{ "type": "bundle", "id": "bundle--582adfcb-6640-46bf-ba1f-4aca950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:43:55.000Z", "modified": "2016-11-15T10:43:55.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--582adfcb-6640-46bf-ba1f-4aca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:43:55.000Z", "modified": "2016-11-15T10:43:55.000Z", "name": "OSINT - HackingTeam back for your Androids, now extra insecure!", "published": "2016-11-15T10:44:39Z", "object_refs": [ "observed-data--582adfde-3f7c-47f7-82ac-4146950d210f", "url--582adfde-3f7c-47f7-82ac-4146950d210f", "indicator--582ae025-fbc0-4426-b31c-4f6d950d210f", "indicator--582ae025-9014-49d4-8258-43e3950d210f", "indicator--582ae025-8698-43d4-b114-41bb950d210f", "indicator--582ae026-de30-4ef7-a4b9-49ca950d210f", "indicator--582ae5ec-8338-4d70-84bc-435e02de0b81", "indicator--582ae5ec-addc-4442-928a-427e02de0b81", "observed-data--582ae5ec-7c10-4df6-bda2-4d6002de0b81", "url--582ae5ec-7c10-4df6-bda2-4d6002de0b81", "indicator--582ae5ed-3c64-48ad-b8bb-4b3e02de0b81", "indicator--582ae5ed-c588-46b4-8052-40a402de0b81", "observed-data--582ae5ed-7e94-4dfd-8e88-45be02de0b81", "url--582ae5ed-7e94-4dfd-8e88-45be02de0b81", "indicator--582ae5ed-5080-4e70-b5e4-4e0302de0b81", "indicator--582ae5ee-a844-4b86-9e4e-449f02de0b81", "observed-data--582ae5ee-92e0-45eb-9e4d-40f202de0b81", "url--582ae5ee-92e0-45eb-9e4d-40f202de0b81", "indicator--582ae5ee-97cc-4e28-8b99-45c702de0b81", "indicator--582ae5ee-4ef4-44ab-9022-46fa02de0b81", "observed-data--582ae5ee-9580-4da9-9118-48ad02de0b81", "url--582ae5ee-9580-4da9-9118-48ad02de0b81", "indicator--582ae62d-3180-4824-b898-40af950d210f", "indicator--582ae678-60f4-49dd-9680-4533950d210f", "indicator--582ae695-7fd8-4183-b00e-484f950d210f", "x-misp-attribute--582ae6df-a770-49ef-ad0b-4c77950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "osint:source-type=\"blog-post\"", "ms-caro-malware:malware-platform=\"AndroidOS\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--582adfde-3f7c-47f7-82ac-4146950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:13:50.000Z", "modified": "2016-11-15T10:13:50.000Z", "first_observed": "2016-11-15T10:13:50Z", "last_observed": "2016-11-15T10:13:50Z", "number_observed": 1, "object_refs": [ "url--582adfde-3f7c-47f7-82ac-4146950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--582adfde-3f7c-47f7-82ac-4146950d210f", "value": "http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae025-fbc0-4426-b31c-4f6d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:15:01.000Z", "modified": "2016-11-15T10:15:01.000Z", "pattern": "[file:hashes.SHA256 = '07278c56973d609caa5f9eb2393d9b1eb41964d24e7e9e7a7e7f9fdfb2bb4c31']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:15:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae025-9014-49d4-8258-43e3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:15:01.000Z", "modified": "2016-11-15T10:15:01.000Z", "pattern": "[file:hashes.SHA256 = 'ed33b83be3af715d3fd8ba6ac8b2b551a16697c5a37a9fcebfc40a024cc9b818']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:15:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae025-8698-43d4-b114-41bb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:15:01.000Z", "modified": "2016-11-15T10:15:01.000Z", "pattern": "[file:hashes.SHA256 = 'e362a037e70517565d28ab85959e6c9d231b2baf0c2df3b87dfaa1451278e80c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:15:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae026-de30-4ef7-a4b9-49ca950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:15:02.000Z", "modified": "2016-11-15T10:15:02.000Z", "pattern": "[file:hashes.SHA256 = '87efe6a1cbf4d4481c6fa6e2c70a26a0b50a460557a1ad876af9966a571f8a4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:15:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha256\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ec-8338-4d70-84bc-435e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:40.000Z", "modified": "2016-11-15T10:39:40.000Z", "description": "- Xchecked via VT: 87efe6a1cbf4d4481c6fa6e2c70a26a0b50a460557a1ad876af9966a571f8a4c", "pattern": "[file:hashes.SHA1 = '03ea8043d16ecb9a462cc99d26b80889671e7621']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ec-addc-4442-928a-427e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:40.000Z", "modified": "2016-11-15T10:39:40.000Z", "description": "- Xchecked via VT: 87efe6a1cbf4d4481c6fa6e2c70a26a0b50a460557a1ad876af9966a571f8a4c", "pattern": "[file:hashes.MD5 = 'badbbb8189d3aa6d0352bf8a02c1e79d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--582ae5ec-7c10-4df6-bda2-4d6002de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:40.000Z", "modified": "2016-11-15T10:39:40.000Z", "first_observed": "2016-11-15T10:39:40Z", "last_observed": "2016-11-15T10:39:40Z", "number_observed": 1, "object_refs": [ "url--582ae5ec-7c10-4df6-bda2-4d6002de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--582ae5ec-7c10-4df6-bda2-4d6002de0b81", "value": "https://www.virustotal.com/file/87efe6a1cbf4d4481c6fa6e2c70a26a0b50a460557a1ad876af9966a571f8a4c/analysis/1479180111/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ed-3c64-48ad-b8bb-4b3e02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:41.000Z", "modified": "2016-11-15T10:39:41.000Z", "description": "- Xchecked via VT: e362a037e70517565d28ab85959e6c9d231b2baf0c2df3b87dfaa1451278e80c", "pattern": "[file:hashes.SHA1 = 'a65f80a623269307067416225ce2a6cfc0557ac4']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ed-c588-46b4-8052-40a402de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:41.000Z", "modified": "2016-11-15T10:39:41.000Z", "description": "- Xchecked via VT: e362a037e70517565d28ab85959e6c9d231b2baf0c2df3b87dfaa1451278e80c", "pattern": "[file:hashes.MD5 = 'cbd1c2db9ffc6b67cea46d271594c2ae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--582ae5ed-7e94-4dfd-8e88-45be02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:41.000Z", "modified": "2016-11-15T10:39:41.000Z", "first_observed": "2016-11-15T10:39:41Z", "last_observed": "2016-11-15T10:39:41Z", "number_observed": 1, "object_refs": [ "url--582ae5ed-7e94-4dfd-8e88-45be02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--582ae5ed-7e94-4dfd-8e88-45be02de0b81", "value": "https://www.virustotal.com/file/e362a037e70517565d28ab85959e6c9d231b2baf0c2df3b87dfaa1451278e80c/analysis/1479180040/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ed-5080-4e70-b5e4-4e0302de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:41.000Z", "modified": "2016-11-15T10:39:41.000Z", "description": "- Xchecked via VT: ed33b83be3af715d3fd8ba6ac8b2b551a16697c5a37a9fcebfc40a024cc9b818", "pattern": "[file:hashes.SHA1 = 'f60c545f08c74de317458c416a8768835bafe41b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ee-a844-4b86-9e4e-449f02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:42.000Z", "modified": "2016-11-15T10:39:42.000Z", "description": "- Xchecked via VT: ed33b83be3af715d3fd8ba6ac8b2b551a16697c5a37a9fcebfc40a024cc9b818", "pattern": "[file:hashes.MD5 = '3c1055f19971d580ef9ced172d8eba3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--582ae5ee-92e0-45eb-9e4d-40f202de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:42.000Z", "modified": "2016-11-15T10:39:42.000Z", "first_observed": "2016-11-15T10:39:42Z", "last_observed": "2016-11-15T10:39:42Z", "number_observed": 1, "object_refs": [ "url--582ae5ee-92e0-45eb-9e4d-40f202de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--582ae5ee-92e0-45eb-9e4d-40f202de0b81", "value": "https://www.virustotal.com/file/ed33b83be3af715d3fd8ba6ac8b2b551a16697c5a37a9fcebfc40a024cc9b818/analysis/1477481986/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ee-97cc-4e28-8b99-45c702de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:42.000Z", "modified": "2016-11-15T10:39:42.000Z", "description": "- Xchecked via VT: 07278c56973d609caa5f9eb2393d9b1eb41964d24e7e9e7a7e7f9fdfb2bb4c31", "pattern": "[file:hashes.SHA1 = 'c0802514739173623a319db4551f88d2ca71bdb2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae5ee-4ef4-44ab-9022-46fa02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:42.000Z", "modified": "2016-11-15T10:39:42.000Z", "description": "- Xchecked via VT: 07278c56973d609caa5f9eb2393d9b1eb41964d24e7e9e7a7e7f9fdfb2bb4c31", "pattern": "[file:hashes.MD5 = '60f0c18fae934d1033394d62951d5dc8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:39:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--582ae5ee-9580-4da9-9118-48ad02de0b81", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:39:42.000Z", "modified": "2016-11-15T10:39:42.000Z", "first_observed": "2016-11-15T10:39:42Z", "last_observed": "2016-11-15T10:39:42Z", "number_observed": 1, "object_refs": [ "url--582ae5ee-9580-4da9-9118-48ad02de0b81" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--582ae5ee-9580-4da9-9118-48ad02de0b81", "value": "https://www.virustotal.com/file/07278c56973d609caa5f9eb2393d9b1eb41964d24e7e9e7a7e7f9fdfb2bb4c31/analysis/1479179966/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae62d-3180-4824-b898-40af950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:40:45.000Z", "modified": "2016-11-15T10:40:45.000Z", "pattern": "[rule HackingTeam_Android : Android Implant\r\n{\r\n\tmeta:\r\n\t\tdescription = \"HackingTeam Android implant, known to detect version v4 - v7\"\r\n\t\tauthor = \"Tim 'diff' Strazzere \"\r\n reference = \"http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/\"\r\n\t\tdate = \"2016-11-14\"\r\n\t\tversion = \"1.0\"\r\n strings:\r\n $decryptor = {\r\n 12 01 // const/4 v1, 0x0\r\n D8 00 ?? ?? // add-int/lit8 ??, ??, ??\r\n 6E 10 ?? ?? ?? 00 // invoke-virtual {??} -> String.toCharArray()\r\n 0C 04 // move-result-object v4\r\n 21 45 // array-length v5, v4\r\n 01 02 // move v2, v0\r\n 01 10 // move v0, v1\r\n 32 50 11 00 // if-eq v0, v5, 0xb\r\n 49 03 04 00 // aget-char v3, v4, v0\r\n DD 06 02 5F // and-int/lit8 v6, v2, 0x5f <- potentially change the hardcoded xor bit to ??\r\n B7 36 // xor-int/2addr v6, v3\r\n D8 03 02 ?? // and-int/lit8 v3, v2, ??\r\n D8 02 00 01 // and-int/lit8 v2, v0, 0x1\r\n 8E 66 // int-to-char v6, v6\r\n 50 06 04 00 // aput-char v6, v4, v0\r\n 01 20 // move v0, v2\r\n 01 32 // move v2, v3\r\n 28 F0 // goto 0xa\r\n 71 30 ?? ?? 14 05 // invoke-static {v4, v1, v5}, ?? -> String.valueOf()\r\n 0C 00 // move-result-object v0\r\n 6E 10 ?? ?? 00 00 // invoke-virtual {v0} ?? -> String.intern()\r\n 0C 00 // move-result-object v0\r\n 11 00 // return-object v0\r\n }\r\n // Below is the following string, however encoded as it would appear in the string table (length encoded, null byte padded)\r\n // Lcom/google/android/global/Settings;\r\n $settings = {\r\n 00 24 4C 63 6F 6D 2F 67 6F 6F 67 6C 65 2F 61 6E\r\n 64 72 6F 69 64 2F 67 6C 6F 62 61 6C 2F 53 65 74\r\n 74 69 6E 67 73 3B 00\r\n }\r\n // getSmsInputNumbers (Same encoded described above)\r\n $getSmsInputNumbers = {\r\n 00 12 67 65 74 53 6D 73 49 6E 70 75 74 4E 75 6D\r\n 62 65 72 73 00\r\n }\r\n condition:\r\n $decryptor and ($settings and $getSmsInputNumbers)\r\n}]", "pattern_type": "yara", "valid_from": "2016-11-15T10:40:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"yara\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae678-60f4-49dd-9680-4533950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:42:00.000Z", "modified": "2016-11-15T10:42:00.000Z", "description": "C2 for 87efe6a1cbf4d4481c6fa6e2c70a26a0b50a460557a1ad876af9966a571f8a4c", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.233.237.11']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:42:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--582ae695-7fd8-4183-b00e-484f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:42:29.000Z", "modified": "2016-11-15T10:42:29.000Z", "description": "C2 for 87efe6a1cbf4d4481c6fa6e2c70a26a0b50a460557a1ad876af9966a571f8a4c", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.232.100.221']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2016-11-15T10:42:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--582ae6df-a770-49ef-ad0b-4c77950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2016-11-15T10:43:55.000Z", "modified": "2016-11-15T10:43:55.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"Network activity\"" ], "x_misp_category": "Network activity", "x_misp_comment": "RequestActionsToExecute - Request", "x_misp_type": "text", "x_misp_value": "POST /UlisseREST/api/actions/RequestActionsToExecute HTTP/1.1\r\nConnection: Keep-Alive\r\nContent-Type: application/json\r\nAccept: application/json\r\nUser-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; BLU STUDIO 5.0 C Build/KOT49H)\r\nHost: 68.233.237.11\r\nAccept-Encoding: gzip\r\nContent-Length: 475\r\n{\"CommandLine\":\"\",\"CurrentDirectory\":\"\",\"Id\":\"8f4af21e-29fb-48e9-8b52-8cf87fcdec57\",\"LeaID\":\"00000000-0000-0000-0000-000000000000\",\"MachineName\":\"BLU BLU STUDIO 5.0 C BLU STUDIO 5.0 C IMEI: XXXXXXXXXXXXXXX IMSI: null\",\"OsType\":5,\"Platform\":\" Board:BLU STUDIO 5.0 C Brand:BLU Device:BLU STUDIO 5.0 C\",\"Version\":\"Release: 4.4.2 CodeName: REL Inc: eng.android.1441800693 SDK: 19\",\"ServicePack\":\"\",\"SystemDirectory\":\"\",\"UserDomainName\":\"\",\"UserName\":\"android\",\"ProcessorCount\":0}" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }