{ "type": "bundle", "id": "bundle--5a3bd321-a8a4-45a6-b246-445b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5a3bd321-a8a4-45a6-b246-445b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "name": "OSINT - New Android trojan targeting over 60 banks and social apps", "context": "suspicious-activity", "object_refs": [ "observed-data--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f", "url--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f", "indicator--5be00902-b980-420b-b2ec-4f5c950d210f", "indicator--5be00903-5d98-4214-adad-4a3e950d210f", "indicator--5be00903-2a20-42ce-950d-4c80950d210f", "indicator--5be00904-4e3c-40cb-a9b2-4fa9950d210f", "indicator--5be00904-30e4-47c3-bf2a-4574950d210f", "indicator--5be00905-440c-430f-ad81-493a950d210f", "indicator--5be0090b-67a4-4f5d-b6c0-432b950d210f", "indicator--5be00910-e888-4bcc-b09e-4305950d210f", "indicator--5be00916-f90c-4316-b57e-4b19950d210f", "indicator--5be00917-5d7c-405d-98b7-41ed950d210f", "indicator--5be00917-0acc-46f0-b09c-4787950d210f", "indicator--5be00918-5540-4d4f-b69a-4d1b950d210f", "indicator--5be0091b-06e4-4e7d-985e-484e950d210f", "indicator--5be0091c-40e4-4418-9b45-4156950d210f", "indicator--5be0091c-efa4-4113-9486-4b55950d210f", "indicator--5be0091d-0768-4e0c-a531-4b09950d210f", "indicator--5be0091d-62b4-4656-955f-4f98950d210f", "indicator--5be0091e-7e30-4a29-87fe-4be8950d210f", "indicator--5be0091e-f0f4-476f-887e-42c1950d210f", "indicator--5be0091f-5ae0-4f08-b72d-4cc3950d210f", "indicator--5be0091f-52c0-4150-8174-48e7950d210f", "indicator--5be00920-d8e8-40fc-a007-46d7950d210f", "indicator--5be00920-c910-41ce-98bd-4fde950d210f", "indicator--5be00921-371c-4fe2-b8bd-440b950d210f", "indicator--5be00926-fc48-4be4-838f-4433950d210f", "indicator--5be00927-2870-48f6-8bcc-4459950d210f", "indicator--5be0092c-bc38-44de-ad74-4554950d210f", "indicator--5be00932-9a7c-4a79-a0e7-42ff950d210f", "indicator--5be00935-ca10-44db-9229-4274950d210f", "indicator--5be00936-4cf8-458e-96ec-45de950d210f", "indicator--5be00937-5020-45f2-92ab-410b950d210f", "indicator--5be00937-72bc-4be7-8ee7-4e26950d210f", "indicator--5be00938-7ee0-444a-b175-4ed8950d210f", "indicator--5be00938-b9a8-4e82-bb77-4acd950d210f", "indicator--5be0093e-1374-465c-a1dd-48cb950d210f", "indicator--5be0093e-bc28-4fe5-b503-467a950d210f", "indicator--5be0093f-da20-42eb-8a31-4b9f950d210f", "indicator--5be0093f-b708-4408-9ef2-4480950d210f", "indicator--5be00940-ded0-4a5a-875d-4e86950d210f", "indicator--5be00940-ba98-4490-b995-4ffe950d210f", "indicator--5be00941-18b4-47d9-b237-483c950d210f", "indicator--5be00941-2318-45e1-85df-4887950d210f", "indicator--5be00947-b94c-43ec-bc06-49e1950d210f", "indicator--5be0094c-71f4-4a86-b021-4a1c950d210f", "indicator--5be00952-1f28-46bf-ba31-4ae0950d210f", "indicator--5be00952-6854-4df8-a2f6-461e950d210f", "indicator--5be00953-7558-4388-90ea-4154950d210f", "indicator--5be00953-a7e0-43ef-bdb7-4045950d210f", "indicator--5be00954-453c-4023-9c05-4cb9950d210f", "indicator--5be00954-94c4-4bf0-86e9-4c62950d210f", "indicator--5be0095a-40dc-4974-8c55-4742950d210f", "indicator--5be0095a-eaac-4514-93b0-4711950d210f", "indicator--5be0095b-4af8-41cd-b882-46cc950d210f", "indicator--5be0095b-cfd4-440f-b31e-4bd7950d210f", "indicator--5be0095c-5074-4848-ba5f-4eda950d210f", "indicator--5be00961-3534-4459-936e-483a950d210f", "indicator--5be00962-9384-4d42-82b8-48b9950d210f", "indicator--5be00962-9b84-402d-8d4c-4359950d210f", "indicator--5be00963-abf0-49b5-94c9-4439950d210f", "indicator--5be00a34-4b9c-4687-9c4d-4ec1950d210f", "indicator--5be00a77-0660-46c9-b0ba-4ecd950d210f", "indicator--5be00a93-8b48-476d-8339-447d950d210f", "indicator--5be00ac5-d1fc-4bf9-a034-4310950d210f", "indicator--5be00b1b-0528-448b-8a8b-4e99950d210f", "indicator--5be00b36-902c-4741-83cf-4181950d210f", "indicator--5be00e7e-0b14-4d66-9d81-4c28950d210f", "indicator--5be00ea6-2f90-474b-985f-47e8950d210f", "indicator--5be00ec0-85b4-4013-97d5-4c84950d210f", "indicator--5be00edc-135c-4b87-a00c-4130950d210f", "indicator--5be00efc-bef0-4544-a31f-45a0950d210f", "indicator--5be00f1d-f554-44d1-b523-4c7f950d210f", "indicator--5be00f44-c444-4b0a-a2d0-48c0950d210f", "indicator--5be00f5a-e7d8-4b33-90ab-44cc950d210f", "indicator--5be00f86-96e8-42f6-b0e4-4f00950d210f", "indicator--5be00fa6-7fcc-4908-8faa-4c22950d210f", "indicator--5be00fbe-9458-4f15-9256-4bb1950d210f", "indicator--5be00fe4-cbb4-4f0a-bfdc-4487950d210f", "indicator--9f7d8819-3d8a-408b-a2e2-1c567a72a326", "x-misp-object--74ce551d-b3c7-4489-891b-9bb420fb6276", "indicator--126ad6b0-f4b8-457c-8d48-9e4ee46162c9", "x-misp-object--1f22ffe1-7948-4b1e-8d3a-1a77e8471f8c", "indicator--9484a796-e5ef-4046-8d57-606eb714dc29", "x-misp-object--a593cf8a-7c7e-455a-8bcb-5ad677a458d7", "indicator--caaced19-acae-40d4-9fb2-d07ead24a799", "x-misp-object--a3d75b8e-253d-4f2e-ba8c-63da524edce2", "indicator--431e8d26-a3bb-4287-a762-4f53842fc5e7", "x-misp-object--f29f6d28-1558-4169-8999-bd1c9642f404", "indicator--a2bae36c-99aa-470b-92f8-8a56fb411fa6", "x-misp-object--1cbf8ea2-a375-4be9-9fde-125385db9c8f", "indicator--9fbc8b1a-89d4-483e-b052-b99cfedd6875", "x-misp-object--d238b22a-5bad-42f4-9c46-0ed532cf269d", "indicator--9f13df2b-b613-4785-9056-1c2a274ca947", "x-misp-object--102efbb1-1732-487f-a636-5c36fed361f7", "indicator--485cf634-0b1d-42c0-a31c-fb18e81e0af5", "x-misp-object--d4ce5e52-b6cf-40ff-bc26-cd25ffcfde97", "indicator--88d0599b-6cd5-4a20-bc0f-20f7e3884c62", "x-misp-object--09999b9f-0371-488d-ac20-fd35bb5876f2", "indicator--48e2f409-5348-4ced-b30b-158e53f3d0db", "x-misp-object--01251890-fba9-46cb-9a6e-aef9caf1e169", "indicator--0b905bfe-ab69-4e5e-b622-992b80399025", "x-misp-object--d77cfe3b-6bb5-4575-ad9b-d61f81915468", "indicator--28783d4f-45a8-4fbe-be77-ffe4efd9ed79", "x-misp-object--be178841-563d-4a56-bae7-a3697e9089fc", "indicator--42d6118d-c5e5-4228-9715-459d795be3d5", "x-misp-object--f3886734-574c-4d19-a9bf-cf32a298640b", "indicator--28fea41d-1585-41c1-81d9-2bed8addb3dd", "x-misp-object--517ba780-62b4-4f69-ab78-268ff60ba619", "indicator--d8dd3d7e-8a2c-4299-aeaf-575f0883a6db", "x-misp-object--9515ed0b-2b92-4226-9e66-897a967e5836", "indicator--205d63fb-7676-4ef1-8bab-547ed5120bca", "x-misp-object--d46a3784-5b8c-4d3d-9ca1-c4707774c607", "indicator--b4ecec0d-f83e-48aa-a503-17c4f19d5eba", "x-misp-object--e408196c-b99e-4c41-860a-70a9a92f4854", "relationship--448eff2f-4f44-4d84-90e6-6b62b3ecfa18", "relationship--da3a615d-ce24-4074-99c8-33c78e254eea", "relationship--04c492a7-b9ea-4e7b-a0b4-9b449a844d5e", "relationship--8f2c9e6d-5f3a-43d3-a050-782637fe5194", "relationship--20500800-1593-4e43-bf35-5838bd11b389", "relationship--0cf9a452-fd27-496b-987d-026a1495d183", "relationship--614418c7-a765-4824-bc20-a07c6bbc4802", "relationship--999367ff-a282-42ff-ba41-f76f9a0324d9", "relationship--a17f00fb-8a17-4bf1-9a51-b287981501d4", "relationship--1d4bafb6-1036-43dd-b8f3-134b756704c2", "relationship--ba8035a1-6b99-4605-aab9-adeb7f9f7b8b", "relationship--aece340b-426e-4eee-99d6-6289c7a44c75", "relationship--13f143f0-be30-4e17-b023-fa06dc2a43de", "relationship--0bfa9431-cd8c-4872-b48a-495bb817b70f", "relationship--8f0c3211-951d-4cdc-b0ae-fd4be93e0a62", "relationship--5c58b6cb-0ba6-44a0-9cc0-a1ee0c3cb714", "relationship--ce45ba5d-c45a-4d19-85bb-ac021438da1c", "relationship--d94fb1f7-f362-49f3-8953-488cda33e992" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "workflow:state=\"incomplete\"", "workflow:todo=\"create-missing-misp-galaxy-cluster-values\"", "workflow:todo=\"create-missing-misp-galaxy-cluster\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-12-21T15:28:44.000Z", "modified": "2017-12-21T15:28:44.000Z", "first_observed": "2017-12-21T15:28:44Z", "last_observed": "2017-12-21T15:28:44Z", "number_observed": 1, "object_refs": [ "url--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5a3bd32c-d9f8-4b56-b25f-4bfb950d210f", "value": "https://clientsidedetection.com/new_android_trojan_targeting_over_60_banks_and_social_apps.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00902-b980-420b-b2ec-4f5c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:26.000Z", "modified": "2018-11-05T09:10:26.000Z", "pattern": "[domain-name:value = 'aib.ibank.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00903-5d98-4214-adad-4a3e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:27.000Z", "modified": "2018-11-05T09:10:27.000Z", "pattern": "[file:name = 'au.com.bankwest.mobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00903-2a20-42ce-950d-4c80950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:27.000Z", "modified": "2018-11-05T09:10:27.000Z", "pattern": "[file:name = 'au.com.cua.mb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00904-4e3c-40cb-a9b2-4fa9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:28.000Z", "modified": "2018-11-05T09:10:28.000Z", "pattern": "[file:name = 'au.com.mebank.banking']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00904-30e4-47c3-bf2a-4574950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:28.000Z", "modified": "2018-11-05T09:10:28.000Z", "pattern": "[file:name = 'au.com.nab.mobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00905-440c-430f-ad81-493a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:29.000Z", "modified": "2018-11-05T09:10:29.000Z", "pattern": "[file:name = 'au.com.newcastlepermanent']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0090b-67a4-4f5d-b6c0-432b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:35.000Z", "modified": "2018-11-05T09:10:35.000Z", "pattern": "[file:name = 'au.com.suncorp.SuncorpBank']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00910-e888-4bcc-b09e-4305950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:40.000Z", "modified": "2018-11-05T09:10:40.000Z", "pattern": "[file:name = 'com.anz.android.gomoney']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00916-f90c-4316-b57e-4b19950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:46.000Z", "modified": "2018-11-05T09:10:46.000Z", "pattern": "[file:name = 'com.axis.mobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00917-5d7c-405d-98b7-41ed950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:47.000Z", "modified": "2018-11-05T09:10:47.000Z", "pattern": "[file:name = 'com.bankofireland.mobilebanking']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00917-0acc-46f0-b09c-4787950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:47.000Z", "modified": "2018-11-05T09:10:47.000Z", "pattern": "[file:name = 'com.bbva.bbvacontigo']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00918-5540-4d4f-b69a-4d1b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:48.000Z", "modified": "2018-11-05T09:10:48.000Z", "pattern": "[file:name = 'com.caisseepargne.android.mobilebanking']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091b-06e4-4e7d-985e-484e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:51.000Z", "modified": "2018-11-05T09:10:51.000Z", "pattern": "[domain-name:value = 'com.chase.sig.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091c-40e4-4418-9b45-4156950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:52.000Z", "modified": "2018-11-05T09:10:52.000Z", "pattern": "[domain-name:value = 'com.citibank.mobile.au']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091c-efa4-4113-9486-4b55950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:52.000Z", "modified": "2018-11-05T09:10:52.000Z", "pattern": "[file:name = 'com.cm_prod.bad']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:52Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091d-0768-4e0c-a531-4b09950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:53.000Z", "modified": "2018-11-05T09:10:53.000Z", "pattern": "[file:name = 'com.comarch.security.mobilebanking']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091d-62b4-4656-955f-4f98950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:53.000Z", "modified": "2018-11-05T09:10:53.000Z", "pattern": "[domain-name:value = 'com.commbank.netbank']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091e-7e30-4a29-87fe-4be8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:54.000Z", "modified": "2018-11-05T09:10:54.000Z", "pattern": "[file:name = 'com.csam.icici.bank.imobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091e-f0f4-476f-887e-42c1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:54.000Z", "modified": "2018-11-05T09:10:54.000Z", "pattern": "[file:name = 'com.finansbank.mobile.cepsube']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091f-5ae0-4f08-b72d-4cc3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:55.000Z", "modified": "2018-11-05T09:10:55.000Z", "pattern": "[file:name = 'com.garanti.cepsubesi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0091f-52c0-4150-8174-48e7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:55.000Z", "modified": "2018-11-05T09:10:55.000Z", "pattern": "[file:name = 'com.infonow.bofa']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00920-d8e8-40fc-a007-46d7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:56.000Z", "modified": "2018-11-05T09:10:56.000Z", "pattern": "[domain-name:value = 'com.instagram.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00920-c910-41ce-98bd-4fde950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:56.000Z", "modified": "2018-11-05T09:10:56.000Z", "pattern": "[file:name = 'com.konylabs.capitalone']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00921-371c-4fe2-b8bd-440b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:10:57.000Z", "modified": "2018-11-05T09:10:57.000Z", "pattern": "[file:name = 'com.konylabs.cbplpat']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:10:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00926-fc48-4be4-838f-4433950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:02.000Z", "modified": "2018-11-05T09:11:02.000Z", "pattern": "[file:name = 'com.latuabancaperandroid']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00927-2870-48f6-8bcc-4459950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:03.000Z", "modified": "2018-11-05T09:11:03.000Z", "pattern": "[file:name = 'com.nearform.ptsb']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0092c-bc38-44de-ad74-4554950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:08.000Z", "modified": "2018-11-05T09:11:08.000Z", "pattern": "[domain-name:value = 'com.palatine.android.mobilebanking.prod']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00932-9a7c-4a79-a0e7-42ff950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:14.000Z", "modified": "2018-11-05T09:11:14.000Z", "pattern": "[file:name = 'com.pozitron.iscep']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00935-ca10-44db-9229-4274950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:17.000Z", "modified": "2018-11-05T09:11:17.000Z", "pattern": "[file:name = 'com.sbi.SBIFreedomPlus']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00936-4cf8-458e-96ec-45de950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:18.000Z", "modified": "2018-11-05T09:11:18.000Z", "pattern": "[file:name = 'com.snapwork.hdfc']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00937-5020-45f2-92ab-410b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:19.000Z", "modified": "2018-11-05T09:11:19.000Z", "pattern": "[file:name = 'com.suntrust.mobilebanking']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00937-72bc-4be7-8ee7-4e26950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:19.000Z", "modified": "2018-11-05T09:11:19.000Z", "pattern": "[file:name = 'com.tmobtech.halkbank']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:19Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00938-7ee0-444a-b175-4ed8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:20.000Z", "modified": "2018-11-05T09:11:20.000Z", "pattern": "[domain-name:value = 'com.unionbank.ecommerce.mobile.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00938-b9a8-4e82-bb77-4acd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:20.000Z", "modified": "2018-11-05T09:11:20.000Z", "pattern": "[file:name = 'com.vakifbank.mobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0093e-1374-465c-a1dd-48cb950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:26.000Z", "modified": "2018-11-05T09:11:26.000Z", "pattern": "[file:name = 'com.wf.wellsfargomobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0093e-bc28-4fe5-b503-467a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:26.000Z", "modified": "2018-11-05T09:11:26.000Z", "pattern": "[domain-name:value = 'com.ykb.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0093f-da20-42eb-8a31-4b9f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:27.000Z", "modified": "2018-11-05T09:11:27.000Z", "pattern": "[file:name = 'com.ziraat.ziraatmobil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0093f-b708-4408-9ef2-4480950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:27.000Z", "modified": "2018-11-05T09:11:27.000Z", "pattern": "[domain-name:value = 'de.comdirect.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00940-ded0-4a5a-875d-4e86950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:28.000Z", "modified": "2018-11-05T09:11:28.000Z", "pattern": "[file:name = 'de.commerzbanking.mobil']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00940-ba98-4490-b995-4ffe950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:28.000Z", "modified": "2018-11-05T09:11:28.000Z", "pattern": "[file:name = 'de.postbank.finanzassistent']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00941-18b4-47d9-b237-483c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:29.000Z", "modified": "2018-11-05T09:11:29.000Z", "pattern": "[domain-name:value = 'es.cm.android']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00941-2318-45e1-85df-4887950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:29.000Z", "modified": "2018-11-05T09:11:29.000Z", "pattern": "[file:name = 'es.lacaixa.mobile.android.newwapicon']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00947-b94c-43ec-bc06-49e1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:35.000Z", "modified": "2018-11-05T09:11:35.000Z", "pattern": "[file:name = 'eu.eleader.mobilebanking.pekao']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0094c-71f4-4a86-b021-4a1c950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:40.000Z", "modified": "2018-11-05T09:11:40.000Z", "pattern": "[file:name = 'fr.banquepopulaire.cyberplus']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00952-1f28-46bf-ba31-4ae0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:46.000Z", "modified": "2018-11-05T09:11:46.000Z", "pattern": "[file:name = 'fr.creditagricole.androidapp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00952-6854-4df8-a2f6-461e950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:46.000Z", "modified": "2018-11-05T09:11:46.000Z", "pattern": "[file:name = 'fr.laposte.lapostemobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00953-7558-4388-90ea-4154950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:47.000Z", "modified": "2018-11-05T09:11:47.000Z", "pattern": "[file:name = 'fr.lcl.android.customerarea']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00953-a7e0-43ef-bdb7-4045950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:47.000Z", "modified": "2018-11-05T09:11:47.000Z", "pattern": "[file:name = 'in.co.bankofbaroda.mpassbook']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00954-453c-4023-9c05-4cb9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:48.000Z", "modified": "2018-11-05T09:11:48.000Z", "pattern": "[file:name = 'it.nogood.container']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00954-94c4-4bf0-86e9-4c62950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:48.000Z", "modified": "2018-11-05T09:11:48.000Z", "pattern": "[file:name = 'net.bnpparibas.mescomptes']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0095a-40dc-4974-8c55-4742950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:54.000Z", "modified": "2018-11-05T09:11:54.000Z", "pattern": "[domain-name:value = 'org.stgeorge.bankorg.westpac.bank']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0095a-eaac-4514-93b0-4711950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:54.000Z", "modified": "2018-11-05T09:11:54.000Z", "pattern": "[file:name = 'pl.bzwbk.bzwbk24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:54Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0095b-4af8-41cd-b882-46cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:55.000Z", "modified": "2018-11-05T09:11:55.000Z", "pattern": "[file:name = 'pl.bzwbk.mobile.tab.bzwbk24']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0095b-cfd4-440f-b31e-4bd7950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:55.000Z", "modified": "2018-11-05T09:11:55.000Z", "pattern": "[file:name = 'pl.eurobank']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:55Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be0095c-5074-4848-ba5f-4eda950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:11:56.000Z", "modified": "2018-11-05T09:11:56.000Z", "pattern": "[file:name = 'pl.ipko.mobile']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:11:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00961-3534-4459-936e-483a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:12:01.000Z", "modified": "2018-11-05T09:12:01.000Z", "pattern": "[file:name = 'pl.mbank']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:12:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00962-9384-4d42-82b8-48b9950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:12:02.000Z", "modified": "2018-11-05T09:12:02.000Z", "pattern": "[file:name = 'pl.millennium.corpApp']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:12:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00962-9b84-402d-8d4c-4359950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:12:02.000Z", "modified": "2018-11-05T09:12:02.000Z", "pattern": "[file:name = 'src.com.idbi']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:12:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00963-abf0-49b5-94c9-4439950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:12:03.000Z", "modified": "2018-11-05T09:12:03.000Z", "pattern": "[file:name = 'wit.android.bcpBankingApp.millenniumPL']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:12:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00a34-4b9c-4687-9c4d-4ec1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:15:32.000Z", "modified": "2018-11-05T09:15:32.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = 'a7c9cfa4ad14b0b9f907db0a1bef626327e1348515a4ae61a20387d6ec8fea78' AND file:name = 'com.patixof.dxtrix' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:15:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00a77-0660-46c9-b0ba-4ecd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:16:39.000Z", "modified": "2018-11-05T09:16:39.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = 'bb0c8992c9eb052934c7f341a6b7992f8bb01c078865c4e562fd9b84637c1e1b' AND file:name = 'com.acronic' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:16:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00a93-8b48-476d-8339-447d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:17:07.000Z", "modified": "2018-11-05T09:17:07.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = '79424db82573e1d7e60f94489c5ca1992f8d65422dbb8805d65f418d20bbd03a' AND file:name = 'com.glsoftwre.fmc' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:17:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00ac5-d1fc-4bf9-a034-4310950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:17:57.000Z", "modified": "2018-11-05T09:17:57.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = '4d74b31907745ba0715d356e7854389830e519f5051878485c4be8779bb55736' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:17:57Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00b1b-0528-448b-8a8b-4e99950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:19:23.000Z", "modified": "2018-11-05T09:19:23.000Z", "description": "Viber", "pattern": "[file:hashes.SHA256 = '2dc19f81352e84a45bd7f916afa3353d7f710338494d44802f271e1f3d972aed' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:19:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00b36-902c-4741-83cf-4181950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:19:50.000Z", "modified": "2018-11-05T09:19:50.000Z", "description": "Android Update", "pattern": "[file:hashes.SHA256 = '307f1b6eae57b6475b4436568774f0b23aa370a1a48f3b991af9c9b336733630' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:19:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00e7e-0b14-4d66-9d81-4c28950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:33:50.000Z", "modified": "2018-11-05T09:33:50.000Z", "description": "Update Google Market", "pattern": "[file:hashes.SHA256 = '359341b5b4306ef36343b2ed5625bbbb8c051f2957d268b57be9c84424affd29' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:33:50Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00ea6-2f90-474b-985f-47e8950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:34:30.000Z", "modified": "2018-11-05T09:34:30.000Z", "description": "WhatsApp", "pattern": "[file:hashes.SHA256 = '9eaa3bb33c36626cd13fc94f9de88b0f390ac5219cc04a08ee5961d59bf4946b' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:34:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00ec0-85b4-4013-97d5-4c84950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:34:56.000Z", "modified": "2018-11-05T09:34:56.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = 'dc11d9eb2b09c2bf74136b313e752075afb05c2f82d1f5fdd2379e46089eb776' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:34:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00edc-135c-4b87-a00c-4130950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:35:24.000Z", "modified": "2018-11-05T09:35:24.000Z", "description": "Update WhatsApp", "pattern": "[file:hashes.SHA256 = '58391ca1e3001311efe9fba1c05c15a2b1a7e5026e0f7b642a929a8fed25b187' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:35:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00efc-bef0-4544-a31f-45a0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:35:56.000Z", "modified": "2018-11-05T09:35:56.000Z", "description": "Android Update", "pattern": "[file:hashes.SHA256 = '36cbe3344f027c2960f7ac0d661ddbefff631af2da90b5122a65c407d0182b69' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:35:56Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00f1d-f554-44d1-b523-4c7f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:36:29.000Z", "modified": "2018-11-05T09:36:29.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = 'a5db9e4deadb2f7e075ba8a3beb6d927502b76237afaf0e2c28d00bb01570fae' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:36:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00f44-c444-4b0a-a2d0-48c0950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:37:08.000Z", "modified": "2018-11-05T09:37:08.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = '0d0490d2844726314b7569827013d0555af242dd32b7e36ff5e28da3982a4f88' AND file:name = 'com.aox.exsoft' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:37:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00f5a-e7d8-4b33-90ab-44cc950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:37:30.000Z", "modified": "2018-11-05T09:37:30.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = '3e47f075b9d0b2eb840b8bbd49017ffb743f9973c274ec04b4db209af73300d6' AND file:name = 'com.excellentsft.xss' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:37:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00f86-96e8-42f6-b0e4-4f00950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:38:14.000Z", "modified": "2018-11-05T09:38:14.000Z", "description": "ebookreader", "pattern": "[file:hashes.SHA256 = '05ea7239e4df91e7ffd57fba8cc81751836d03fa7c2c4aa1913739f023b046f0' AND file:name = 'com.clx.rms' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:38:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00fa6-7fcc-4908-8faa-4c22950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:38:46.000Z", "modified": "2018-11-05T09:38:46.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = '9446a9a13848906ca3040e399fd84bfebf21c40825f7d52a63c7ccccec4659b7' AND file:name = 'com.glsoftwre.fmc' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:38:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00fbe-9458-4f15-9256-4bb1950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:39:10.000Z", "modified": "2018-11-05T09:39:10.000Z", "description": "Update Flash Player", "pattern": "[file:hashes.SHA256 = '3a5ddb598e20ca7dfa79a9682751322a869695c500bdfb0c91c8e2ffb02cd6da' AND file:name = 'com.kmc.prod' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:39:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5be00fe4-cbb4-4f0a-bfdc-4487950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-11-05T09:39:48.000Z", "modified": "2018-11-05T09:39:48.000Z", "description": "Android Update", "pattern": "[file:hashes.SHA256 = 'b83bd8c755cb7546ef28bac157e51f04257686a045bbf9d64bec7eeb9116fd8a' AND file:name = 'com.kmc.prod' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-11-05T09:39:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f7d8819-3d8a-408b-a2e2-1c567a72a326", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:37.000Z", "modified": "2019-03-27T12:17:37.000Z", "pattern": "[file:hashes.MD5 = '49bb47f0444b08c2462b4ba2584ba314' AND file:hashes.SHA1 = 'ac244f3691616c004e1b5d5a9b4812ad8e2892e7' AND file:hashes.SHA256 = 'dc11d9eb2b09c2bf74136b313e752075afb05c2f82d1f5fdd2379e46089eb776']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--74ce551d-b3c7-4489-891b-9bb420fb6276", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:37.000Z", "modified": "2019-03-27T12:17:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:15:50", "category": "Other", "uuid": "91571960-c106-4286-8b1f-e71337e549e9" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/dc11d9eb2b09c2bf74136b313e752075afb05c2f82d1f5fdd2379e46089eb776/analysis/1530144950/", "category": "Payload delivery", "uuid": "3b766bce-672e-4592-b362-25d0ff50a045" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/62", "category": "Payload delivery", "uuid": "aae7b9c7-57d7-4189-921e-bfb85852554b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--126ad6b0-f4b8-457c-8d48-9e4ee46162c9", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:37.000Z", "modified": "2019-03-27T12:17:37.000Z", "pattern": "[file:hashes.MD5 = 'fba6fde1cc56a835fc9e4eeb0b718796' AND file:hashes.SHA1 = '2e428e67c5664ae1c5bd40439654364c2aaae9f2' AND file:hashes.SHA256 = '36cbe3344f027c2960f7ac0d661ddbefff631af2da90b5122a65c407d0182b69']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1f22ffe1-7948-4b1e-8d3a-1a77e8471f8c", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:37.000Z", "modified": "2019-03-27T12:17:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-07-01 00:02:03", "category": "Other", "uuid": "6e4e24af-a3bc-4f62-a270-bd2c7e0bf3ad" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/36cbe3344f027c2960f7ac0d661ddbefff631af2da90b5122a65c407d0182b69/analysis/1530403323/", "category": "Payload delivery", "uuid": "c601acd8-769e-4790-bbbf-103b4d5d0041" }, { "type": "text", "object_relation": "detection-ratio", "value": "34/58", "category": "Payload delivery", "uuid": "9317b977-c0f8-4387-9897-b06eab560434" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9484a796-e5ef-4046-8d57-606eb714dc29", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:37.000Z", "modified": "2019-03-27T12:17:37.000Z", "pattern": "[file:hashes.MD5 = '6cf9e7ab21953d1f613a9c04878796c8' AND file:hashes.SHA1 = '8db8d422536cb50e0df5d1c80f2b6d55608825b4' AND file:hashes.SHA256 = '359341b5b4306ef36343b2ed5625bbbb8c051f2957d268b57be9c84424affd29']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a593cf8a-7c7e-455a-8bcb-5ad677a458d7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:37.000Z", "modified": "2019-03-27T12:17:37.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:21:14", "category": "Other", "uuid": "7742d522-2b1a-4182-94ac-ded00931840b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/359341b5b4306ef36343b2ed5625bbbb8c051f2957d268b57be9c84424affd29/analysis/1530145274/", "category": "Payload delivery", "uuid": "c8c757a0-eca6-4d7a-b403-7dd57cf8b338" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/63", "category": "Payload delivery", "uuid": "2cda08e3-3e2b-407d-b29f-c1d360beedd9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--caaced19-acae-40d4-9fb2-d07ead24a799", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:37.000Z", "modified": "2019-03-27T12:17:37.000Z", "pattern": "[file:hashes.MD5 = 'c13f3d72e5900f3e3b7af2a1ad2cbd3a' AND file:hashes.SHA1 = '08cd1e2a2f7accebb66da15597253658eb6889e0' AND file:hashes.SHA256 = '9446a9a13848906ca3040e399fd84bfebf21c40825f7d52a63c7ccccec4659b7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--a3d75b8e-253d-4f2e-ba8c-63da524edce2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:38.000Z", "modified": "2019-03-27T12:17:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2017-11-27 10:44:50", "category": "Other", "uuid": "10621f3d-c2e2-4eab-a9e0-fdd511f798d4" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9446a9a13848906ca3040e399fd84bfebf21c40825f7d52a63c7ccccec4659b7/analysis/1511779490/", "category": "Payload delivery", "uuid": "1a2ec0c9-9479-4358-ae85-65681f40ddce" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/63", "category": "Payload delivery", "uuid": "9536753e-efcb-4173-a72c-d4c492170aad" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--431e8d26-a3bb-4287-a762-4f53842fc5e7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:38.000Z", "modified": "2019-03-27T12:17:38.000Z", "pattern": "[file:hashes.MD5 = '4293504296dad91b884b5e7be64f8294' AND file:hashes.SHA1 = '0229b26c1aa5f9000a2549b159f530a10e575970' AND file:hashes.SHA256 = 'b83bd8c755cb7546ef28bac157e51f04257686a045bbf9d64bec7eeb9116fd8a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f29f6d28-1558-4169-8999-bd1c9642f404", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:38.000Z", "modified": "2019-03-27T12:17:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-11-03 11:47:20", "category": "Other", "uuid": "a7d34c6c-4156-48fb-bddd-82184cc94f04" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/b83bd8c755cb7546ef28bac157e51f04257686a045bbf9d64bec7eeb9116fd8a/analysis/1541245640/", "category": "Payload delivery", "uuid": "7521d55d-bd4b-4032-a37d-cbf1fc36528a" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/60", "category": "Payload delivery", "uuid": "018dc8e5-946e-4799-b07c-259a50f91f7b" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--a2bae36c-99aa-470b-92f8-8a56fb411fa6", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:38.000Z", "modified": "2019-03-27T12:17:38.000Z", "pattern": "[file:hashes.MD5 = '4b9c329bf53b975cf3d2c4b3ef86fd16' AND file:hashes.SHA1 = '9591194d6bf57996699c0d5841ee7f54b91f0636' AND file:hashes.SHA256 = '2dc19f81352e84a45bd7f916afa3353d7f710338494d44802f271e1f3d972aed']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--1cbf8ea2-a375-4be9-9fde-125385db9c8f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:38.000Z", "modified": "2019-03-27T12:17:38.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-07-30 15:31:50", "category": "Other", "uuid": "76845609-3bd5-4558-8bad-c5eb44959f8b" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/2dc19f81352e84a45bd7f916afa3353d7f710338494d44802f271e1f3d972aed/analysis/1532964710/", "category": "Payload delivery", "uuid": "e698e64c-e63b-4ae1-a604-e41ebd8a724a" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/61", "category": "Payload delivery", "uuid": "af021bf6-bef7-4aff-9902-6c0e9f123f69" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9fbc8b1a-89d4-483e-b052-b99cfedd6875", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "pattern": "[file:hashes.MD5 = '6de77433b4e42505af2e8d89df9aff90' AND file:hashes.SHA1 = '97c9c935a62aaef587408bbf80d99dd45863efaf' AND file:hashes.SHA256 = '79424db82573e1d7e60f94489c5ca1992f8d65422dbb8805d65f418d20bbd03a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d238b22a-5bad-42f4-9c46-0ed532cf269d", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:20:55", "category": "Other", "uuid": "5a047e0a-4579-40a4-ba92-68211a1370d6" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/79424db82573e1d7e60f94489c5ca1992f8d65422dbb8805d65f418d20bbd03a/analysis/1530145255/", "category": "Payload delivery", "uuid": "097c6416-7840-42f3-9bbe-bcd394266ac2" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/62", "category": "Payload delivery", "uuid": "2af64d9f-41ae-43e7-8297-f76f1ac6ddce" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--9f13df2b-b613-4785-9056-1c2a274ca947", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "pattern": "[file:hashes.MD5 = '81e30f25d93c328bcc4817a1e3cf257c' AND file:hashes.SHA1 = '77a05118841bdae24801af09a7c5601a1dce163f' AND file:hashes.SHA256 = 'a5db9e4deadb2f7e075ba8a3beb6d927502b76237afaf0e2c28d00bb01570fae']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--102efbb1-1732-487f-a636-5c36fed361f7", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:23:50", "category": "Other", "uuid": "d273ba7e-aa03-4d10-a106-9b9388d7ce7c" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a5db9e4deadb2f7e075ba8a3beb6d927502b76237afaf0e2c28d00bb01570fae/analysis/1530145430/", "category": "Payload delivery", "uuid": "83039d46-fd52-47ee-bfce-546e03c5cfa8" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/62", "category": "Payload delivery", "uuid": "ac94e92d-e0a3-491b-b204-72f1bca78077" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--485cf634-0b1d-42c0-a31c-fb18e81e0af5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "pattern": "[file:hashes.MD5 = '7f95fd9377a11b61dc3aff05ce74e832' AND file:hashes.SHA1 = '11d8c608db2e57274c015875f8e09c0e5e5537db' AND file:hashes.SHA256 = '9eaa3bb33c36626cd13fc94f9de88b0f390ac5219cc04a08ee5961d59bf4946b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d4ce5e52-b6cf-40ff-bc26-cd25ffcfde97", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:23:30", "category": "Other", "uuid": "9476afce-c9e8-4064-af77-d8e4afd4f863" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/9eaa3bb33c36626cd13fc94f9de88b0f390ac5219cc04a08ee5961d59bf4946b/analysis/1530145410/", "category": "Payload delivery", "uuid": "43da92cd-7f9a-490a-8f79-790dac363237" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/62", "category": "Payload delivery", "uuid": "dfd8a8d3-258f-4e62-a6c7-1beb7d03aee6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--88d0599b-6cd5-4a20-bc0f-20f7e3884c62", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "pattern": "[file:hashes.MD5 = 'e2bc41199a703833a6e4cef25b1a3493' AND file:hashes.SHA1 = '61db53263305a19c67c86291ad91aa8a3f1fda6c' AND file:hashes.SHA256 = '3a5ddb598e20ca7dfa79a9682751322a869695c500bdfb0c91c8e2ffb02cd6da']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--09999b9f-0371-488d-ac20-fd35bb5876f2", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-30 00:23:10", "category": "Other", "uuid": "f574e94b-9740-4974-bc27-7c9357ecfdcb" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3a5ddb598e20ca7dfa79a9682751322a869695c500bdfb0c91c8e2ffb02cd6da/analysis/1530318190/", "category": "Payload delivery", "uuid": "be5ebf42-a397-40e6-9cde-888672290fad" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/59", "category": "Payload delivery", "uuid": "c10ed715-d14a-4d49-8c10-a50e8010bf7d" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--48e2f409-5348-4ced-b30b-158e53f3d0db", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "pattern": "[file:hashes.MD5 = '78fd32b454a66ed8e945e091d3b403d6' AND file:hashes.SHA1 = 'f8cccfe36520b8154a20a801d7d931800613575d' AND file:hashes.SHA256 = '4d74b31907745ba0715d356e7854389830e519f5051878485c4be8779bb55736']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--01251890-fba9-46cb-9a6e-aef9caf1e169", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2019-03-19 10:03:37", "category": "Other", "uuid": "7af7c9c5-2149-468c-8a03-201aabc44e05" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/4d74b31907745ba0715d356e7854389830e519f5051878485c4be8779bb55736/analysis/1552989817/", "category": "Payload delivery", "uuid": "78578bcd-c1cf-456f-8350-5af5739576d8" }, { "type": "text", "object_relation": "detection-ratio", "value": "30/58", "category": "Payload delivery", "uuid": "ac561bcb-7c08-4964-830a-5c44edf23c8e" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0b905bfe-ab69-4e5e-b622-992b80399025", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:39.000Z", "modified": "2019-03-27T12:17:39.000Z", "pattern": "[file:hashes.MD5 = '5e64925054bca30c176025f31feaa356' AND file:hashes.SHA1 = '9c0be92b82c130cd95039024c9145231396a2714' AND file:hashes.SHA256 = '3e47f075b9d0b2eb840b8bbd49017ffb743f9973c274ec04b4db209af73300d6']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d77cfe3b-6bb5-4575-ad9b-d61f81915468", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:19:07", "category": "Other", "uuid": "6dfca490-d81b-4c69-bc51-64e0488ef119" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/3e47f075b9d0b2eb840b8bbd49017ffb743f9973c274ec04b4db209af73300d6/analysis/1530145147/", "category": "Payload delivery", "uuid": "4cb1358a-02bc-4189-9fbf-fd59338997ad" }, { "type": "text", "object_relation": "detection-ratio", "value": "36/63", "category": "Payload delivery", "uuid": "0c8a994e-8b44-4fb3-97e0-760b759fd438" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28783d4f-45a8-4fbe-be77-ffe4efd9ed79", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "pattern": "[file:hashes.MD5 = 'c6203cf8895830df2845d4517a580b6b' AND file:hashes.SHA1 = 'ca25aa07266669a6eb581bf3f87fca486f9ce0ef' AND file:hashes.SHA256 = 'a7c9cfa4ad14b0b9f907db0a1bef626327e1348515a4ae61a20387d6ec8fea78']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--be178841-563d-4a56-bae7-a3697e9089fc", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-07-30 15:31:46", "category": "Other", "uuid": "cf6b0341-2947-4dac-8259-6b8b3abe288d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/a7c9cfa4ad14b0b9f907db0a1bef626327e1348515a4ae61a20387d6ec8fea78/analysis/1532964706/", "category": "Payload delivery", "uuid": "308a3034-f6f4-4db6-bdb9-11880ffc277e" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/61", "category": "Payload delivery", "uuid": "d0c22a30-8036-4f78-9190-fafd844f1711" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--42d6118d-c5e5-4228-9715-459d795be3d5", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "pattern": "[file:hashes.MD5 = 'e886a9a2d62ac2eebc2822fde7fd8b5c' AND file:hashes.SHA1 = '3c5eaa5742ffb913e5dd83503b66c34e7157dc8d' AND file:hashes.SHA256 = '05ea7239e4df91e7ffd57fba8cc81751836d03fa7c2c4aa1913739f023b046f0']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--f3886734-574c-4d19-a9bf-cf32a298640b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-30 00:25:31", "category": "Other", "uuid": "bf334823-f675-4114-8ddd-eb968700f549" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/05ea7239e4df91e7ffd57fba8cc81751836d03fa7c2c4aa1913739f023b046f0/analysis/1530318331/", "category": "Payload delivery", "uuid": "c146da75-928a-41a9-b562-764720f249fb" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/58", "category": "Payload delivery", "uuid": "efe4e745-15c9-4df4-adf5-383010884ab6" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--28fea41d-1585-41c1-81d9-2bed8addb3dd", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "pattern": "[file:hashes.MD5 = '53185e1673a00c577cdaa013013ea08d' AND file:hashes.SHA1 = '89d728636574847f48484f0b0b3a7ea9aee4b04d' AND file:hashes.SHA256 = 'bb0c8992c9eb052934c7f341a6b7992f8bb01c078865c4e562fd9b84637c1e1b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--517ba780-62b4-4f69-ab78-268ff60ba619", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:17:31", "category": "Other", "uuid": "6c42aa63-10b3-47ff-966e-a9ed8eff515d" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/bb0c8992c9eb052934c7f341a6b7992f8bb01c078865c4e562fd9b84637c1e1b/analysis/1530145051/", "category": "Payload delivery", "uuid": "7d759e72-41b4-44dc-a834-3601ab33fcdc" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/63", "category": "Payload delivery", "uuid": "3803b585-bc38-4fdb-9e18-e0a0b79df275" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--d8dd3d7e-8a2c-4299-aeaf-575f0883a6db", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "pattern": "[file:hashes.MD5 = '329d3ca4d54ea906655a498e5479fa8e' AND file:hashes.SHA1 = 'f019916e1a2e6d7886597a4497a6cd304361bdbe' AND file:hashes.SHA256 = '0d0490d2844726314b7569827013d0555af242dd32b7e36ff5e28da3982a4f88']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--9515ed0b-2b92-4226-9e66-897a967e5836", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:12:23", "category": "Other", "uuid": "9112bdbe-15db-4bd3-b4f5-d96c4a40b423" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/0d0490d2844726314b7569827013d0555af242dd32b7e36ff5e28da3982a4f88/analysis/1530144743/", "category": "Payload delivery", "uuid": "1b10f6ad-ff42-4db3-9697-43b01f882f35" }, { "type": "text", "object_relation": "detection-ratio", "value": "39/63", "category": "Payload delivery", "uuid": "3832fcdb-dbd2-46f2-a001-c25e33a90f90" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--205d63fb-7676-4ef1-8bab-547ed5120bca", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "pattern": "[file:hashes.MD5 = '7e646920afa80664d8ccbbba476280d9' AND file:hashes.SHA1 = '10e7d6fb4ed122b0690684a2c80057c275bfcd22' AND file:hashes.SHA256 = '307f1b6eae57b6475b4436568774f0b23aa370a1a48f3b991af9c9b336733630']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--d46a3784-5b8c-4d3d-9ca1-c4707774c607", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:40.000Z", "modified": "2019-03-27T12:17:40.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:23:19", "category": "Other", "uuid": "3fc9f342-2374-4c7a-a0e1-c534651b7592" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/307f1b6eae57b6475b4436568774f0b23aa370a1a48f3b991af9c9b336733630/analysis/1530145399/", "category": "Payload delivery", "uuid": "2100616f-bbb9-4cf1-9cba-f6c2fe5bf83a" }, { "type": "text", "object_relation": "detection-ratio", "value": "35/59", "category": "Payload delivery", "uuid": "db26311c-7eba-4f19-9d64-2bc6f2376971" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--b4ecec0d-f83e-48aa-a503-17c4f19d5eba", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "pattern": "[file:hashes.MD5 = '0d41f9bfa7b19ad72c5efe9b8e7ca75f' AND file:hashes.SHA1 = 'a1aaaebe7ccb3674b0b18b5d3e842562e72a5766' AND file:hashes.SHA256 = '58391ca1e3001311efe9fba1c05c15a2b1a7e5026e0f7b642a929a8fed25b187']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2019-03-27T12:17:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "x-misp-object", "spec_version": "2.1", "id": "x-misp-object--e408196c-b99e-4c41-860a-70a9a92f4854", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "labels": [ "misp:name=\"virustotal-report\"", "misp:meta-category=\"misc\"" ], "x_misp_attributes": [ { "type": "datetime", "object_relation": "last-submission", "value": "2018-06-28 00:06:38", "category": "Other", "uuid": "5bf3eefc-e69e-490c-bd0b-a023d5221b23" }, { "type": "link", "object_relation": "permalink", "value": "https://www.virustotal.com/file/58391ca1e3001311efe9fba1c05c15a2b1a7e5026e0f7b642a929a8fed25b187/analysis/1530144398/", "category": "Payload delivery", "uuid": "231e62cf-a41c-4dcb-9b0f-dd378a69d8c9" }, { "type": "text", "object_relation": "detection-ratio", "value": "37/63", "category": "Payload delivery", "uuid": "1eae565a-1e89-4f63-8522-c12d9a7c25c9" } ], "x_misp_meta_category": "misc", "x_misp_name": "virustotal-report" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--448eff2f-4f44-4d84-90e6-6b62b3ecfa18", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9f7d8819-3d8a-408b-a2e2-1c567a72a326", "target_ref": "x-misp-object--74ce551d-b3c7-4489-891b-9bb420fb6276" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--da3a615d-ce24-4074-99c8-33c78e254eea", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--126ad6b0-f4b8-457c-8d48-9e4ee46162c9", "target_ref": "x-misp-object--1f22ffe1-7948-4b1e-8d3a-1a77e8471f8c" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--04c492a7-b9ea-4e7b-a0b4-9b449a844d5e", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9484a796-e5ef-4046-8d57-606eb714dc29", "target_ref": "x-misp-object--a593cf8a-7c7e-455a-8bcb-5ad677a458d7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8f2c9e6d-5f3a-43d3-a050-782637fe5194", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--caaced19-acae-40d4-9fb2-d07ead24a799", "target_ref": "x-misp-object--a3d75b8e-253d-4f2e-ba8c-63da524edce2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--20500800-1593-4e43-bf35-5838bd11b389", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--431e8d26-a3bb-4287-a762-4f53842fc5e7", "target_ref": "x-misp-object--f29f6d28-1558-4169-8999-bd1c9642f404" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0cf9a452-fd27-496b-987d-026a1495d183", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--a2bae36c-99aa-470b-92f8-8a56fb411fa6", "target_ref": "x-misp-object--1cbf8ea2-a375-4be9-9fde-125385db9c8f" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--614418c7-a765-4824-bc20-a07c6bbc4802", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9fbc8b1a-89d4-483e-b052-b99cfedd6875", "target_ref": "x-misp-object--d238b22a-5bad-42f4-9c46-0ed532cf269d" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--999367ff-a282-42ff-ba41-f76f9a0324d9", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--9f13df2b-b613-4785-9056-1c2a274ca947", "target_ref": "x-misp-object--102efbb1-1732-487f-a636-5c36fed361f7" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a17f00fb-8a17-4bf1-9a51-b287981501d4", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--485cf634-0b1d-42c0-a31c-fb18e81e0af5", "target_ref": "x-misp-object--d4ce5e52-b6cf-40ff-bc26-cd25ffcfde97" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1d4bafb6-1036-43dd-b8f3-134b756704c2", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--88d0599b-6cd5-4a20-bc0f-20f7e3884c62", "target_ref": "x-misp-object--09999b9f-0371-488d-ac20-fd35bb5876f2" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ba8035a1-6b99-4605-aab9-adeb7f9f7b8b", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--48e2f409-5348-4ced-b30b-158e53f3d0db", "target_ref": "x-misp-object--01251890-fba9-46cb-9a6e-aef9caf1e169" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--aece340b-426e-4eee-99d6-6289c7a44c75", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--0b905bfe-ab69-4e5e-b622-992b80399025", "target_ref": "x-misp-object--d77cfe3b-6bb5-4575-ad9b-d61f81915468" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--13f143f0-be30-4e17-b023-fa06dc2a43de", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--28783d4f-45a8-4fbe-be77-ffe4efd9ed79", "target_ref": "x-misp-object--be178841-563d-4a56-bae7-a3697e9089fc" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0bfa9431-cd8c-4872-b48a-495bb817b70f", "created": "2019-03-27T12:17:41.000Z", "modified": "2019-03-27T12:17:41.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--42d6118d-c5e5-4228-9715-459d795be3d5", "target_ref": "x-misp-object--f3886734-574c-4d19-a9bf-cf32a298640b" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--8f0c3211-951d-4cdc-b0ae-fd4be93e0a62", "created": "2019-03-27T12:17:42.000Z", "modified": "2019-03-27T12:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--28fea41d-1585-41c1-81d9-2bed8addb3dd", "target_ref": "x-misp-object--517ba780-62b4-4f69-ab78-268ff60ba619" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--5c58b6cb-0ba6-44a0-9cc0-a1ee0c3cb714", "created": "2019-03-27T12:17:42.000Z", "modified": "2019-03-27T12:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--d8dd3d7e-8a2c-4299-aeaf-575f0883a6db", "target_ref": "x-misp-object--9515ed0b-2b92-4226-9e66-897a967e5836" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--ce45ba5d-c45a-4d19-85bb-ac021438da1c", "created": "2019-03-27T12:17:42.000Z", "modified": "2019-03-27T12:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--205d63fb-7676-4ef1-8bab-547ed5120bca", "target_ref": "x-misp-object--d46a3784-5b8c-4d3d-9ca1-c4707774c607" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--d94fb1f7-f362-49f3-8953-488cda33e992", "created": "2019-03-27T12:17:42.000Z", "modified": "2019-03-27T12:17:42.000Z", "relationship_type": "analysed-with", "source_ref": "indicator--b4ecec0d-f83e-48aa-a503-17c4f19d5eba", "target_ref": "x-misp-object--e408196c-b99e-4c41-860a-70a9a92f4854" }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }