{ "type": "bundle", "id": "bundle--56df115b-5030-4328-a9ee-4484950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:39.000Z", "modified": "2016-03-08T17:55:39.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--56df115b-5030-4328-a9ee-4484950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:39.000Z", "modified": "2016-03-08T17:55:39.000Z", "name": "BadMirror: New Android Malware Family Spotted by SherlockDroid", "published": "2016-03-08T17:55:47Z", "object_refs": [ "indicator--56df117b-4f04-4945-b56a-4591950d210f", "indicator--56df117b-ff24-431b-83d7-457f950d210f", "indicator--56df117b-fde8-4890-9b65-494f950d210f", "indicator--56df117b-9578-43b5-9155-416e950d210f", "indicator--56df119a-c078-4452-a404-5cd9950d210f", "indicator--56df119a-8a5c-42a6-ad39-5cd9950d210f", "indicator--56df119b-0e04-455d-9301-5cd9950d210f", "indicator--56df119b-4558-4616-9bd8-5cd9950d210f", "indicator--56df119b-1054-45de-a07a-5cd9950d210f", "indicator--56df119c-903c-49ca-ad6b-5cd9950d210f", "indicator--56df119c-5af8-4711-a455-5cd9950d210f", "indicator--56df119c-4f38-4f82-a8ee-5cd9950d210f", "indicator--56df119d-fdb0-4e36-add5-5cd9950d210f", "indicator--56df119d-2018-4457-b8c4-5cd9950d210f", "indicator--56df11ac-0c48-4f48-b57e-4206950d210f", "indicator--56df11f9-6a3c-45af-ab0e-460a02de0b81", "indicator--56df11f9-1fac-4cb2-b73e-45c702de0b81", "observed-data--56df11fa-6568-42b1-b6ba-415502de0b81", "url--56df11fa-6568-42b1-b6ba-415502de0b81", "indicator--56df11fa-fc88-41ef-b781-478a02de0b81", "indicator--56df11fa-7ad8-4ed6-9a63-471c02de0b81", "observed-data--56df11fa-5510-469d-8869-421b02de0b81", "url--56df11fa-5510-469d-8869-421b02de0b81", "observed-data--56df121b-9fd0-4b3e-b630-414c950d210f", "url--56df121b-9fd0-4b3e-b630-414c950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df117b-4f04-4945-b56a-4591950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:52:59.000Z", "modified": "2016-03-08T17:52:59.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'http://silent.googlestatistics.net:10055/api/sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:52:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df117b-ff24-431b-83d7-457f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:52:59.000Z", "modified": "2016-03-08T17:52:59.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'http://silent.800t.net:10055/api/sys']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:52:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df117b-fde8-4890-9b65-494f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:52:59.000Z", "modified": "2016-03-08T17:52:59.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'http://googlestatistics.net:10055/boxgame/appmore/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:52:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df117b-9578-43b5-9155-416e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:52:59.000Z", "modified": "2016-03-08T17:52:59.000Z", "description": "Imported via the freetext import.", "pattern": "[url:value = 'http://bg.800t.net:10055/appmore/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:52:59Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119a-c078-4452-a404-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:30.000Z", "modified": "2016-03-08T17:53:30.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = '835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119a-8a5c-42a6-ad39-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:30.000Z", "modified": "2016-03-08T17:53:30.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = 'ba56136e88e398a8e7f7c3c398b21550d17beb3ae533b579d6a1abf5de6d4d5c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119b-0e04-455d-9301-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:31.000Z", "modified": "2016-03-08T17:53:31.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = '171ccb5ef9ff1bbeb65912b7fbaa30724aa17f949e4ac75738d4fbf74ad6577c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119b-4558-4616-9bd8-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:31.000Z", "modified": "2016-03-08T17:53:31.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = '4393b8d81d6ccd5be5aa2652180dfb7213dca8a9f089c70edf4b2b1711aadeba']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119b-1054-45de-a07a-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:31.000Z", "modified": "2016-03-08T17:53:31.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = 'bad6b2f190c042e85c18fab79f3008bc167dd20a37a2382089e8c50910b2d8bb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119c-903c-49ca-ad6b-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:32.000Z", "modified": "2016-03-08T17:53:32.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = 'c17e327c1b35589317ad4f9f877fb260eac7fc4d1d8647bf1335348ce7ba1564']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119c-5af8-4711-a455-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:32.000Z", "modified": "2016-03-08T17:53:32.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = 'c684f0d3a87b8bc1f69291fa526ccad2fa71a4701cf55531b23509a985a36210']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119c-4f38-4f82-a8ee-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:32.000Z", "modified": "2016-03-08T17:53:32.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = '8721d98ef053e6f429cbc07a710b87b8048c8b8bb9788651f20e90281bb37ac5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119d-fdb0-4e36-add5-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:33.000Z", "modified": "2016-03-08T17:53:33.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = 'f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df119d-2018-4457-b8c4-5cd9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:53:33.000Z", "modified": "2016-03-08T17:53:33.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = '86e48e907a412f110db908234899037e6890872452b260274e03c5c736537932']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:53:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df11ac-0c48-4f48-b57e-4206950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:54:12.000Z", "modified": "2016-03-08T17:54:12.000Z", "description": "Samples", "pattern": "[file:hashes.SHA256 = 'a839afe5b67de0d7500f30cd787abfbcaf268c2684b8e247381e28e4bb18e551']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:54:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df11f9-6a3c-45af-ab0e-460a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:05.000Z", "modified": "2016-03-08T17:55:05.000Z", "description": "Samples - Xchecked via VT: f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6", "pattern": "[file:hashes.SHA1 = 'c3edf6fcdc0770c62cc03078051392db418fec7e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:55:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df11f9-1fac-4cb2-b73e-45c702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:05.000Z", "modified": "2016-03-08T17:55:05.000Z", "description": "Samples - Xchecked via VT: f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6", "pattern": "[file:hashes.MD5 = '415990651f6b53b6df3208bea7e5e29d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:55:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56df11fa-6568-42b1-b6ba-415502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:06.000Z", "modified": "2016-03-08T17:55:06.000Z", "first_observed": "2016-03-08T17:55:06Z", "last_observed": "2016-03-08T17:55:06Z", "number_observed": 1, "object_refs": [ "url--56df11fa-6568-42b1-b6ba-415502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56df11fa-6568-42b1-b6ba-415502de0b81", "value": "https://www.virustotal.com/file/f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6/analysis/1457418028/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df11fa-fc88-41ef-b781-478a02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:06.000Z", "modified": "2016-03-08T17:55:06.000Z", "description": "Samples - Xchecked via VT: 835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e", "pattern": "[file:hashes.SHA1 = '05d9c9eeded99da30bbddbb81150c0eff45d812e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:55:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--56df11fa-7ad8-4ed6-9a63-471c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:06.000Z", "modified": "2016-03-08T17:55:06.000Z", "description": "Samples - Xchecked via VT: 835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e", "pattern": "[file:hashes.MD5 = '4f437c0e4a424bc25c1a3abf26321d98']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-03-08T17:55:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56df11fa-5510-469d-8869-421b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:06.000Z", "modified": "2016-03-08T17:55:06.000Z", "first_observed": "2016-03-08T17:55:06Z", "last_observed": "2016-03-08T17:55:06Z", "number_observed": 1, "object_refs": [ "url--56df11fa-5510-469d-8869-421b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56df11fa-5510-469d-8869-421b02de0b81", "value": "https://www.virustotal.com/file/835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e/analysis/1457415536/" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--56df121b-9fd0-4b3e-b630-414c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-03-08T17:55:39.000Z", "modified": "2016-03-08T17:55:39.000Z", "first_observed": "2016-03-08T17:55:39Z", "last_observed": "2016-03-08T17:55:39Z", "number_observed": 1, "object_refs": [ "url--56df121b-9fd0-4b3e-b630-414c950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--56df121b-9fd0-4b3e-b630-414c950d210f", "value": "http://blog.fortinet.com/post/badmirror-new-android-malware-family-spotted-by-sherlockdroid" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }