{ "type": "bundle", "id": "bundle--598dc10d-2e10-4de5-8745-433202de0b81", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--598dc10d-2e10-4de5-8745-433202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "name": "OSINT - Fake Snapchat in Google Play Store", "published": "2017-08-11T14:40:32Z", "object_refs": [ "observed-data--598dc128-b620-491f-902c-4df402de0b81", "url--598dc128-b620-491f-902c-4df402de0b81", "x-misp-attribute--598dc141-218c-4086-b974-497e02de0b81", "x-misp-attribute--598dc195-e494-4617-a1e4-486302de0b81", "indicator--598dc1b5-d13c-4fb5-a52d-44ca02de0b81", "indicator--598dc1be-1174-4856-a6e8-4dc702de0b81", "indicator--598dc1be-80cc-4105-a841-430f02de0b81", "observed-data--598dc1be-ccb4-4eea-8924-44e802de0b81", "url--598dc1be-ccb4-4eea-8924-44e802de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "ms-caro-malware:malware-platform=\"AndroidOS\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--598dc128-b620-491f-902c-4df402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "first_observed": "2017-08-11T14:39:58Z", "last_observed": "2017-08-11T14:39:58Z", "number_observed": 1, "object_refs": [ "url--598dc128-b620-491f-902c-4df402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--598dc128-b620-491f-902c-4df402de0b81", "value": "https://blog.zimperium.com/fake-snapchat-google-play-store/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--598dc141-218c-4086-b974-497e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store; At the time of our discovery, it was the second result when searching for \u00e2\u20ac\u0153Snapchat\u00e2\u20ac\u009d. The fake version of Snapchat app is using \u00e2\u20ac\u0153Snap Inc .\u00e2\u20ac\u009d as Company Name, with a \u00e2\u20ac\u009d .\u00e2\u20ac\u009d appended to original name." }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--598dc195-e494-4617-a1e4-486302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.snacha.android" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--598dc1b5-d13c-4fb5-a52d-44ca02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "pattern": "[file:hashes.SHA256 = 'f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-08-11T14:39:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--598dc1be-1174-4856-a6e8-4dc702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "description": "- Xchecked via VT: f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146", "pattern": "[file:hashes.SHA1 = '41859c0fe79f625ddcc0f851519a811c2d017a18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-08-11T14:39:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--598dc1be-80cc-4105-a841-430f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "description": "- Xchecked via VT: f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146", "pattern": "[file:hashes.MD5 = '510f1c68f93ff812e07ffe8caf609a63']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-08-11T14:39:58Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--598dc1be-ccb4-4eea-8924-44e802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-08-11T14:39:58.000Z", "modified": "2017-08-11T14:39:58.000Z", "first_observed": "2017-08-11T14:39:58Z", "last_observed": "2017-08-11T14:39:58Z", "number_observed": 1, "object_refs": [ "url--598dc1be-ccb4-4eea-8924-44e802de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--598dc1be-ccb4-4eea-8924-44e802de0b81", "value": "https://www.virustotal.com/file/f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146/analysis/1502452010/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }