test.CSMTest",`
			`"pattern": "[url:value = 'http://58.137.119.229/RainbowCore/']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-04-23T17:16:35Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"url\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58fce174-1b68-4e69-b27f-dba6950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T17:16:36.000Z",`
			`"modified": "2017-04-23T17:16:36.000Z",`
			`"description": "found in source//location_capture/tests/location_capture_tests/src/com/vvt/locationcapture/tests/Location_capture_testsActivity.java:",`
			`"pattern": "[url:value = 'http://trkps.com/m.php?lat=\\\\%f&long=\\\\%f&t=\\\\%s&i=\\\\%s&z=5']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-04-23T17:16:36Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"url\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58fce175-c7b4-4488-8f4d-dba6950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T17:16:37.000Z",`
			`"modified": "2017-04-23T17:16:37.000Z",`
			`"description": "On port 8880",`
			`"pattern": "[url:value = 'http://202.176.88.55']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-04-23T17:16:37Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"url\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58fce1bc-783c-4960-a449-dba5950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T17:17:48.000Z",`
			`"modified": "2017-04-23T17:17:48.000Z",`
			`"description": "Another IP address was found commented out in the code base //private String mUrl =",`
			`"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '202.176.88.55']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-04-23T17:17:48Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"ip-dst\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58fce1bd-c0a4-4862-a657-dba5950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T17:17:49.000Z",`
			`"modified": "2017-04-23T17:17:49.000Z",`
			`"description": "(found in com.vvt.phoenix.prot.test.CSMTest)",`
			`"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.229']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-04-23T17:17:49Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"ip-dst\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58fd15fe-c4ac-4a6c-bbd3-4815950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T21:00:46.000Z",`
			`"modified": "2017-04-23T21:00:46.000Z",`
			`"description": "In sample comments",`
			`"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.224']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-04-23T21:00:46Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"ip-dst\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "indicator",`
			`"spec_version": "2.1",`
			`"id": "indicator--58fd1600-dcf8-4103-af30-4e0f950d210f",`
			`"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",`
			`"created": "2017-04-23T21:00:48.000Z",`
			`"modified": "2017-04-23T21:00:48.000Z",`
			`"description": "In sample comments",`
			`"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.137.119.239']",`
			`"pattern_type": "stix",`
			`"pattern_version": "2.1",`
			`"valid_from": "2017-04-23T21:00:48Z",`
			`"kill_chain_phases": [`
			`{`
			`"kill_chain_name": "misp-category",`
			`"phase_name": "Network activity"`
			`}`
			`],`
			`"labels": [`
			`"misp:type=\"ip-dst\"",`
			`"misp:category=\"Network activity\"",`
			`"misp:to_ids=\"True\""`
			`]`
			`},`
			`{`
			`"type": "marking-definition",`
			`"spec_version": "2.1",`
			`"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",`
			`"created": "2017-01-20T00:00:00.000Z",`
			`"definition_type": "tlp",`
			`"name": "TLP:WHITE",`
			`"definition": {`
			`"tlp": "white"`
			`}`
			`}`
			`]`
			`}`