misp-circl-feed/feeds/circl/stix-2.1/5a216518-dd10-4191-9ac8-4919950d210f.json

469 lines
20 KiB
JSON
Raw Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5a216518-dd10-4191-9ac8-4919950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:37:22.000Z",
"modified": "2017-12-03T06:37:22.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a216518-dd10-4191-9ac8-4919950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:37:22.000Z",
"modified": "2017-12-03T06:37:22.000Z",
"name": "OSINT - Google Discovers New Tizi Android Spyware",
"published": "2017-12-03T06:37:37Z",
"object_refs": [
"indicator--5a2167bd-e750-4d4a-b4f2-4c20950d210f",
"indicator--5a2167bd-5f98-45bc-a1b5-4862950d210f",
"indicator--5a2167bd-e184-46a4-98e8-43eb950d210f",
"indicator--5a2167bd-d7fc-4be3-ab49-488d950d210f",
"indicator--5a2167bd-5ebc-4c51-9b93-4f70950d210f",
"indicator--5a2167bd-fb5c-4b49-b44f-43c6950d210f",
"observed-data--5a216d15-6b0c-4b76-9e83-41a6950d210f",
"url--5a216d15-6b0c-4b76-9e83-41a6950d210f",
"x-misp-attribute--5a216d33-5f44-4643-a153-4bb2950d210f",
"indicator--5a2398ff-ea08-42ea-a97e-bb2c02de0b81",
"indicator--5a2398ff-7da0-457c-9904-bb2c02de0b81",
"observed-data--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
"url--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
"indicator--5a2398ff-8f34-41cb-9e82-bb2c02de0b81",
"indicator--5a2398ff-2ad0-4330-b947-bb2c02de0b81",
"observed-data--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
"url--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
"indicator--5a239900-6dfc-4a68-aef0-bb2c02de0b81",
"indicator--5a239900-6ad0-4ebd-bc73-bb2c02de0b81",
"observed-data--5a239900-da84-4a68-89a5-bb2c02de0b81",
"url--5a239900-da84-4a68-89a5-bb2c02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\"",
"Android Malware",
"malware_classification:malware-category=\"Spyware\"",
"misp-galaxy:android=\"Tizi\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2167bd-e750-4d4a-b4f2-4c20950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"pattern": "[file:name = 'com.press.nasa.com.tanofresh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2167bd-5f98-45bc-a1b5-4862950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"description": "com.press.nasa.com.tanofresh",
"pattern": "[file:hashes.SHA256 = '4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2167bd-e184-46a4-98e8-43eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"pattern": "[file:name = 'com.dailyworkout.tizi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2167bd-d7fc-4be3-ab49-488d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"description": "com.dailyworkout.tizi",
"pattern": "[file:hashes.SHA256 = '7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2167bd-5ebc-4c51-9b93-4f70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"pattern": "[file:name = 'com.system.update.systemupdate']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2167bd-fb5c-4b49-b44f-43c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"description": "com.system.update.systemupdate",
"pattern": "[file:hashes.SHA256 = '7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a216d15-6b0c-4b76-9e83-41a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"first_observed": "2017-12-03T06:26:07Z",
"last_observed": "2017-12-03T06:26:07Z",
"number_observed": 1,
"object_refs": [
"url--5a216d15-6b0c-4b76-9e83-41a6950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a216d15-6b0c-4b76-9e83-41a6950d210f",
"value": "https://www.bleepingcomputer.com/news/security/google-discovers-new-tizi-android-spyware/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a216d33-5f44-4643-a153-4bb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Google's security team discovered a new strain of Android malware, named Tizi, and which has been used primarily to target users in African countries.\r\n\r\nCategorized as spyware, Google says Tizi can carry out a wide range of operations, but most focus on social media apps and activity."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2398ff-ea08-42ea-a97e-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"description": "com.system.update.systemupdate - Xchecked via VT: 7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e",
"pattern": "[file:hashes.SHA1 = '184152328f8662006376b6a0b5a50f5f9219c8ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2398ff-7da0-457c-9904-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"description": "com.system.update.systemupdate - Xchecked via VT: 7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e",
"pattern": "[file:hashes.MD5 = '9d073c17499632150dc72ac92590780d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"first_observed": "2017-12-03T06:26:07Z",
"last_observed": "2017-12-03T06:26:07Z",
"number_observed": 1,
"object_refs": [
"url--5a2398ff-21e4-4169-b6c8-bb2c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
"value": "https://www.virustotal.com/file/7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e/analysis/1512003768/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2398ff-8f34-41cb-9e82-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"description": "com.dailyworkout.tizi - Xchecked via VT: 7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f",
"pattern": "[file:hashes.SHA1 = '501ca245120882a82021c8b8a2e5304b6e03eef5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2398ff-2ad0-4330-b947-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"description": "com.dailyworkout.tizi - Xchecked via VT: 7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f",
"pattern": "[file:hashes.MD5 = 'abe47a9e7d8da5c3a4f7579b61e9d72f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:07.000Z",
"modified": "2017-12-03T06:26:07.000Z",
"first_observed": "2017-12-03T06:26:07Z",
"last_observed": "2017-12-03T06:26:07Z",
"number_observed": 1,
"object_refs": [
"url--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
"value": "https://www.virustotal.com/file/7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f/analysis/1512160033/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a239900-6dfc-4a68-aef0-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:08.000Z",
"modified": "2017-12-03T06:26:08.000Z",
"description": "com.press.nasa.com.tanofresh - Xchecked via VT: 4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7",
"pattern": "[file:hashes.SHA1 = '7ebdea26b6a0b7e9e7606d70c187ab0be934386e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a239900-6ad0-4ebd-bc73-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:08.000Z",
"modified": "2017-12-03T06:26:08.000Z",
"description": "com.press.nasa.com.tanofresh - Xchecked via VT: 4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7",
"pattern": "[file:hashes.MD5 = 'd0da76c2f0c5aa3ef5af897bec2f0e52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-03T06:26:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a239900-da84-4a68-89a5-bb2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-03T06:26:08.000Z",
"modified": "2017-12-03T06:26:08.000Z",
"first_observed": "2017-12-03T06:26:08Z",
"last_observed": "2017-12-03T06:26:08Z",
"number_observed": 1,
"object_refs": [
"url--5a239900-da84-4a68-89a5-bb2c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a239900-da84-4a68-89a5-bb2c02de0b81",
"value": "https://www.virustotal.com/file/4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7/analysis/1512212017/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}