{ "type": "bundle", "id": "bundle--5603c00a-e4d0-42e1-a0b7-85ab950d210b", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:30:40.000Z", "modified": "2015-09-24T09:30:40.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "report", "spec_version": "2.1", "id": "report--5603c00a-e4d0-42e1-a0b7-85ab950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:30:40.000Z", "modified": "2015-09-24T09:30:40.000Z", "name": "OSINT - Guaranteed Clicks: Mobile App Company Takes Control of Android Phones", "published": "2015-09-24T09:31:59Z", "object_refs": [ "observed-data--5603c021-4ca0-4fa9-8839-85ab950d210b", "url--5603c021-4ca0-4fa9-8839-85ab950d210b", "indicator--5603c0fa-1ad4-434c-af63-960e950d210b", "indicator--5603c0fb-5eb8-4e97-8f67-960e950d210b", "indicator--5603c0fb-d66c-440d-84c7-960e950d210b", "indicator--5603c0fb-7db4-4dc4-8278-960e950d210b", "indicator--5603c0fc-8798-4437-a81f-960e950d210b", "indicator--5603c0fc-5294-45ec-a43f-960e950d210b", "indicator--5603c0fd-dfc4-4c7d-b420-960e950d210b", "indicator--5603c0fd-08a8-47b6-be19-960e950d210b", "indicator--5603c0fe-0004-4fb9-ad04-960e950d210b", "indicator--5603c0fe-726c-47b5-83a7-960e950d210b", "indicator--5603c115-6914-4c2c-9b78-937a950d210b", "indicator--5603c115-cad4-48b9-8da4-937a950d210b", "observed-data--5603c115-5d84-4823-a75f-937a950d210b", "url--5603c115-5d84-4823-a75f-937a950d210b", "indicator--5603c116-4ec8-4426-b62f-937a950d210b", "indicator--5603c116-e0a0-474c-bfbd-937a950d210b", "observed-data--5603c116-3ea4-4cdd-b173-937a950d210b", "url--5603c116-3ea4-4cdd-b173-937a950d210b", "indicator--5603c117-ef18-4a50-9f3c-937a950d210b", "indicator--5603c117-ec1c-45cb-946e-937a950d210b", "observed-data--5603c118-d910-4a0f-80ef-937a950d210b", "url--5603c118-d910-4a0f-80ef-937a950d210b", "indicator--5603c118-0cf0-44a1-83eb-937a950d210b", "indicator--5603c118-5814-449d-a196-937a950d210b", "observed-data--5603c119-0e04-41f2-9bbd-937a950d210b", "url--5603c119-0e04-41f2-9bbd-937a950d210b", "indicator--5603c119-c3cc-443f-a009-937a950d210b", "indicator--5603c119-4bd0-4ff5-87b4-937a950d210b", "observed-data--5603c11a-fcec-4fc2-a04e-937a950d210b", "url--5603c11a-fcec-4fc2-a04e-937a950d210b", "indicator--5603c11a-6914-4589-adaa-937a950d210b", "indicator--5603c11a-5c88-4d87-b3b6-937a950d210b", "observed-data--5603c11b-67e0-4c7a-ab1c-937a950d210b", "url--5603c11b-67e0-4c7a-ab1c-937a950d210b", "indicator--5603c11b-1080-4a87-8599-937a950d210b", "indicator--5603c11b-ed78-442e-b2ab-937a950d210b", "observed-data--5603c11c-2364-4b72-b9fd-937a950d210b", "url--5603c11c-2364-4b72-b9fd-937a950d210b", "indicator--5603c24f-ea00-471f-b2de-9393950d210b", "indicator--5603c2a9-8690-4bc7-8ad1-963b950d210b", "indicator--5603c2a9-fe84-4073-8397-963b950d210b", "indicator--5603c2aa-ad04-4e0f-80ad-963b950d210b", "indicator--5603c2aa-d9a4-40ab-80ea-963b950d210b", "indicator--5603c2c0-8d0c-4158-81a1-85a9950d210b" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "type:OSINT" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c021-4ca0-4fa9-8839-85ab950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:19:29.000Z", "modified": "2015-09-24T09:19:29.000Z", "first_observed": "2015-09-24T09:19:29Z", "last_observed": "2015-09-24T09:19:29Z", "number_observed": 1, "object_refs": [ "url--5603c021-4ca0-4fa9-8839-85ab950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c021-4ca0-4fa9-8839-85ab950d210b", "value": "https://www.fireeye.com/blog/threat-research/2015/09/guaranteed_clicksm.html" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fa-1ad4-434c-af63-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:06.000Z", "modified": "2015-09-24T09:23:06.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.locker.maboo.tow' AND file:hashes.SHA256 = '12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:06Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fb-5eb8-4e97-8f67-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:07.000Z", "modified": "2015-09-24T09:23:07.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.tmdfkslakssspp111.ivityfffds1133' AND file:hashes.SHA256 = '8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fb-d66c-440d-84c7-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:07.000Z", "modified": "2015-09-24T09:23:07.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com1.xiaoao2.FruitSingle' AND file:hashes.SHA256 = 'd65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fb-7db4-4dc4-8278-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:07.000Z", "modified": "2015-09-24T09:23:07.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.mobilefish.pig.enpais' AND file:hashes.SHA256 = '3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:07Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fc-8798-4437-a81f-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:08.000Z", "modified": "2015-09-24T09:23:08.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.adad.flashlight' AND file:hashes.SHA256 = 'b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fc-5294-45ec-a43f-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:08.000Z", "modified": "2015-09-24T09:23:08.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.liuximnb.videokl2' AND file:hashes.SHA256 = '396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:08Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fd-dfc4-4c7d-b420-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:09.000Z", "modified": "2015-09-24T09:23:09.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.4puBX.Bu1q0' AND file:hashes.SHA256 = '98bdad683b0ae189ed0fa56fb1e147c93e96e085dff90565ee246a4f6c4e2850']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fd-08a8-47b6-be19-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:09.000Z", "modified": "2015-09-24T09:23:09.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.sQ1z7.JXhkN' AND file:hashes.SHA256 = 'f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:09Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fe-0004-4fb9-ad04-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:10.000Z", "modified": "2015-09-24T09:23:10.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.cg.wifienhancer' AND file:hashes.SHA256 = 'b3c3d131200369d1c28285010b99d591f9a9c0629b0ba9fedd1b4ffe0170cf4c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c0fe-726c-47b5-83a7-960e950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:10.000Z", "modified": "2015-09-24T09:23:10.000Z", "description": "Package name - samples", "pattern": "[file:name = 'com.BmiZX.p6l9v' AND file:hashes.SHA256 = '0a63ca301d97930eb8352c0772fb39015e4b89cd82e72391213ee82414e60cf8']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:10Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"filename|sha256\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c115-6914-4c2c-9b78-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:33.000Z", "modified": "2015-09-24T09:23:33.000Z", "description": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07", "pattern": "[file:hashes.SHA1 = 'd07f56b2f51dfbe8638f927dbf18edc4b9c74f3b']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c115-cad4-48b9-8da4-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:33.000Z", "modified": "2015-09-24T09:23:33.000Z", "description": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07", "pattern": "[file:hashes.MD5 = 'd407f8fd7369bb73fe87c99ee4b86f18']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c115-5d84-4823-a75f-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:33.000Z", "modified": "2015-09-24T09:23:33.000Z", "first_observed": "2015-09-24T09:23:33Z", "last_observed": "2015-09-24T09:23:33Z", "number_observed": 1, "object_refs": [ "url--5603c115-5d84-4823-a75f-937a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c115-5d84-4823-a75f-937a950d210b", "value": "https://www.virustotal.com/file/f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07/analysis/1443012182/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c116-4ec8-4426-b62f-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:34.000Z", "modified": "2015-09-24T09:23:34.000Z", "description": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713", "pattern": "[file:hashes.SHA1 = '7f29a5012107aebf89cb00b792540791df32fd75']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c116-e0a0-474c-bfbd-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:34.000Z", "modified": "2015-09-24T09:23:34.000Z", "description": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713", "pattern": "[file:hashes.MD5 = 'a4431ef1d9a275a39831fac2d255fb9c']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c116-3ea4-4cdd-b173-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:34.000Z", "modified": "2015-09-24T09:23:34.000Z", "first_observed": "2015-09-24T09:23:34Z", "last_observed": "2015-09-24T09:23:34Z", "number_observed": 1, "object_refs": [ "url--5603c116-3ea4-4cdd-b173-937a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c116-3ea4-4cdd-b173-937a950d210b", "value": "https://www.virustotal.com/file/396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713/analysis/1443012179/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c117-ef18-4a50-9f3c-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:35.000Z", "modified": "2015-09-24T09:23:35.000Z", "description": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58", "pattern": "[file:hashes.SHA1 = 'ada4466924a7fb08dbe2a7650f2d0e789b984284']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c117-ec1c-45cb-946e-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:35.000Z", "modified": "2015-09-24T09:23:35.000Z", "description": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58", "pattern": "[file:hashes.MD5 = '3788d40651151f0fcf441b7fceaf7f2a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c118-d910-4a0f-80ef-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:36.000Z", "modified": "2015-09-24T09:23:36.000Z", "first_observed": "2015-09-24T09:23:36Z", "last_observed": "2015-09-24T09:23:36Z", "number_observed": 1, "object_refs": [ "url--5603c118-d910-4a0f-80ef-937a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c118-d910-4a0f-80ef-937a950d210b", "value": "https://www.virustotal.com/file/b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58/analysis/1442581837/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c118-0cf0-44a1-83eb-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:36.000Z", "modified": "2015-09-24T09:23:36.000Z", "description": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e", "pattern": "[file:hashes.SHA1 = 'c97cbc54f0a0f313092f1a2a33dd2850974cd3cd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c118-5814-449d-a196-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:36.000Z", "modified": "2015-09-24T09:23:36.000Z", "description": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e", "pattern": "[file:hashes.MD5 = '8c5ff2b37657fe28bcbc6b6eac0165fd']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:36Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c119-0e04-41f2-9bbd-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:37.000Z", "modified": "2015-09-24T09:23:37.000Z", "first_observed": "2015-09-24T09:23:37Z", "last_observed": "2015-09-24T09:23:37Z", "number_observed": 1, "object_refs": [ "url--5603c119-0e04-41f2-9bbd-937a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c119-0e04-41f2-9bbd-937a950d210b", "value": "https://www.virustotal.com/file/3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e/analysis/1443012180/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c119-c3cc-443f-a009-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:37.000Z", "modified": "2015-09-24T09:23:37.000Z", "description": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7", "pattern": "[file:hashes.SHA1 = '5bd07c5b8c8e1b8c7d62b525b1d98ef7efaa3ac7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c119-4bd0-4ff5-87b4-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:37.000Z", "modified": "2015-09-24T09:23:37.000Z", "description": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7", "pattern": "[file:hashes.MD5 = '396ca4c3594c705d3289ad8e59a995d7']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c11a-fcec-4fc2-a04e-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:38.000Z", "modified": "2015-09-24T09:23:38.000Z", "first_observed": "2015-09-24T09:23:38Z", "last_observed": "2015-09-24T09:23:38Z", "number_observed": 1, "object_refs": [ "url--5603c11a-fcec-4fc2-a04e-937a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c11a-fcec-4fc2-a04e-937a950d210b", "value": "https://www.virustotal.com/file/d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7/analysis/1443012179/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c11a-6914-4589-adaa-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:38.000Z", "modified": "2015-09-24T09:23:38.000Z", "description": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553", "pattern": "[file:hashes.SHA1 = '7be4297d98b41a5974af610351b58c677f364125']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c11a-5c88-4d87-b3b6-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:38.000Z", "modified": "2015-09-24T09:23:38.000Z", "description": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553", "pattern": "[file:hashes.MD5 = '138d642a9c793ff54959812c376a0835']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c11b-67e0-4c7a-ab1c-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:39.000Z", "modified": "2015-09-24T09:23:39.000Z", "first_observed": "2015-09-24T09:23:39Z", "last_observed": "2015-09-24T09:23:39Z", "number_observed": 1, "object_refs": [ "url--5603c11b-67e0-4c7a-ab1c-937a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c11b-67e0-4c7a-ab1c-937a950d210b", "value": "https://www.virustotal.com/file/8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553/analysis/1443012180/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c11b-1080-4a87-8599-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:39.000Z", "modified": "2015-09-24T09:23:39.000Z", "description": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d", "pattern": "[file:hashes.SHA1 = 'ddce1aee88946f2312d5fbc56f4dd866a44fd6e2']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c11b-ed78-442e-b2ab-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:39.000Z", "modified": "2015-09-24T09:23:39.000Z", "description": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d", "pattern": "[file:hashes.MD5 = 'c9d2b9e3f7dd7e01612679f44b65462d']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:23:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload installation" } ], "labels": [ "misp:type=\"md5\"", "misp:category=\"Payload installation\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5603c11c-2364-4b72-b9fd-937a950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:23:40.000Z", "modified": "2015-09-24T09:23:40.000Z", "first_observed": "2015-09-24T09:23:40Z", "last_observed": "2015-09-24T09:23:40Z", "number_observed": 1, "object_refs": [ "url--5603c11c-2364-4b72-b9fd-937a950d210b" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5603c11c-2364-4b72-b9fd-937a950d210b", "value": "https://www.virustotal.com/file/12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d/analysis/1443012180/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c24f-ea00-471f-b2de-9393950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:28:47.000Z", "modified": "2015-09-24T09:28:47.000Z", "description": "it downloads an APK from the following URL and dynamically loads logic to execute", "pattern": "[url:value = 'http://down.onowcdn.com/onekeysdk/tr_new/rt_0907_129.apk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:28:47Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c2a9-8690-4bc7-8ad1-963b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:30:17.000Z", "modified": "2015-09-24T09:30:17.000Z", "pattern": "[domain-name:value = 'aedxdrcb.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:30:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c2a9-fe84-4073-8397-963b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:30:17.000Z", "modified": "2015-09-24T09:30:17.000Z", "pattern": "[domain-name:value = 'hdyfhpoi.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:30:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c2aa-ad04-4e0f-80ad-963b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:30:18.000Z", "modified": "2015-09-24T09:30:18.000Z", "pattern": "[domain-name:value = 'syllyq1n.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:30:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c2aa-d9a4-40ab-80ea-963b950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:30:18.000Z", "modified": "2015-09-24T09:30:18.000Z", "pattern": "[domain-name:value = 'wksnkys7.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:30:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"domain\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5603c2c0-8d0c-4158-81a1-85a9950d210b", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2015-09-24T09:30:40.000Z", "modified": "2015-09-24T09:30:40.000Z", "pattern": "[url:value = 'http://down.agacdn.com/onlyapk/coolbroser_2.2_release_yeahmobi_self_1.apk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2015-09-24T09:30:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }