469 lines
20 KiB
JSON
469 lines
20 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5a216518-dd10-4191-9ac8-4919950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:37:22.000Z",
|
||
|
"modified": "2017-12-03T06:37:22.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5a216518-dd10-4191-9ac8-4919950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:37:22.000Z",
|
||
|
"modified": "2017-12-03T06:37:22.000Z",
|
||
|
"name": "OSINT - Google Discovers New Tizi Android Spyware",
|
||
|
"published": "2017-12-03T06:37:37Z",
|
||
|
"object_refs": [
|
||
|
"indicator--5a2167bd-e750-4d4a-b4f2-4c20950d210f",
|
||
|
"indicator--5a2167bd-5f98-45bc-a1b5-4862950d210f",
|
||
|
"indicator--5a2167bd-e184-46a4-98e8-43eb950d210f",
|
||
|
"indicator--5a2167bd-d7fc-4be3-ab49-488d950d210f",
|
||
|
"indicator--5a2167bd-5ebc-4c51-9b93-4f70950d210f",
|
||
|
"indicator--5a2167bd-fb5c-4b49-b44f-43c6950d210f",
|
||
|
"observed-data--5a216d15-6b0c-4b76-9e83-41a6950d210f",
|
||
|
"url--5a216d15-6b0c-4b76-9e83-41a6950d210f",
|
||
|
"x-misp-attribute--5a216d33-5f44-4643-a153-4bb2950d210f",
|
||
|
"indicator--5a2398ff-ea08-42ea-a97e-bb2c02de0b81",
|
||
|
"indicator--5a2398ff-7da0-457c-9904-bb2c02de0b81",
|
||
|
"observed-data--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
|
||
|
"url--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
|
||
|
"indicator--5a2398ff-8f34-41cb-9e82-bb2c02de0b81",
|
||
|
"indicator--5a2398ff-2ad0-4330-b947-bb2c02de0b81",
|
||
|
"observed-data--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
|
||
|
"url--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
|
||
|
"indicator--5a239900-6dfc-4a68-aef0-bb2c02de0b81",
|
||
|
"indicator--5a239900-6ad0-4ebd-bc73-bb2c02de0b81",
|
||
|
"observed-data--5a239900-da84-4a68-89a5-bb2c02de0b81",
|
||
|
"url--5a239900-da84-4a68-89a5-bb2c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"Android Malware",
|
||
|
"malware_classification:malware-category=\"Spyware\"",
|
||
|
"misp-galaxy:android=\"Tizi\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2167bd-e750-4d4a-b4f2-4c20950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"pattern": "[file:name = 'com.press.nasa.com.tanofresh']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2167bd-5f98-45bc-a1b5-4862950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"description": "com.press.nasa.com.tanofresh",
|
||
|
"pattern": "[file:hashes.SHA256 = '4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2167bd-e184-46a4-98e8-43eb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"pattern": "[file:name = 'com.dailyworkout.tizi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2167bd-d7fc-4be3-ab49-488d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"description": "com.dailyworkout.tizi",
|
||
|
"pattern": "[file:hashes.SHA256 = '7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2167bd-5ebc-4c51-9b93-4f70950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"pattern": "[file:name = 'com.system.update.systemupdate']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"filename\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2167bd-fb5c-4b49-b44f-43c6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"description": "com.system.update.systemupdate",
|
||
|
"pattern": "[file:hashes.SHA256 = '7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a216d15-6b0c-4b76-9e83-41a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"first_observed": "2017-12-03T06:26:07Z",
|
||
|
"last_observed": "2017-12-03T06:26:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a216d15-6b0c-4b76-9e83-41a6950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a216d15-6b0c-4b76-9e83-41a6950d210f",
|
||
|
"value": "https://www.bleepingcomputer.com/news/security/google-discovers-new-tizi-android-spyware/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a216d33-5f44-4643-a153-4bb2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\"",
|
||
|
"osint:source-type=\"blog-post\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Google's security team discovered a new strain of Android malware, named Tizi, and which has been used primarily to target users in African countries.\r\n\r\nCategorized as spyware, Google says Tizi can carry out a wide range of operations, but most focus on social media apps and activity."
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2398ff-ea08-42ea-a97e-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"description": "com.system.update.systemupdate - Xchecked via VT: 7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e",
|
||
|
"pattern": "[file:hashes.SHA1 = '184152328f8662006376b6a0b5a50f5f9219c8ce']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2398ff-7da0-457c-9904-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"description": "com.system.update.systemupdate - Xchecked via VT: 7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e",
|
||
|
"pattern": "[file:hashes.MD5 = '9d073c17499632150dc72ac92590780d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"first_observed": "2017-12-03T06:26:07Z",
|
||
|
"last_observed": "2017-12-03T06:26:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a2398ff-21e4-4169-b6c8-bb2c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a2398ff-21e4-4169-b6c8-bb2c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7a956c754f003a219ea1d2205de3ef5bc354419985a487254b8aeb865442a55e/analysis/1512003768/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2398ff-8f34-41cb-9e82-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"description": "com.dailyworkout.tizi - Xchecked via VT: 7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f",
|
||
|
"pattern": "[file:hashes.SHA1 = '501ca245120882a82021c8b8a2e5304b6e03eef5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a2398ff-2ad0-4330-b947-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"description": "com.dailyworkout.tizi - Xchecked via VT: 7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f",
|
||
|
"pattern": "[file:hashes.MD5 = 'abe47a9e7d8da5c3a4f7579b61e9d72f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:07.000Z",
|
||
|
"modified": "2017-12-03T06:26:07.000Z",
|
||
|
"first_observed": "2017-12-03T06:26:07Z",
|
||
|
"last_observed": "2017-12-03T06:26:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a2398ff-ddf4-4e19-9f96-bb2c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7c6af091a7b0f04fb5b212bd3c180ddcc6abf7cd77478fd22595e5b7aa7cfd9f/analysis/1512160033/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a239900-6dfc-4a68-aef0-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:08.000Z",
|
||
|
"modified": "2017-12-03T06:26:08.000Z",
|
||
|
"description": "com.press.nasa.com.tanofresh - Xchecked via VT: 4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7",
|
||
|
"pattern": "[file:hashes.SHA1 = '7ebdea26b6a0b7e9e7606d70c187ab0be934386e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a239900-6ad0-4ebd-bc73-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:08.000Z",
|
||
|
"modified": "2017-12-03T06:26:08.000Z",
|
||
|
"description": "com.press.nasa.com.tanofresh - Xchecked via VT: 4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7",
|
||
|
"pattern": "[file:hashes.MD5 = 'd0da76c2f0c5aa3ef5af897bec2f0e52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-12-03T06:26:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a239900-da84-4a68-89a5-bb2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-12-03T06:26:08.000Z",
|
||
|
"modified": "2017-12-03T06:26:08.000Z",
|
||
|
"first_observed": "2017-12-03T06:26:08Z",
|
||
|
"last_observed": "2017-12-03T06:26:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a239900-da84-4a68-89a5-bb2c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a239900-da84-4a68-89a5-bb2c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4d780a6fc18458311250d4d1edc750468fdb9b3e4c950dce5b35d4567b47d4a7/analysis/1512212017/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|