{ "type": "bundle", "id": "bundle--58b7da09-466c-4c5e-bb8d-4dd2950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--58b7da09-466c-4c5e-bb8d-4dd2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "name": "OSINT - Google Play Apps Infected with Malicious IFrames", "published": "2017-03-02T08:46:59Z", "object_refs": [ "x-misp-attribute--58b7da24-68e0-4673-88cf-45a0950d210f", "observed-data--58b7da36-c774-40af-9de8-495e950d210f", "url--58b7da36-c774-40af-9de8-495e950d210f", "indicator--58b7dae4-c460-4021-8950-4872950d210f", "indicator--58b7dae5-0178-4517-b1f4-4381950d210f", "indicator--58b7dae6-99f4-49ac-8742-4572950d210f", "indicator--58b7dae7-d934-491e-bdcd-436e950d210f", "indicator--58b7dae8-acdc-4414-976a-4b81950d210f", "indicator--58b7dae9-a714-4d6e-962e-4d5d950d210f", "indicator--58b7dae9-6f88-40a3-a749-4c1f950d210f", "indicator--58b7dafd-a9e4-46df-a212-4b07950d210f", "indicator--58b7dafe-791c-46cc-b4f8-479b950d210f", "indicator--58b7db1a-f024-417f-b30b-4a28950d210f", "indicator--58b7db1b-81a0-4fad-ac39-411d950d210f", "x-misp-attribute--58b7db5c-24d0-4982-893b-4733950d210f", "x-misp-attribute--58b7db5d-9bb0-4bc2-abf6-4927950d210f", "x-misp-attribute--58b7db5e-2ee0-4683-a6e4-4556950d210f", "x-misp-attribute--58b7db5f-3a44-4066-9df2-4fd5950d210f", "x-misp-attribute--58b7db60-1c68-4da8-b68e-492d950d210f", "x-misp-attribute--58b7db61-a4a4-4f69-8012-4104950d210f", "x-misp-attribute--58b7db62-58ec-47a1-8311-41b1950d210f", "indicator--58b7dbb5-6390-4bf1-9e09-476b02de0b81", "indicator--58b7dbb6-ff50-44bb-9039-4da902de0b81", "observed-data--58b7dbb7-d870-4686-8a2e-4ed102de0b81", "url--58b7dbb7-d870-4686-8a2e-4ed102de0b81", "indicator--58b7dbb8-6ca8-49f6-9165-408802de0b81", "indicator--58b7dbb8-d2f0-4856-ba60-409b02de0b81", "observed-data--58b7dbb9-fee4-4d23-901c-47bb02de0b81", "url--58b7dbb9-fee4-4d23-901c-47bb02de0b81", "indicator--58b7dbba-5fe8-4b30-be42-467802de0b81", "indicator--58b7dbbb-16d0-46a2-92b2-447f02de0b81", "observed-data--58b7dbbb-400c-40e0-9b27-431e02de0b81", "url--58b7dbbb-400c-40e0-9b27-431e02de0b81", "indicator--58b7dbbc-e7a8-4edf-b5de-47b502de0b81", "indicator--58b7dbbd-3d50-4b5c-8112-4aba02de0b81", "observed-data--58b7dbbe-0c1c-49db-b0bb-487102de0b81", "url--58b7dbbe-0c1c-49db-b0bb-487102de0b81", "indicator--58b7dbbe-58a8-4f50-ac23-4f3102de0b81", "indicator--58b7dbbf-c7c0-45a6-b750-481c02de0b81", "observed-data--58b7dbc0-1754-4970-bdb8-4e6402de0b81", "url--58b7dbc0-1754-4970-bdb8-4e6402de0b81", "indicator--58b7dbc1-fb38-42bb-aac3-422402de0b81", "indicator--58b7dbc2-ddd4-44fb-867f-4a9d02de0b81", "observed-data--58b7dbc3-da58-4150-91c0-499002de0b81", "url--58b7dbc3-da58-4150-91c0-499002de0b81", "indicator--58b7dbc4-afd8-4732-839b-406802de0b81", "indicator--58b7dbc5-c380-47b8-a7c4-41fe02de0b81", "observed-data--58b7dbc6-fe44-4108-960f-4cb002de0b81", "url--58b7dbc6-fe44-4108-960f-4cb002de0b81" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "admiralty-scale:source-reliability=\"b\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7da24-68e0-4673-88cf-45a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "admiralty-scale:source-reliability=\"b\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "Recently, we have discovered 132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages, with the most popular one having more than 10,000 installs alone. Our investigation indicates that the developers of these infected apps are not to blame, but are more likely victims themselves. We believe it is most likely that the app developers\u00e2\u20ac\u2122 development platforms were infected with malware that searches for HTML pages and injects malicious content at the end of the HTML pages it finds. If this is this case, this is another situation where mobile malware originated from infected development platforms without developers\u00e2\u20ac\u2122 awareness. We have reported our findings to Google Security Team and all infected apps have been removed from Google Play." }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7da36-c774-40af-9de8-495e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "first_observed": "2017-03-02T08:45:22Z", "last_observed": "2017-03-02T08:45:22Z", "number_observed": 1, "object_refs": [ "url--58b7da36-c774-40af-9de8-495e950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "admiralty-scale:source-reliability=\"b\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7da36-c774-40af-9de8-495e950d210f", "value": "http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dae4-c460-4021-8950-4872950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "com.aaronbalderapps.awesome3dstreetart", "pattern": "[file:hashes.SHA256 = 'c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dae5-0178-4517-b1f4-4381950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "com.aaronbalderapps.awesomecheesecakeideas", "pattern": "[file:hashes.SHA256 = 'a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dae6-99f4-49ac-8742-4572950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "com.aaronbalderapps.babyroomdesignideas", "pattern": "[file:hashes.SHA256 = '1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dae7-d934-491e-bdcd-436e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "com.aaronbalderapps.backyardwoodprojects", "pattern": "[file:hashes.SHA256 = 'db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dae8-acdc-4414-976a-4b81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "com.aaronbalderapps.bathroominteriordesigns", "pattern": "[file:hashes.SHA256 = '28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dae9-a714-4d6e-962e-4d5d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "com.aaronbalderapps.beautifulbotanicalgardens", "pattern": "[file:hashes.SHA256 = 'b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dae9-6f88-40a3-a749-4c1f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "com.aaronbalderapps.bedroomdesign5d", "pattern": "[file:hashes.SHA256 = 'd6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dafd-a9e4-46df-a212-4b07950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "Malicious urls", "pattern": "[url:value = 'www.Brenz.pl/rc/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dafe-791c-46cc-b4f8-479b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "description": "Malicious urls", "pattern": "[url:value = 'jL.chura.pl/rc/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7db1a-f024-417f-b30b-4a28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "pattern": "[domain-name:value = 'brenz.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7db1b-81a0-4fad-ac39-411d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "pattern": "[domain-name:value = 'jl.chura.pl']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7db5c-24d0-4982-893b-4733950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.aaronbalderapps.awesome3dstreetart" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7db5d-9bb0-4bc2-abf6-4927950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.aaronbalderapps.awesomecheesecakeideas" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7db5e-2ee0-4683-a6e4-4556950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.aaronbalderapps.babyroomdesignideas" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7db5f-3a44-4066-9df2-4fd5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.aaronbalderapps.backyardwoodprojects" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7db60-1c68-4da8-b68e-492d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.aaronbalderapps.bathroominteriordesigns" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7db61-a4a4-4f69-8012-4104950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.aaronbalderapps.beautifulbotanicalgardens" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--58b7db62-58ec-47a1-8311-41b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:22.000Z", "modified": "2017-03-02T08:45:22.000Z", "labels": [ "misp:type=\"mobile-application-id\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ], "x_misp_category": "Payload delivery", "x_misp_type": "mobile-application-id", "x_misp_value": "com.aaronbalderapps.bedroomdesign5d" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbb5-6390-4bf1-9e09-476b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:41.000Z", "modified": "2017-03-02T08:45:41.000Z", "description": "com.aaronbalderapps.bedroomdesign5d - Xchecked via VT: d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678", "pattern": "[file:hashes.SHA1 = '4e61c0e8c198ea73207462376b392c493adad5ce']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbb6-ff50-44bb-9039-4da902de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:42.000Z", "modified": "2017-03-02T08:45:42.000Z", "description": "com.aaronbalderapps.bedroomdesign5d - Xchecked via VT: d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678", "pattern": "[file:hashes.MD5 = '9e6fa2164bc6af43451c2128e676d08f']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7dbb7-d870-4686-8a2e-4ed102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:43.000Z", "modified": "2017-03-02T08:45:43.000Z", "first_observed": "2017-03-02T08:45:43Z", "last_observed": "2017-03-02T08:45:43Z", "number_observed": 1, "object_refs": [ "url--58b7dbb7-d870-4686-8a2e-4ed102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7dbb7-d870-4686-8a2e-4ed102de0b81", "value": "https://www.virustotal.com/file/d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678/analysis/1482024647/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbb8-6ca8-49f6-9165-408802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:44.000Z", "modified": "2017-03-02T08:45:44.000Z", "description": "com.aaronbalderapps.beautifulbotanicalgardens - Xchecked via VT: b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5", "pattern": "[file:hashes.SHA1 = '23423929bf8e7d1a28e6d019ab374076bb613185']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbb8-d2f0-4856-ba60-409b02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:44.000Z", "modified": "2017-03-02T08:45:44.000Z", "description": "com.aaronbalderapps.beautifulbotanicalgardens - Xchecked via VT: b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5", "pattern": "[file:hashes.MD5 = 'db2f580568af363b091088b4b3a8b427']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7dbb9-fee4-4d23-901c-47bb02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:45.000Z", "modified": "2017-03-02T08:45:45.000Z", "first_observed": "2017-03-02T08:45:45Z", "last_observed": "2017-03-02T08:45:45Z", "number_observed": 1, "object_refs": [ "url--58b7dbb9-fee4-4d23-901c-47bb02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7dbb9-fee4-4d23-901c-47bb02de0b81", "value": "https://www.virustotal.com/file/b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5/analysis/1482024641/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbba-5fe8-4b30-be42-467802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:46.000Z", "modified": "2017-03-02T08:45:46.000Z", "description": "com.aaronbalderapps.bathroominteriordesigns - Xchecked via VT: 28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed", "pattern": "[file:hashes.SHA1 = '6a024c7de79a5fa0af6acdf88f5f665a75e9e176']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbbb-16d0-46a2-92b2-447f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:47.000Z", "modified": "2017-03-02T08:45:47.000Z", "description": "com.aaronbalderapps.bathroominteriordesigns - Xchecked via VT: 28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed", "pattern": "[file:hashes.MD5 = '10a97ac50e8965b6a666aa4304c93581']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7dbbb-400c-40e0-9b27-431e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:47.000Z", "modified": "2017-03-02T08:45:47.000Z", "first_observed": "2017-03-02T08:45:47Z", "last_observed": "2017-03-02T08:45:47Z", "number_observed": 1, "object_refs": [ "url--58b7dbbb-400c-40e0-9b27-431e02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7dbbb-400c-40e0-9b27-431e02de0b81", "value": "https://www.virustotal.com/file/28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed/analysis/1481336217/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbbc-e7a8-4edf-b5de-47b502de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:48.000Z", "modified": "2017-03-02T08:45:48.000Z", "description": "com.aaronbalderapps.backyardwoodprojects - Xchecked via VT: db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6", "pattern": "[file:hashes.SHA1 = 'e00529b31800ab2f0987ee7999f0b9dbe1a5a7a7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbbd-3d50-4b5c-8112-4aba02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:49.000Z", "modified": "2017-03-02T08:45:49.000Z", "description": "com.aaronbalderapps.backyardwoodprojects - Xchecked via VT: db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6", "pattern": "[file:hashes.MD5 = 'c92a2d02f0a610f4087c858f15955de6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:49Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7dbbe-0c1c-49db-b0bb-487102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:50.000Z", "modified": "2017-03-02T08:45:50.000Z", "first_observed": "2017-03-02T08:45:50Z", "last_observed": "2017-03-02T08:45:50Z", "number_observed": 1, "object_refs": [ "url--58b7dbbe-0c1c-49db-b0bb-487102de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7dbbe-0c1c-49db-b0bb-487102de0b81", "value": "https://www.virustotal.com/file/db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6/analysis/1481336222/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbbe-58a8-4f50-ac23-4f3102de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:50.000Z", "modified": "2017-03-02T08:45:50.000Z", "description": "com.aaronbalderapps.babyroomdesignideas - Xchecked via VT: 1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8", "pattern": "[file:hashes.SHA1 = '904ae08d33f1c01262f0ac2e4489782066c7ef26']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbbf-c7c0-45a6-b750-481c02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:51.000Z", "modified": "2017-03-02T08:45:51.000Z", "description": "com.aaronbalderapps.babyroomdesignideas - Xchecked via VT: 1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8", "pattern": "[file:hashes.MD5 = 'd53a2f554d00026bd9af5d4d33764357']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7dbc0-1754-4970-bdb8-4e6402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:52.000Z", "modified": "2017-03-02T08:45:52.000Z", "first_observed": "2017-03-02T08:45:52Z", "last_observed": "2017-03-02T08:45:52Z", "number_observed": 1, "object_refs": [ "url--58b7dbc0-1754-4970-bdb8-4e6402de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7dbc0-1754-4970-bdb8-4e6402de0b81", "value": "https://www.virustotal.com/file/1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8/analysis/1488422194/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbc1-fb38-42bb-aac3-422402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:53.000Z", "modified": "2017-03-02T08:45:53.000Z", "description": "com.aaronbalderapps.awesomecheesecakeideas - Xchecked via VT: a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268", "pattern": "[file:hashes.SHA1 = '592c497851b9604b1575413f637479a6b330819e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbc2-ddd4-44fb-867f-4a9d02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:54.000Z", "modified": "2017-03-02T08:45:54.000Z", "description": "com.aaronbalderapps.awesomecheesecakeideas - Xchecked via VT: a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268", "pattern": "[file:hashes.MD5 = '2894e4f2f66d5f85d561dde63a6f7b33']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7dbc3-da58-4150-91c0-499002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:55.000Z", "modified": "2017-03-02T08:45:55.000Z", "first_observed": "2017-03-02T08:45:55Z", "last_observed": "2017-03-02T08:45:55Z", "number_observed": 1, "object_refs": [ "url--58b7dbc3-da58-4150-91c0-499002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7dbc3-da58-4150-91c0-499002de0b81", "value": "https://www.virustotal.com/file/a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268/analysis/1468332857/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbc4-afd8-4732-839b-406802de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:56.000Z", "modified": "2017-03-02T08:45:56.000Z", "description": "com.aaronbalderapps.awesome3dstreetart - Xchecked via VT: c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61", "pattern": "[file:hashes.SHA1 = '5ca403bf95c84f093cfb239a2e3c15bc78e94466']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--58b7dbc5-c380-47b8-a7c4-41fe02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:57.000Z", "modified": "2017-03-02T08:45:57.000Z", "description": "com.aaronbalderapps.awesome3dstreetart - Xchecked via VT: c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61", "pattern": "[file:hashes.MD5 = '365f63f870712a0046474c200737cff2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-03-02T08:45:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--58b7dbc6-fe44-4108-960f-4cb002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-03-02T08:45:58.000Z", "modified": "2017-03-02T08:45:58.000Z", "first_observed": "2017-03-02T08:45:58Z", "last_observed": "2017-03-02T08:45:58Z", "number_observed": 1, "object_refs": [ "url--58b7dbc6-fe44-4108-960f-4cb002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--58b7dbc6-fe44-4108-960f-4cb002de0b81", "value": "https://www.virustotal.com/file/c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61/analysis/1488422159/" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }