{ "type": "bundle", "id": "bundle--5a2677b2-78e4-4370-a96d-5f3b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-11T09:20:36.000Z", "modified": "2017-12-11T09:20:36.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a2677b2-78e4-4370-a96d-5f3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-11T09:20:36.000Z", "modified": "2017-12-11T09:20:36.000Z", "name": "OSINT - SLocker Mobile Ransomware Starts Mimicking WannaCry", "context": "suspicious-activity", "object_refs": [ "observed-data--5a2677d7-87c0-4ada-aacd-5f3b950d210f", "url--5a2677d7-87c0-4ada-aacd-5f3b950d210f", "indicator--5a294296-5dd0-404e-9929-4ffa950d210f", "indicator--5a2942c0-0b20-4f4f-8018-4635950d210f", "indicator--5a2945a9-2ce4-48bd-916e-a1b1950d210f", "indicator--5a29466c-15bc-4df0-85be-4a6b950d210f", "indicator--5a294691-da48-4d27-86b6-429a950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT", "malware_classification:malware-category=\"Ransomware\"", "osint:source-type=\"blog-post\"", "ms-caro-malware-full:malware-platform=\"AndroidOS\"", "ms-caro-malware:malware-platform=\"AndroidOS\"", "Android Malware", "misp-galaxy:android=\"SLocker\"", "workflow:todo=\"expansion\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a2677d7-87c0-4ada-aacd-5f3b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-05T10:41:35.000Z", "modified": "2017-12-05T10:41:35.000Z", "first_observed": "2017-12-05T10:41:35Z", "last_observed": "2017-12-05T10:41:35Z", "number_observed": 1, "object_refs": [ "url--5a2677d7-87c0-4ada-aacd-5f3b950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a2677d7-87c0-4ada-aacd-5f3b950d210f", "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a294296-5dd0-404e-9929-4ffa950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T13:31:02.000Z", "modified": "2017-12-07T13:31:02.000Z", "pattern": "[file:hashes.SHA256 = '200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d' AND file:name = '\u738b\u8005\u8363\u8000\u8f85\u52a9' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T13:31:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a2942c0-0b20-4f4f-8018-4635950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T13:31:44.000Z", "modified": "2017-12-07T13:31:44.000Z", "pattern": "[file:hashes.SHA256 = '2ffd539d462847bebcdff658a83f74ca7f039946bbc6c6247be2fc62dc0e4060' AND file:name = '\u5343\u53d8\u8bed\u97f3' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T13:31:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a2945a9-2ce4-48bd-916e-a1b1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T13:44:09.000Z", "modified": "2017-12-07T13:44:09.000Z", "pattern": "[file:hashes.SHA256 = '36f40d5a11d886a2280c57859cd5f22de2d78c87dcdb52ea601089745eeee494' AND file:name = '\u738b\u8005\u8363\u8000\u524d\u77bb\u7248' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T13:44:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a29466c-15bc-4df0-85be-4a6b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T13:47:24.000Z", "modified": "2017-12-07T13:47:24.000Z", "pattern": "[file:hashes.SHA256 = 'c347e09b1489c5b8061828526f4ce778fda8ef7fb835255914eb3c9268a265bf' AND file:name = '\u5343\u53d8\u8bed\u97f3\u79c0' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T13:47:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5a294691-da48-4d27-86b6-429a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-07T13:48:01.000Z", "modified": "2017-12-07T13:48:01.000Z", "pattern": "[file:hashes.SHA256 = 'cb0a18bcc8a2c9a966d3f585771db8b2e627a7b4427a889191a93b3a1b261ba3' AND file:name = '\u4e3b\u6d41\u5f71\u89c6\u5927\u5168' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-12-07T13:48:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }