{ "type": "bundle", "id": "bundle--58c64efa-2860-4f3d-a604-4007950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--58c64efa-2860-4f3d-a604-4007950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "name": "OSINT - Preinstalled Malware Targeting Mobile Users", "published": "2017-03-13T09:47:02Z", "object_refs": [ "indicator--58c65793-6518-45ec-a584-4407950d210f", "indicator--58c65794-fcec-472b-93f4-4713950d210f", "indicator--58c65795-cd0c-4387-a77e-4dab950d210f", "indicator--58c65795-0660-4655-81ad-47bd950d210f", "indicator--58c65796-5e24-4a35-b228-4a33950d210f", "indicator--58c65797-b748-4567-801d-4265950d210f", "indicator--58c65798-1d74-4e39-9092-45f0950d210f", "indicator--58c65799-3420-4b10-8ded-45dd950d210f", "indicator--58c6579a-7cf0-4896-8125-4860950d210f", "indicator--58c6579a-be64-4337-a1fc-434f950d210f", "indicator--58c6579b-6668-4b05-a5ad-4b96950d210f", "indicator--58c6579c-db6c-40c4-86ac-481c950d210f", "indicator--58c6579d-a18c-4501-a86b-4ae1950d210f", "indicator--58c6579d-6b70-4249-8aaa-4b83950d210f", "indicator--58c6579e-c630-4903-a0f7-42b1950d210f", "indicator--58c6579f-8c08-4175-ad8f-40c0950d210f", "indicator--58c657a0-d6f0-4cab-9114-438d950d210f", "indicator--58c657a1-8434-4ec4-a52c-4517950d210f", "indicator--58c657a2-694c-43e8-af85-44e0950d210f", "indicator--58c657a3-0de0-44f1-9a69-4cb7950d210f", "indicator--58c657a4-fd18-4687-baa0-4948950d210f", "x-misp-attribute--58c65a08-4ee8-4909-958e-42da950d210f", "x-misp-attribute--58c65a09-ab54-4168-ac3b-413c950d210f", "x-misp-attribute--58c65a0a-c670-4477-82ec-4218950d210f", "x-misp-attribute--58c65a0b-bbc0-4133-80d2-4f37950d210f", "x-misp-attribute--58c65a0b-4c38-4b04-a8a7-4041950d210f", "x-misp-attribute--58c65a0c-a568-4e4c-9d33-4b70950d210f", "x-misp-attribute--58c65a0d-8848-4b06-bd97-41e3950d210f", "x-misp-attribute--58c65a0e-eba4-4793-8b12-445d950d210f", "x-misp-attribute--58c65a0f-580c-4d47-8f8e-48e9950d210f", "x-misp-attribute--58c65a10-399c-4fd1-9f1d-4e4d950d210f", "x-misp-attribute--58c65a11-a5bc-4a00-8e42-4d0b950d210f", "x-misp-attribute--58c65a12-bff4-4cce-a75c-44e0950d210f", "x-misp-attribute--58c65a13-a2d4-4be3-8525-4e98950d210f", "x-misp-attribute--58c65a14-10dc-4bf3-85e9-4dad950d210f", "x-misp-attribute--58c65a15-d7a4-44c7-9106-46dc950d210f", "x-misp-attribute--58c65a15-f0f0-4df1-a35a-4b7b950d210f", "x-misp-attribute--58c65a16-f5b4-44cc-ba41-4ada950d210f", "x-misp-attribute--58c65a17-78f8-480a-9d4f-439a950d210f", "x-misp-attribute--58c65a18-7de4-4678-be2c-4cdc950d210f", "observed-data--58c65a64-da54-48d4-adc7-467d950d210f", "url--58c65a64-da54-48d4-adc7-467d950d210f", "x-misp-attribute--58c65ad0-36f0-4563-9f6d-4db8950d210f", "indicator--58c667c9-d84c-4985-aac2-4b3e02de0b81", "indicator--58c667ca-eec4-4131-a1ce-49e002de0b81", "observed-data--58c667ca-da18-460d-8876-4e6702de0b81", "url--58c667ca-da18-460d-8876-4e6702de0b81", "indicator--58c667cb-7a5c-40e0-aab6-443002de0b81", "indicator--58c667cc-1820-4f5b-aac6-4f8d02de0b81", "observed-data--58c667cd-63cc-4eeb-b969-4dbe02de0b81", "url--58c667cd-63cc-4eeb-b969-4dbe02de0b81", "indicator--58c667ce-4488-4715-bf5d-4f5e02de0b81", "indicator--58c667ce-73ec-4b39-8f9d-4bfd02de0b81", "observed-data--58c667cf-37f0-4d8d-88f9-4b7302de0b81", "url--58c667cf-37f0-4d8d-88f9-4b7302de0b81", "indicator--58c667d0-7184-488c-9db2-414f02de0b81", "indicator--58c667d1-3f1c-43c1-b8e2-471802de0b81", "observed-data--58c667d2-51a4-4065-95e9-498302de0b81", "url--58c667d2-51a4-4065-95e9-498302de0b81", "indicator--58c667d3-ab38-411c-b6af-400602de0b81", "indicator--58c667d4-986c-44b1-ba66-499202de0b81", "observed-data--58c667d5-4a14-4d06-b213-4efb02de0b81", "url--58c667d5-4a14-4d06-b213-4efb02de0b81", "indicator--58c667d6-8cfc-43a7-ab2f-4f0c02de0b81", "indicator--58c667d7-3b44-4db8-97e1-411102de0b81", "observed-data--58c667d8-adf8-4d7e-8d5e-42f102de0b81", "url--58c667d8-adf8-4d7e-8d5e-42f102de0b81", "indicator--58c667d9-dce8-43d2-8d39-46be02de0b81", "indicator--58c667da-a238-4863-8123-47e202de0b81", "observed-data--58c667db-5510-499f-b2f4-4c7902de0b81", "url--58c667db-5510-499f-b2f4-4c7902de0b81", "indicator--58c667dc-03a4-4f7d-9798-44fc02de0b81", "indicator--58c667dd-55cc-4f36-8cfe-406002de0b81", "observed-data--58c667de-883c-4fbe-b76e-458902de0b81", "url--58c667de-883c-4fbe-b76e-458902de0b81", "indicator--58c667de-a078-4225-9eed-491902de0b81", "indicator--58c667df-5748-41ea-bced-4ef202de0b81", "observed-data--58c667e0-83cc-4fcd-9192-494b02de0b81", "url--58c667e0-83cc-4fcd-9192-494b02de0b81", "indicator--58c667e1-7638-45ea-9040-456402de0b81", "indicator--58c667e2-0814-4906-acb8-4aec02de0b81", "observed-data--58c667e3-e460-48ff-bda2-495b02de0b81", "url--58c667e3-e460-48ff-bda2-495b02de0b81", "indicator--58c667e4-f1b4-4a30-8765-4eba02de0b81", "indicator--58c667e5-0d08-4d9d-8c5f-42cf02de0b81", "observed-data--58c667e6-d8ec-4d05-8479-411902de0b81", "url--58c667e6-d8ec-4d05-8479-411902de0b81", "indicator--58c667e7-1e4c-4f0f-85d1-42c602de0b81", "indicator--58c667e8-c510-432d-bb0d-405e02de0b81", "observed-data--58c667e8-9bf0-423a-ba65-419e02de0b81", "url--58c667e8-9bf0-423a-ba65-419e02de0b81", "indicator--58c667e9-b4dc-4980-a0e8-4f5702de0b81", "indicator--58c667ea-ebfc-4691-a8b1-4ca902de0b81", "observed-data--58c667eb-6630-48a6-a79a-468502de0b81", "url--58c667eb-6630-48a6-a79a-468502de0b81", "indicator--58c667ec-23dc-44d1-a5d2-445902de0b81", "indicator--58c667ed-8674-4e8b-92a2-4d3902de0b81", "observed-data--58c667ed-328c-4051-b185-40ff02de0b81", "url--58c667ed-328c-4051-b185-40ff02de0b81", "indicator--58c667ee-16fc-4590-a78d-4c2d02de0b81", "indicator--58c667ef-f09c-4237-bddb-40c202de0b81", "observed-data--58c667f0-4a5c-48d2-bde8-41ac02de0b81", "url--58c667f0-4a5c-48d2-bde8-41ac02de0b81", "indicator--58c667f1-a538-4f33-975f-4c2002de0b81", "indicator--58c667f2-4514-484b-869a-4c4c02de0b81", "observed-data--58c667f2-7368-4486-acc5-4ec202de0b81", "url--58c667f2-7368-4486-acc5-4ec202de0b81", "indicator--58c667f3-5014-41b1-9401-45ab02de0b81", "indicator--58c667f4-cb6c-4173-a9b5-4fb002de0b81", "observed-data--58c667f5-ade4-4fab-9dc6-474e02de0b81", "url--58c667f5-ade4-4fab-9dc6-474e02de0b81", "indicator--58c667f6-cc18-4ce4-a920-44a002de0b81", "indicator--58c667f6-a658-4cd4-872b-47af02de0b81", "observed-data--58c667f7-944c-438a-8882-4c7702de0b81", "url--58c667f7-944c-438a-8882-4c7702de0b81", "indicator--58c667f8-0860-4789-9e1f-45d302de0b81", "indicator--58c667f9-6640-4312-9d9c-4b1802de0b81", "observed-data--58c667fa-f83c-4ee4-8605-428b02de0b81", "url--58c667fa-f83c-4ee4-8605-428b02de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65793-6518-45ec-a584-4407950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "description": "com.fone.player1", "pattern": "[file:hashes.SHA256 = '3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65794-fcec-472b-93f4-4713950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "description": "com.lu.compass", "pattern": "[file:hashes.SHA256 = 'f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65795-cd0c-4387-a77e-4dab950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65795-0660-4655-81ad-47bd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65796-5e24-4a35-b228-4a33950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65797-b748-4567-801d-4265950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65798-1d74-4e39-9092-45f0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c65799-3420-4b10-8ded-45dd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579a-7cf0-4896-8125-4860950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579a-be64-4337-a1fc-434f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579b-6668-4b05-a5ad-4b96950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '947574e790b1370e2a6b5f4738c8411c63bdca09a7455dd9297215bd161cd591']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579c-db6c-40c4-86ac-481c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579d-a18c-4501-a86b-4ae1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579d-6b70-4249-8aaa-4b83950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579e-c630-4903-a0f7-42b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c6579f-8c08-4175-ad8f-40c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c657a0-d6f0-4cab-9114-438d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c657a1-8434-4ec4-a52c-4517950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'c4eac5d13e58fb7d32a123105683a293f70456ffe43bb640a50fde22fe1334a2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c657a2-694c-43e8-af85-44e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = '92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c657a3-0de0-44f1-9a69-4cb7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c657a4-fd18-4687-baa0-4948950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "pattern": "[file:hashes.SHA256 = 'b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:34:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a08-4ee8-4909-958e-42da950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.fone.player1" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a09-ab54-4168-ac3b-413c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.lu.compass" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a0a-c670-4477-82ec-4218950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.kandian.hdtogoapp" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a0b-bbc0-4133-80d2-4f37950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.sds.android.ttpod" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a0b-4c38-4b04-a8a7-4041950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.baycode.mop" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a0c-a568-4e4c-9d33-4b70950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.iflytek.ringdiyclient" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a0d-8848-4b06-bd97-41e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.android.deketv" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a0e-eba4-4793-8b12-445d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.changba" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a0f-580c-4d47-8f8e-48e9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.example.loader" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a10-399c-4fd1-9f1d-4e4d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.armorforandroid.security" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a11-a5bc-4a00-8e42-4d0b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.android.ys.services" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a12-bff4-4cce-a75c-44e0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.mobogenie.daemon" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a13-a2d4-4be3-8525-4e98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.google.googlesearch" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a14-10dc-4bf3-85e9-4dad950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.skymobi.mopoplay.appstore" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a15-d7a4-44c7-9106-46dc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.yongfu.wenjianjiaguanli" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a15-f0f0-4df1-a35a-4b7b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "air.fyzb3" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a16-f5b4-44cc-ba41-4ada950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.ddev.downloader.v2" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a17-78f8-480a-9d4f-439a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.mojang.minecraftpe" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65a18-7de4-4678-be2c-4cdc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.androidhelper.sdk" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c65a64-da54-48d4-adc7-467d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "first_observed": "2017-03-13T09:34:24Z", "last_observed": "2017-03-13T09:34:24Z", "number_observed": 1, "object_refs": [ "url--58c65a64-da54-48d4-adc7-467d950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c65a64-da54-48d4-adc7-467d950d210f", "value": "http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58c65ad0-36f0-4563-9f6d-4db8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:34:24.000Z", "modified": "2017-03-13T09:34:24.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "The Check Point Mobile Threat Prevention has recently detected a severe infection in 38 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users\u00e2\u20ac\u2122 use, it arrived with it.\r\n\r\nAccording to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device\u00e2\u20ac\u2122s ROM using system privileges, meaning they couldn\u00e2\u20ac\u2122t be removed by the user and the device had to be re-flashed.\r\n\r\nBelow are two examples of the malware installation. The research team was able to determine when the manufacturer finished installing the system applications on the device, when the malware was installed, and when the user first received the device." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667c9-d84c-4985-aac2-4b3e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:05.000Z", "modified": "2017-03-13T09:35:05.000Z", "description": "- Xchecked via VT: b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750", "pattern": "[file:hashes.SHA1 = '4d1d840eedfb9bcfc481457f64dc5ac8644cca00']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:05Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ca-eec4-4131-a1ce-49e002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:06.000Z", "modified": "2017-03-13T09:35:06.000Z", "description": "- Xchecked via VT: b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750", "pattern": "[file:hashes.MD5 = '4a3a7b03c0d0460ed8c5beff5c20683c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667ca-da18-460d-8876-4e6702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:06.000Z", "modified": "2017-03-13T09:35:06.000Z", "first_observed": "2017-03-13T09:35:06Z", "last_observed": "2017-03-13T09:35:06Z", "number_observed": 1, "object_refs": [ "url--58c667ca-da18-460d-8876-4e6702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667ca-da18-460d-8876-4e6702de0b81", "value": "https://www.virustotal.com/file/b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750/analysis/1489193915/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667cb-7a5c-40e0-aab6-443002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:07.000Z", "modified": "2017-03-13T09:35:07.000Z", "description": "- Xchecked via VT: fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429", "pattern": "[file:hashes.SHA1 = '9c73e87bf6d952384dbd07e443e60e3e9f89d6f3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667cc-1820-4f5b-aac6-4f8d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:08.000Z", "modified": "2017-03-13T09:35:08.000Z", "description": "- Xchecked via VT: fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429", "pattern": "[file:hashes.MD5 = '7fff1e78089eb387b6adfa595385b2c9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667cd-63cc-4eeb-b969-4dbe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:09.000Z", "modified": "2017-03-13T09:35:09.000Z", "first_observed": "2017-03-13T09:35:09Z", "last_observed": "2017-03-13T09:35:09Z", "number_observed": 1, "object_refs": [ "url--58c667cd-63cc-4eeb-b969-4dbe02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667cd-63cc-4eeb-b969-4dbe02de0b81", "value": "https://www.virustotal.com/file/fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429/analysis/1489193914/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ce-4488-4715-bf5d-4f5e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:10.000Z", "modified": "2017-03-13T09:35:10.000Z", "description": "- Xchecked via VT: 92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f", "pattern": "[file:hashes.SHA1 = '76b2129426eecf9c3d9c29e27224768e6ad4ca34']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ce-73ec-4b39-8f9d-4bfd02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:10.000Z", "modified": "2017-03-13T09:35:10.000Z", "description": "- Xchecked via VT: 92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f", "pattern": "[file:hashes.MD5 = '1aac52b7d55f4c1c03c85ed067bf69d9']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667cf-37f0-4d8d-88f9-4b7302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:11.000Z", "modified": "2017-03-13T09:35:11.000Z", "first_observed": "2017-03-13T09:35:11Z", "last_observed": "2017-03-13T09:35:11Z", "number_observed": 1, "object_refs": [ "url--58c667cf-37f0-4d8d-88f9-4b7302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667cf-37f0-4d8d-88f9-4b7302de0b81", "value": "https://www.virustotal.com/file/92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f/analysis/1489193914/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667d0-7184-488c-9db2-414f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:12.000Z", "modified": "2017-03-13T09:35:12.000Z", "description": "- Xchecked via VT: e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d", "pattern": "[file:hashes.SHA1 = '41a6c329fece92290cfc4b4b8da85dc4f9cc9de3']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:12Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667d1-3f1c-43c1-b8e2-471802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:13.000Z", "modified": "2017-03-13T09:35:13.000Z", "description": "- Xchecked via VT: e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d", "pattern": "[file:hashes.MD5 = '51c328fccf1a8b4925054136ccdb1cda']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:13Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667d2-51a4-4065-95e9-498302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:14.000Z", "modified": "2017-03-13T09:35:14.000Z", "first_observed": "2017-03-13T09:35:14Z", "last_observed": "2017-03-13T09:35:14Z", "number_observed": 1, "object_refs": [ "url--58c667d2-51a4-4065-95e9-498302de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667d2-51a4-4065-95e9-498302de0b81", "value": "https://www.virustotal.com/file/e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d/analysis/1489193913/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667d3-ab38-411c-b6af-400602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:15.000Z", "modified": "2017-03-13T09:35:15.000Z", "description": "- Xchecked via VT: 1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e", "pattern": "[file:hashes.SHA1 = 'f1de6e5751b4ce8dfc5b21b2ad3b70d7a25001d1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667d4-986c-44b1-ba66-499202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:16.000Z", "modified": "2017-03-13T09:35:16.000Z", "description": "- Xchecked via VT: 1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e", "pattern": "[file:hashes.MD5 = '4e91ff9ac7e3e349b5b9fe36fb505cb4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667d5-4a14-4d06-b213-4efb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:17.000Z", "modified": "2017-03-13T09:35:17.000Z", "first_observed": "2017-03-13T09:35:17Z", "last_observed": "2017-03-13T09:35:17Z", "number_observed": 1, "object_refs": [ "url--58c667d5-4a14-4d06-b213-4efb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667d5-4a14-4d06-b213-4efb02de0b81", "value": "https://www.virustotal.com/file/1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e/analysis/1489193912/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667d6-8cfc-43a7-ab2f-4f0c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:18.000Z", "modified": "2017-03-13T09:35:18.000Z", "description": "- Xchecked via VT: 3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be", "pattern": "[file:hashes.SHA1 = 'c8014051ccd71ee4f2497bf0dbb1978d7ce812e0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667d7-3b44-4db8-97e1-411102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:19.000Z", "modified": "2017-03-13T09:35:19.000Z", "description": "- Xchecked via VT: 3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be", "pattern": "[file:hashes.MD5 = '59b62f8bc982b31d5e0411c74dbe0897']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667d8-adf8-4d7e-8d5e-42f102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:20.000Z", "modified": "2017-03-13T09:35:20.000Z", "first_observed": "2017-03-13T09:35:20Z", "last_observed": "2017-03-13T09:35:20Z", "number_observed": 1, "object_refs": [ "url--58c667d8-adf8-4d7e-8d5e-42f102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667d8-adf8-4d7e-8d5e-42f102de0b81", "value": "https://www.virustotal.com/file/3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be/analysis/1489193911/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667d9-dce8-43d2-8d39-46be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:21.000Z", "modified": "2017-03-13T09:35:21.000Z", "description": "- Xchecked via VT: 217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4", "pattern": "[file:hashes.SHA1 = '5843a3c3ddb8d392df55b4905145d7fb398e546b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:21Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667da-a238-4863-8123-47e202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:22.000Z", "modified": "2017-03-13T09:35:22.000Z", "description": "- Xchecked via VT: 217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4", "pattern": "[file:hashes.MD5 = '379ec59048488fdb74376c4ffa00d1be']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667db-5510-499f-b2f4-4c7902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:23.000Z", "modified": "2017-03-13T09:35:23.000Z", "first_observed": "2017-03-13T09:35:23Z", "last_observed": "2017-03-13T09:35:23Z", "number_observed": 1, "object_refs": [ "url--58c667db-5510-499f-b2f4-4c7902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667db-5510-499f-b2f4-4c7902de0b81", "value": "https://www.virustotal.com/file/217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4/analysis/1489193910/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667dc-03a4-4f7d-9798-44fc02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:24.000Z", "modified": "2017-03-13T09:35:24.000Z", "description": "- Xchecked via VT: 0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b", "pattern": "[file:hashes.SHA1 = '408f051ae5ccb844cc630e6178bb8643bbc2513b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667dd-55cc-4f36-8cfe-406002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:25.000Z", "modified": "2017-03-13T09:35:25.000Z", "description": "- Xchecked via VT: 0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b", "pattern": "[file:hashes.MD5 = '944850ee0b7fc774c055a2233478bb0f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667de-883c-4fbe-b76e-458902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:26.000Z", "modified": "2017-03-13T09:35:26.000Z", "first_observed": "2017-03-13T09:35:26Z", "last_observed": "2017-03-13T09:35:26Z", "number_observed": 1, "object_refs": [ "url--58c667de-883c-4fbe-b76e-458902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667de-883c-4fbe-b76e-458902de0b81", "value": "https://www.virustotal.com/file/0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b/analysis/1489376984/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667de-a078-4225-9eed-491902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:26.000Z", "modified": "2017-03-13T09:35:26.000Z", "description": "- Xchecked via VT: 0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778", "pattern": "[file:hashes.SHA1 = '5212c5266e251dec4a3fc45407a8b06ce41b52b0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667df-5748-41ea-bced-4ef202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:27.000Z", "modified": "2017-03-13T09:35:27.000Z", "description": "- Xchecked via VT: 0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778", "pattern": "[file:hashes.MD5 = '60806c69e0f4643609dcdf127c8e7ef5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667e0-83cc-4fcd-9192-494b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:28.000Z", "modified": "2017-03-13T09:35:28.000Z", "first_observed": "2017-03-13T09:35:28Z", "last_observed": "2017-03-13T09:35:28Z", "number_observed": 1, "object_refs": [ "url--58c667e0-83cc-4fcd-9192-494b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667e0-83cc-4fcd-9192-494b02de0b81", "value": "https://www.virustotal.com/file/0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778/analysis/1489193909/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667e1-7638-45ea-9040-456402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:29.000Z", "modified": "2017-03-13T09:35:29.000Z", "description": "- Xchecked via VT: e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff", "pattern": "[file:hashes.SHA1 = '02cc4cd5fbe40983ce084b9fa92d75c1d3da4954']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667e2-0814-4906-acb8-4aec02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:30.000Z", "modified": "2017-03-13T09:35:30.000Z", "description": "- Xchecked via VT: e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff", "pattern": "[file:hashes.MD5 = 'f48122e9f4333ba3bb77fac869043420']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667e3-e460-48ff-bda2-495b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:31.000Z", "modified": "2017-03-13T09:35:31.000Z", "first_observed": "2017-03-13T09:35:31Z", "last_observed": "2017-03-13T09:35:31Z", "number_observed": 1, "object_refs": [ "url--58c667e3-e460-48ff-bda2-495b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667e3-e460-48ff-bda2-495b02de0b81", "value": "https://www.virustotal.com/file/e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff/analysis/1489193909/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667e4-f1b4-4a30-8765-4eba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:32.000Z", "modified": "2017-03-13T09:35:32.000Z", "description": "- Xchecked via VT: a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1", "pattern": "[file:hashes.SHA1 = '3751ebbcdaf63d3036460a390370664996ef4e7c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667e5-0d08-4d9d-8c5f-42cf02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:33.000Z", "modified": "2017-03-13T09:35:33.000Z", "description": "- Xchecked via VT: a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1", "pattern": "[file:hashes.MD5 = '9ed38abb335f0101f55ad20bde8468dc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667e6-d8ec-4d05-8479-411902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:34.000Z", "modified": "2017-03-13T09:35:34.000Z", "first_observed": "2017-03-13T09:35:34Z", "last_observed": "2017-03-13T09:35:34Z", "number_observed": 1, "object_refs": [ "url--58c667e6-d8ec-4d05-8479-411902de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667e6-d8ec-4d05-8479-411902de0b81", "value": "https://www.virustotal.com/file/a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1/analysis/1489193908/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667e7-1e4c-4f0f-85d1-42c602de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:35.000Z", "modified": "2017-03-13T09:35:35.000Z", "description": "- Xchecked via VT: 01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a", "pattern": "[file:hashes.SHA1 = '7eb75fba47da4c5b4624a083d11cd80536c48c8d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667e8-c510-432d-bb0d-405e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:36.000Z", "modified": "2017-03-13T09:35:36.000Z", "description": "- Xchecked via VT: 01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a", "pattern": "[file:hashes.MD5 = 'fcbb243294bb87b039f113352a8db158']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667e8-9bf0-423a-ba65-419e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:36.000Z", "modified": "2017-03-13T09:35:36.000Z", "first_observed": "2017-03-13T09:35:36Z", "last_observed": "2017-03-13T09:35:36Z", "number_observed": 1, "object_refs": [ "url--58c667e8-9bf0-423a-ba65-419e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667e8-9bf0-423a-ba65-419e02de0b81", "value": "https://www.virustotal.com/file/01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a/analysis/1489193907/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667e9-b4dc-4980-a0e8-4f5702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:37.000Z", "modified": "2017-03-13T09:35:37.000Z", "description": "- Xchecked via VT: e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b", "pattern": "[file:hashes.SHA1 = '0845ad3fb76ae29372211368827e1c023b0b83ac']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ea-ebfc-4691-a8b1-4ca902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:38.000Z", "modified": "2017-03-13T09:35:38.000Z", "description": "- Xchecked via VT: e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b", "pattern": "[file:hashes.MD5 = '0e987ba8da76f93e8e541150d08e2045']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667eb-6630-48a6-a79a-468502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:39.000Z", "modified": "2017-03-13T09:35:39.000Z", "first_observed": "2017-03-13T09:35:39Z", "last_observed": "2017-03-13T09:35:39Z", "number_observed": 1, "object_refs": [ "url--58c667eb-6630-48a6-a79a-468502de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667eb-6630-48a6-a79a-468502de0b81", "value": "https://www.virustotal.com/file/e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b/analysis/1489370659/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ec-23dc-44d1-a5d2-445902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:40.000Z", "modified": "2017-03-13T09:35:40.000Z", "description": "- Xchecked via VT: 998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea", "pattern": "[file:hashes.SHA1 = '99a077ac5ed849f0c568ad05ac2fb5e8aa7b1a07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ed-8674-4e8b-92a2-4d3902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:41.000Z", "modified": "2017-03-13T09:35:41.000Z", "description": "- Xchecked via VT: 998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea", "pattern": "[file:hashes.MD5 = '4d904a24f8f4c52726eb340b329731dd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667ed-328c-4051-b185-40ff02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:41.000Z", "modified": "2017-03-13T09:35:41.000Z", "first_observed": "2017-03-13T09:35:41Z", "last_observed": "2017-03-13T09:35:41Z", "number_observed": 1, "object_refs": [ "url--58c667ed-328c-4051-b185-40ff02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667ed-328c-4051-b185-40ff02de0b81", "value": "https://www.virustotal.com/file/998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea/analysis/1489193906/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ee-16fc-4590-a78d-4c2d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:42.000Z", "modified": "2017-03-13T09:35:42.000Z", "description": "- Xchecked via VT: 39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1", "pattern": "[file:hashes.SHA1 = '3468577e251f23950b05b18cee2dbf06b3a4887d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667ef-f09c-4237-bddb-40c202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:43.000Z", "modified": "2017-03-13T09:35:43.000Z", "description": "- Xchecked via VT: 39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1", "pattern": "[file:hashes.MD5 = '629da296cba945662e436bbe10a5cdaa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667f0-4a5c-48d2-bde8-41ac02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:44.000Z", "modified": "2017-03-13T09:35:44.000Z", "first_observed": "2017-03-13T09:35:44Z", "last_observed": "2017-03-13T09:35:44Z", "number_observed": 1, "object_refs": [ "url--58c667f0-4a5c-48d2-bde8-41ac02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667f0-4a5c-48d2-bde8-41ac02de0b81", "value": "https://www.virustotal.com/file/39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1/analysis/1489193905/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f1-a538-4f33-975f-4c2002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:45.000Z", "modified": "2017-03-13T09:35:45.000Z", "description": "- Xchecked via VT: 936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b", "pattern": "[file:hashes.SHA1 = '20f0ddd13c1bbdef8062f878b6a467b933496fa5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f2-4514-484b-869a-4c4c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:46.000Z", "modified": "2017-03-13T09:35:46.000Z", "description": "- Xchecked via VT: 936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b", "pattern": "[file:hashes.MD5 = 'd5f5480a7b29ffd51c718b63d1ffa165']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667f2-7368-4486-acc5-4ec202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:46.000Z", "modified": "2017-03-13T09:35:46.000Z", "first_observed": "2017-03-13T09:35:46Z", "last_observed": "2017-03-13T09:35:46Z", "number_observed": 1, "object_refs": [ "url--58c667f2-7368-4486-acc5-4ec202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667f2-7368-4486-acc5-4ec202de0b81", "value": "https://www.virustotal.com/file/936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b/analysis/1489193905/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f3-5014-41b1-9401-45ab02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:47.000Z", "modified": "2017-03-13T09:35:47.000Z", "description": "- Xchecked via VT: b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b", "pattern": "[file:hashes.SHA1 = 'e71933f29d8d2a2cf4fdefd9a056b23e8d6028a8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f4-cb6c-4173-a9b5-4fb002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:48.000Z", "modified": "2017-03-13T09:35:48.000Z", "description": "- Xchecked via VT: b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b", "pattern": "[file:hashes.MD5 = '660638f5212ef61891090200c354a6d5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667f5-ade4-4fab-9dc6-474e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:49.000Z", "modified": "2017-03-13T09:35:49.000Z", "first_observed": "2017-03-13T09:35:49Z", "last_observed": "2017-03-13T09:35:49Z", "number_observed": 1, "object_refs": [ "url--58c667f5-ade4-4fab-9dc6-474e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667f5-ade4-4fab-9dc6-474e02de0b81", "value": "https://www.virustotal.com/file/b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b/analysis/1489193904/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f6-cc18-4ce4-a920-44a002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:50.000Z", "modified": "2017-03-13T09:35:50.000Z", "description": "com.lu.compass - Xchecked via VT: f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c", "pattern": "[file:hashes.SHA1 = '13542eec9b7704bbaf7302210bfde52e6523b440']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f6-a658-4cd4-872b-47af02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:50.000Z", "modified": "2017-03-13T09:35:50.000Z", "description": "com.lu.compass - Xchecked via VT: f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c", "pattern": "[file:hashes.MD5 = '3f188b9aa8f739ee0ed572992a21b118']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667f7-944c-438a-8882-4c7702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:51.000Z", "modified": "2017-03-13T09:35:51.000Z", "first_observed": "2017-03-13T09:35:51Z", "last_observed": "2017-03-13T09:35:51Z", "number_observed": 1, "object_refs": [ "url--58c667f7-944c-438a-8882-4c7702de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667f7-944c-438a-8882-4c7702de0b81", "value": "https://www.virustotal.com/file/f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c/analysis/1489193903/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f8-0860-4789-9e1f-45d302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:52.000Z", "modified": "2017-03-13T09:35:52.000Z", "description": "com.fone.player1 - Xchecked via VT: 3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f", "pattern": "[file:hashes.SHA1 = '9b35e4c31a55031cfae0d2f7a6c12625f0a296cf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58c667f9-6640-4312-9d9c-4b1802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:53.000Z", "modified": "2017-03-13T09:35:53.000Z", "description": "com.fone.player1 - Xchecked via VT: 3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f", "pattern": "[file:hashes.MD5 = '41b1f607f153a28a67629617d3fe1007']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-13T09:35:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58c667fa-f83c-4ee4-8605-428b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-13T09:35:54.000Z", "modified": "2017-03-13T09:35:54.000Z", "first_observed": "2017-03-13T09:35:54Z", "last_observed": "2017-03-13T09:35:54Z", "number_observed": 1, "object_refs": [ "url--58c667fa-f83c-4ee4-8605-428b02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58c667fa-f83c-4ee4-8605-428b02de0b81", "value": "https://www.virustotal.com/file/3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f/analysis/1489193903/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }