2360 lines
No EOL
101 KiB
JSON
2360 lines
No EOL
101 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--58c64efa-2860-4f3d-a604-4007950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--58c64efa-2860-4f3d-a604-4007950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"name": "OSINT - Preinstalled Malware Targeting Mobile Users",
|
|
"published": "2017-03-13T09:47:02Z",
|
|
"object_refs": [
|
|
"indicator--58c65793-6518-45ec-a584-4407950d210f",
|
|
"indicator--58c65794-fcec-472b-93f4-4713950d210f",
|
|
"indicator--58c65795-cd0c-4387-a77e-4dab950d210f",
|
|
"indicator--58c65795-0660-4655-81ad-47bd950d210f",
|
|
"indicator--58c65796-5e24-4a35-b228-4a33950d210f",
|
|
"indicator--58c65797-b748-4567-801d-4265950d210f",
|
|
"indicator--58c65798-1d74-4e39-9092-45f0950d210f",
|
|
"indicator--58c65799-3420-4b10-8ded-45dd950d210f",
|
|
"indicator--58c6579a-7cf0-4896-8125-4860950d210f",
|
|
"indicator--58c6579a-be64-4337-a1fc-434f950d210f",
|
|
"indicator--58c6579b-6668-4b05-a5ad-4b96950d210f",
|
|
"indicator--58c6579c-db6c-40c4-86ac-481c950d210f",
|
|
"indicator--58c6579d-a18c-4501-a86b-4ae1950d210f",
|
|
"indicator--58c6579d-6b70-4249-8aaa-4b83950d210f",
|
|
"indicator--58c6579e-c630-4903-a0f7-42b1950d210f",
|
|
"indicator--58c6579f-8c08-4175-ad8f-40c0950d210f",
|
|
"indicator--58c657a0-d6f0-4cab-9114-438d950d210f",
|
|
"indicator--58c657a1-8434-4ec4-a52c-4517950d210f",
|
|
"indicator--58c657a2-694c-43e8-af85-44e0950d210f",
|
|
"indicator--58c657a3-0de0-44f1-9a69-4cb7950d210f",
|
|
"indicator--58c657a4-fd18-4687-baa0-4948950d210f",
|
|
"x-misp-attribute--58c65a08-4ee8-4909-958e-42da950d210f",
|
|
"x-misp-attribute--58c65a09-ab54-4168-ac3b-413c950d210f",
|
|
"x-misp-attribute--58c65a0a-c670-4477-82ec-4218950d210f",
|
|
"x-misp-attribute--58c65a0b-bbc0-4133-80d2-4f37950d210f",
|
|
"x-misp-attribute--58c65a0b-4c38-4b04-a8a7-4041950d210f",
|
|
"x-misp-attribute--58c65a0c-a568-4e4c-9d33-4b70950d210f",
|
|
"x-misp-attribute--58c65a0d-8848-4b06-bd97-41e3950d210f",
|
|
"x-misp-attribute--58c65a0e-eba4-4793-8b12-445d950d210f",
|
|
"x-misp-attribute--58c65a0f-580c-4d47-8f8e-48e9950d210f",
|
|
"x-misp-attribute--58c65a10-399c-4fd1-9f1d-4e4d950d210f",
|
|
"x-misp-attribute--58c65a11-a5bc-4a00-8e42-4d0b950d210f",
|
|
"x-misp-attribute--58c65a12-bff4-4cce-a75c-44e0950d210f",
|
|
"x-misp-attribute--58c65a13-a2d4-4be3-8525-4e98950d210f",
|
|
"x-misp-attribute--58c65a14-10dc-4bf3-85e9-4dad950d210f",
|
|
"x-misp-attribute--58c65a15-d7a4-44c7-9106-46dc950d210f",
|
|
"x-misp-attribute--58c65a15-f0f0-4df1-a35a-4b7b950d210f",
|
|
"x-misp-attribute--58c65a16-f5b4-44cc-ba41-4ada950d210f",
|
|
"x-misp-attribute--58c65a17-78f8-480a-9d4f-439a950d210f",
|
|
"x-misp-attribute--58c65a18-7de4-4678-be2c-4cdc950d210f",
|
|
"observed-data--58c65a64-da54-48d4-adc7-467d950d210f",
|
|
"url--58c65a64-da54-48d4-adc7-467d950d210f",
|
|
"x-misp-attribute--58c65ad0-36f0-4563-9f6d-4db8950d210f",
|
|
"indicator--58c667c9-d84c-4985-aac2-4b3e02de0b81",
|
|
"indicator--58c667ca-eec4-4131-a1ce-49e002de0b81",
|
|
"observed-data--58c667ca-da18-460d-8876-4e6702de0b81",
|
|
"url--58c667ca-da18-460d-8876-4e6702de0b81",
|
|
"indicator--58c667cb-7a5c-40e0-aab6-443002de0b81",
|
|
"indicator--58c667cc-1820-4f5b-aac6-4f8d02de0b81",
|
|
"observed-data--58c667cd-63cc-4eeb-b969-4dbe02de0b81",
|
|
"url--58c667cd-63cc-4eeb-b969-4dbe02de0b81",
|
|
"indicator--58c667ce-4488-4715-bf5d-4f5e02de0b81",
|
|
"indicator--58c667ce-73ec-4b39-8f9d-4bfd02de0b81",
|
|
"observed-data--58c667cf-37f0-4d8d-88f9-4b7302de0b81",
|
|
"url--58c667cf-37f0-4d8d-88f9-4b7302de0b81",
|
|
"indicator--58c667d0-7184-488c-9db2-414f02de0b81",
|
|
"indicator--58c667d1-3f1c-43c1-b8e2-471802de0b81",
|
|
"observed-data--58c667d2-51a4-4065-95e9-498302de0b81",
|
|
"url--58c667d2-51a4-4065-95e9-498302de0b81",
|
|
"indicator--58c667d3-ab38-411c-b6af-400602de0b81",
|
|
"indicator--58c667d4-986c-44b1-ba66-499202de0b81",
|
|
"observed-data--58c667d5-4a14-4d06-b213-4efb02de0b81",
|
|
"url--58c667d5-4a14-4d06-b213-4efb02de0b81",
|
|
"indicator--58c667d6-8cfc-43a7-ab2f-4f0c02de0b81",
|
|
"indicator--58c667d7-3b44-4db8-97e1-411102de0b81",
|
|
"observed-data--58c667d8-adf8-4d7e-8d5e-42f102de0b81",
|
|
"url--58c667d8-adf8-4d7e-8d5e-42f102de0b81",
|
|
"indicator--58c667d9-dce8-43d2-8d39-46be02de0b81",
|
|
"indicator--58c667da-a238-4863-8123-47e202de0b81",
|
|
"observed-data--58c667db-5510-499f-b2f4-4c7902de0b81",
|
|
"url--58c667db-5510-499f-b2f4-4c7902de0b81",
|
|
"indicator--58c667dc-03a4-4f7d-9798-44fc02de0b81",
|
|
"indicator--58c667dd-55cc-4f36-8cfe-406002de0b81",
|
|
"observed-data--58c667de-883c-4fbe-b76e-458902de0b81",
|
|
"url--58c667de-883c-4fbe-b76e-458902de0b81",
|
|
"indicator--58c667de-a078-4225-9eed-491902de0b81",
|
|
"indicator--58c667df-5748-41ea-bced-4ef202de0b81",
|
|
"observed-data--58c667e0-83cc-4fcd-9192-494b02de0b81",
|
|
"url--58c667e0-83cc-4fcd-9192-494b02de0b81",
|
|
"indicator--58c667e1-7638-45ea-9040-456402de0b81",
|
|
"indicator--58c667e2-0814-4906-acb8-4aec02de0b81",
|
|
"observed-data--58c667e3-e460-48ff-bda2-495b02de0b81",
|
|
"url--58c667e3-e460-48ff-bda2-495b02de0b81",
|
|
"indicator--58c667e4-f1b4-4a30-8765-4eba02de0b81",
|
|
"indicator--58c667e5-0d08-4d9d-8c5f-42cf02de0b81",
|
|
"observed-data--58c667e6-d8ec-4d05-8479-411902de0b81",
|
|
"url--58c667e6-d8ec-4d05-8479-411902de0b81",
|
|
"indicator--58c667e7-1e4c-4f0f-85d1-42c602de0b81",
|
|
"indicator--58c667e8-c510-432d-bb0d-405e02de0b81",
|
|
"observed-data--58c667e8-9bf0-423a-ba65-419e02de0b81",
|
|
"url--58c667e8-9bf0-423a-ba65-419e02de0b81",
|
|
"indicator--58c667e9-b4dc-4980-a0e8-4f5702de0b81",
|
|
"indicator--58c667ea-ebfc-4691-a8b1-4ca902de0b81",
|
|
"observed-data--58c667eb-6630-48a6-a79a-468502de0b81",
|
|
"url--58c667eb-6630-48a6-a79a-468502de0b81",
|
|
"indicator--58c667ec-23dc-44d1-a5d2-445902de0b81",
|
|
"indicator--58c667ed-8674-4e8b-92a2-4d3902de0b81",
|
|
"observed-data--58c667ed-328c-4051-b185-40ff02de0b81",
|
|
"url--58c667ed-328c-4051-b185-40ff02de0b81",
|
|
"indicator--58c667ee-16fc-4590-a78d-4c2d02de0b81",
|
|
"indicator--58c667ef-f09c-4237-bddb-40c202de0b81",
|
|
"observed-data--58c667f0-4a5c-48d2-bde8-41ac02de0b81",
|
|
"url--58c667f0-4a5c-48d2-bde8-41ac02de0b81",
|
|
"indicator--58c667f1-a538-4f33-975f-4c2002de0b81",
|
|
"indicator--58c667f2-4514-484b-869a-4c4c02de0b81",
|
|
"observed-data--58c667f2-7368-4486-acc5-4ec202de0b81",
|
|
"url--58c667f2-7368-4486-acc5-4ec202de0b81",
|
|
"indicator--58c667f3-5014-41b1-9401-45ab02de0b81",
|
|
"indicator--58c667f4-cb6c-4173-a9b5-4fb002de0b81",
|
|
"observed-data--58c667f5-ade4-4fab-9dc6-474e02de0b81",
|
|
"url--58c667f5-ade4-4fab-9dc6-474e02de0b81",
|
|
"indicator--58c667f6-cc18-4ce4-a920-44a002de0b81",
|
|
"indicator--58c667f6-a658-4cd4-872b-47af02de0b81",
|
|
"observed-data--58c667f7-944c-438a-8882-4c7702de0b81",
|
|
"url--58c667f7-944c-438a-8882-4c7702de0b81",
|
|
"indicator--58c667f8-0860-4789-9e1f-45d302de0b81",
|
|
"indicator--58c667f9-6640-4312-9d9c-4b1802de0b81",
|
|
"observed-data--58c667fa-f83c-4ee4-8605-428b02de0b81",
|
|
"url--58c667fa-f83c-4ee4-8605-428b02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65793-6518-45ec-a584-4407950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"description": "com.fone.player1",
|
|
"pattern": "[file:hashes.SHA256 = '3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65794-fcec-472b-93f4-4713950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"description": "com.lu.compass",
|
|
"pattern": "[file:hashes.SHA256 = 'f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65795-cd0c-4387-a77e-4dab950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65795-0660-4655-81ad-47bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65796-5e24-4a35-b228-4a33950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65797-b748-4567-801d-4265950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65798-1d74-4e39-9092-45f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c65799-3420-4b10-8ded-45dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579a-7cf0-4896-8125-4860950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579a-be64-4337-a1fc-434f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579b-6668-4b05-a5ad-4b96950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '947574e790b1370e2a6b5f4738c8411c63bdca09a7455dd9297215bd161cd591']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579c-db6c-40c4-86ac-481c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579d-a18c-4501-a86b-4ae1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579d-6b70-4249-8aaa-4b83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579e-c630-4903-a0f7-42b1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c6579f-8c08-4175-ad8f-40c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c657a0-d6f0-4cab-9114-438d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c657a1-8434-4ec4-a52c-4517950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c4eac5d13e58fb7d32a123105683a293f70456ffe43bb640a50fde22fe1334a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c657a2-694c-43e8-af85-44e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c657a3-0de0-44f1-9a69-4cb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c657a4-fd18-4687-baa0-4948950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:34:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a08-4ee8-4909-958e-42da950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.fone.player1"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a09-ab54-4168-ac3b-413c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.lu.compass"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a0a-c670-4477-82ec-4218950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.kandian.hdtogoapp"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a0b-bbc0-4133-80d2-4f37950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.sds.android.ttpod"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a0b-4c38-4b04-a8a7-4041950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.baycode.mop"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a0c-a568-4e4c-9d33-4b70950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.iflytek.ringdiyclient"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a0d-8848-4b06-bd97-41e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.android.deketv"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a0e-eba4-4793-8b12-445d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.changba"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a0f-580c-4d47-8f8e-48e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.example.loader"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a10-399c-4fd1-9f1d-4e4d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.armorforandroid.security"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a11-a5bc-4a00-8e42-4d0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.android.ys.services"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a12-bff4-4cce-a75c-44e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.mobogenie.daemon"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a13-a2d4-4be3-8525-4e98950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.google.googlesearch"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a14-10dc-4bf3-85e9-4dad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.skymobi.mopoplay.appstore"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a15-d7a4-44c7-9106-46dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.yongfu.wenjianjiaguanli"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a15-f0f0-4df1-a35a-4b7b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "air.fyzb3"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a16-f5b4-44cc-ba41-4ada950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.ddev.downloader.v2"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a17-78f8-480a-9d4f-439a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.mojang.minecraftpe"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65a18-7de4-4678-be2c-4cdc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"mobile-application-id\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Payload delivery",
|
|
"x_misp_type": "mobile-application-id",
|
|
"x_misp_value": "com.androidhelper.sdk"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c65a64-da54-48d4-adc7-467d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"first_observed": "2017-03-13T09:34:24Z",
|
|
"last_observed": "2017-03-13T09:34:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c65a64-da54-48d4-adc7-467d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c65a64-da54-48d4-adc7-467d950d210f",
|
|
"value": "http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--58c65ad0-36f0-4563-9f6d-4db8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:34:24.000Z",
|
|
"modified": "2017-03-13T09:34:24.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "The Check Point Mobile Threat Prevention has recently detected a severe infection in 38 Android devices, belonging to a large telecommunications company and a multinational technology company. While this is not unusual, one detail of the attacks stands out. In all instances, the malware was not downloaded to the device as a result of the users\u00e2\u20ac\u2122 use, it arrived with it.\r\n\r\nAccording to the findings, the malware were already present on the devices even before the users received them. The malicious apps were not part of the official ROM supplied by the vendor, and were added somewhere along the supply chain. Six of the malware instances were added by a malicious actor to the device\u00e2\u20ac\u2122s ROM using system privileges, meaning they couldn\u00e2\u20ac\u2122t be removed by the user and the device had to be re-flashed.\r\n\r\nBelow are two examples of the malware installation. The research team was able to determine when the manufacturer finished installing the system applications on the device, when the malware was installed, and when the user first received the device."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667c9-d84c-4985-aac2-4b3e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:05.000Z",
|
|
"modified": "2017-03-13T09:35:05.000Z",
|
|
"description": "- Xchecked via VT: b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750",
|
|
"pattern": "[file:hashes.SHA1 = '4d1d840eedfb9bcfc481457f64dc5ac8644cca00']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ca-eec4-4131-a1ce-49e002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:06.000Z",
|
|
"modified": "2017-03-13T09:35:06.000Z",
|
|
"description": "- Xchecked via VT: b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750",
|
|
"pattern": "[file:hashes.MD5 = '4a3a7b03c0d0460ed8c5beff5c20683c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667ca-da18-460d-8876-4e6702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:06.000Z",
|
|
"modified": "2017-03-13T09:35:06.000Z",
|
|
"first_observed": "2017-03-13T09:35:06Z",
|
|
"last_observed": "2017-03-13T09:35:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667ca-da18-460d-8876-4e6702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667ca-da18-460d-8876-4e6702de0b81",
|
|
"value": "https://www.virustotal.com/file/b0f6d2fc8176356124e502426d7aa7448490556ef68a2f31a78f4dd8af9d1750/analysis/1489193915/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667cb-7a5c-40e0-aab6-443002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:07.000Z",
|
|
"modified": "2017-03-13T09:35:07.000Z",
|
|
"description": "- Xchecked via VT: fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429",
|
|
"pattern": "[file:hashes.SHA1 = '9c73e87bf6d952384dbd07e443e60e3e9f89d6f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667cc-1820-4f5b-aac6-4f8d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:08.000Z",
|
|
"modified": "2017-03-13T09:35:08.000Z",
|
|
"description": "- Xchecked via VT: fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429",
|
|
"pattern": "[file:hashes.MD5 = '7fff1e78089eb387b6adfa595385b2c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667cd-63cc-4eeb-b969-4dbe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:09.000Z",
|
|
"modified": "2017-03-13T09:35:09.000Z",
|
|
"first_observed": "2017-03-13T09:35:09Z",
|
|
"last_observed": "2017-03-13T09:35:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667cd-63cc-4eeb-b969-4dbe02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667cd-63cc-4eeb-b969-4dbe02de0b81",
|
|
"value": "https://www.virustotal.com/file/fbe9c495f86a291a0abe67ad36712475ff0674d319334dbd7a2c3aa10ff0f429/analysis/1489193914/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ce-4488-4715-bf5d-4f5e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:10.000Z",
|
|
"modified": "2017-03-13T09:35:10.000Z",
|
|
"description": "- Xchecked via VT: 92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f",
|
|
"pattern": "[file:hashes.SHA1 = '76b2129426eecf9c3d9c29e27224768e6ad4ca34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ce-73ec-4b39-8f9d-4bfd02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:10.000Z",
|
|
"modified": "2017-03-13T09:35:10.000Z",
|
|
"description": "- Xchecked via VT: 92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f",
|
|
"pattern": "[file:hashes.MD5 = '1aac52b7d55f4c1c03c85ed067bf69d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667cf-37f0-4d8d-88f9-4b7302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:11.000Z",
|
|
"modified": "2017-03-13T09:35:11.000Z",
|
|
"first_observed": "2017-03-13T09:35:11Z",
|
|
"last_observed": "2017-03-13T09:35:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667cf-37f0-4d8d-88f9-4b7302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667cf-37f0-4d8d-88f9-4b7302de0b81",
|
|
"value": "https://www.virustotal.com/file/92ae2083a8495cc5b0a0a82f0bdeb53877170d2615ce93bd8081172af9e60f8f/analysis/1489193914/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667d0-7184-488c-9db2-414f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:12.000Z",
|
|
"modified": "2017-03-13T09:35:12.000Z",
|
|
"description": "- Xchecked via VT: e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d",
|
|
"pattern": "[file:hashes.SHA1 = '41a6c329fece92290cfc4b4b8da85dc4f9cc9de3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667d1-3f1c-43c1-b8e2-471802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:13.000Z",
|
|
"modified": "2017-03-13T09:35:13.000Z",
|
|
"description": "- Xchecked via VT: e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d",
|
|
"pattern": "[file:hashes.MD5 = '51c328fccf1a8b4925054136ccdb1cda']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667d2-51a4-4065-95e9-498302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:14.000Z",
|
|
"modified": "2017-03-13T09:35:14.000Z",
|
|
"first_observed": "2017-03-13T09:35:14Z",
|
|
"last_observed": "2017-03-13T09:35:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667d2-51a4-4065-95e9-498302de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667d2-51a4-4065-95e9-498302de0b81",
|
|
"value": "https://www.virustotal.com/file/e5656c1d96158ee7e1a94f08bca1213686a05266e37fb2efb5443b84250ea29d/analysis/1489193913/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667d3-ab38-411c-b6af-400602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:15.000Z",
|
|
"modified": "2017-03-13T09:35:15.000Z",
|
|
"description": "- Xchecked via VT: 1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e",
|
|
"pattern": "[file:hashes.SHA1 = 'f1de6e5751b4ce8dfc5b21b2ad3b70d7a25001d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667d4-986c-44b1-ba66-499202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:16.000Z",
|
|
"modified": "2017-03-13T09:35:16.000Z",
|
|
"description": "- Xchecked via VT: 1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e",
|
|
"pattern": "[file:hashes.MD5 = '4e91ff9ac7e3e349b5b9fe36fb505cb4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667d5-4a14-4d06-b213-4efb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:17.000Z",
|
|
"modified": "2017-03-13T09:35:17.000Z",
|
|
"first_observed": "2017-03-13T09:35:17Z",
|
|
"last_observed": "2017-03-13T09:35:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667d5-4a14-4d06-b213-4efb02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667d5-4a14-4d06-b213-4efb02de0b81",
|
|
"value": "https://www.virustotal.com/file/1cb5a37bd866e92b993ecbbcc4a2478c717eeb93839049ef0953b0c6ba89434e/analysis/1489193912/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667d6-8cfc-43a7-ab2f-4f0c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:18.000Z",
|
|
"modified": "2017-03-13T09:35:18.000Z",
|
|
"description": "- Xchecked via VT: 3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be",
|
|
"pattern": "[file:hashes.SHA1 = 'c8014051ccd71ee4f2497bf0dbb1978d7ce812e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667d7-3b44-4db8-97e1-411102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:19.000Z",
|
|
"modified": "2017-03-13T09:35:19.000Z",
|
|
"description": "- Xchecked via VT: 3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be",
|
|
"pattern": "[file:hashes.MD5 = '59b62f8bc982b31d5e0411c74dbe0897']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667d8-adf8-4d7e-8d5e-42f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:20.000Z",
|
|
"modified": "2017-03-13T09:35:20.000Z",
|
|
"first_observed": "2017-03-13T09:35:20Z",
|
|
"last_observed": "2017-03-13T09:35:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667d8-adf8-4d7e-8d5e-42f102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667d8-adf8-4d7e-8d5e-42f102de0b81",
|
|
"value": "https://www.virustotal.com/file/3032bb3d90eea6de2ba58ac7ceddead702cc3aeca7792b27508e540f0d1a60be/analysis/1489193911/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667d9-dce8-43d2-8d39-46be02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:21.000Z",
|
|
"modified": "2017-03-13T09:35:21.000Z",
|
|
"description": "- Xchecked via VT: 217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4",
|
|
"pattern": "[file:hashes.SHA1 = '5843a3c3ddb8d392df55b4905145d7fb398e546b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667da-a238-4863-8123-47e202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:22.000Z",
|
|
"modified": "2017-03-13T09:35:22.000Z",
|
|
"description": "- Xchecked via VT: 217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4",
|
|
"pattern": "[file:hashes.MD5 = '379ec59048488fdb74376c4ffa00d1be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667db-5510-499f-b2f4-4c7902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:23.000Z",
|
|
"modified": "2017-03-13T09:35:23.000Z",
|
|
"first_observed": "2017-03-13T09:35:23Z",
|
|
"last_observed": "2017-03-13T09:35:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667db-5510-499f-b2f4-4c7902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667db-5510-499f-b2f4-4c7902de0b81",
|
|
"value": "https://www.virustotal.com/file/217eee3a83f33b658fb03fddfadd0e2eb34781d5dd243203da21f6cb335ef1b4/analysis/1489193910/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667dc-03a4-4f7d-9798-44fc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:24.000Z",
|
|
"modified": "2017-03-13T09:35:24.000Z",
|
|
"description": "- Xchecked via VT: 0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b",
|
|
"pattern": "[file:hashes.SHA1 = '408f051ae5ccb844cc630e6178bb8643bbc2513b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667dd-55cc-4f36-8cfe-406002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:25.000Z",
|
|
"modified": "2017-03-13T09:35:25.000Z",
|
|
"description": "- Xchecked via VT: 0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b",
|
|
"pattern": "[file:hashes.MD5 = '944850ee0b7fc774c055a2233478bb0f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667de-883c-4fbe-b76e-458902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:26.000Z",
|
|
"modified": "2017-03-13T09:35:26.000Z",
|
|
"first_observed": "2017-03-13T09:35:26Z",
|
|
"last_observed": "2017-03-13T09:35:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667de-883c-4fbe-b76e-458902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667de-883c-4fbe-b76e-458902de0b81",
|
|
"value": "https://www.virustotal.com/file/0038f450d7f1df75bf5890cf22299b0c99cc0bea8d66e6d25528cb01992a436b/analysis/1489376984/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667de-a078-4225-9eed-491902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:26.000Z",
|
|
"modified": "2017-03-13T09:35:26.000Z",
|
|
"description": "- Xchecked via VT: 0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778",
|
|
"pattern": "[file:hashes.SHA1 = '5212c5266e251dec4a3fc45407a8b06ce41b52b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667df-5748-41ea-bced-4ef202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:27.000Z",
|
|
"modified": "2017-03-13T09:35:27.000Z",
|
|
"description": "- Xchecked via VT: 0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778",
|
|
"pattern": "[file:hashes.MD5 = '60806c69e0f4643609dcdf127c8e7ef5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667e0-83cc-4fcd-9192-494b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:28.000Z",
|
|
"modified": "2017-03-13T09:35:28.000Z",
|
|
"first_observed": "2017-03-13T09:35:28Z",
|
|
"last_observed": "2017-03-13T09:35:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667e0-83cc-4fcd-9192-494b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667e0-83cc-4fcd-9192-494b02de0b81",
|
|
"value": "https://www.virustotal.com/file/0d8bf3cf5b58d9ba280f093430259538b6340b24e805058f3d85381d215ca778/analysis/1489193909/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667e1-7638-45ea-9040-456402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:29.000Z",
|
|
"modified": "2017-03-13T09:35:29.000Z",
|
|
"description": "- Xchecked via VT: e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff",
|
|
"pattern": "[file:hashes.SHA1 = '02cc4cd5fbe40983ce084b9fa92d75c1d3da4954']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667e2-0814-4906-acb8-4aec02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:30.000Z",
|
|
"modified": "2017-03-13T09:35:30.000Z",
|
|
"description": "- Xchecked via VT: e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff",
|
|
"pattern": "[file:hashes.MD5 = 'f48122e9f4333ba3bb77fac869043420']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667e3-e460-48ff-bda2-495b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:31.000Z",
|
|
"modified": "2017-03-13T09:35:31.000Z",
|
|
"first_observed": "2017-03-13T09:35:31Z",
|
|
"last_observed": "2017-03-13T09:35:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667e3-e460-48ff-bda2-495b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667e3-e460-48ff-bda2-495b02de0b81",
|
|
"value": "https://www.virustotal.com/file/e4e97090e9fd6cc3d321cee5799efd1806b5d8a9dea7c4872044057eb1c486ff/analysis/1489193909/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667e4-f1b4-4a30-8765-4eba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:32.000Z",
|
|
"modified": "2017-03-13T09:35:32.000Z",
|
|
"description": "- Xchecked via VT: a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1",
|
|
"pattern": "[file:hashes.SHA1 = '3751ebbcdaf63d3036460a390370664996ef4e7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667e5-0d08-4d9d-8c5f-42cf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:33.000Z",
|
|
"modified": "2017-03-13T09:35:33.000Z",
|
|
"description": "- Xchecked via VT: a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1",
|
|
"pattern": "[file:hashes.MD5 = '9ed38abb335f0101f55ad20bde8468dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667e6-d8ec-4d05-8479-411902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:34.000Z",
|
|
"modified": "2017-03-13T09:35:34.000Z",
|
|
"first_observed": "2017-03-13T09:35:34Z",
|
|
"last_observed": "2017-03-13T09:35:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667e6-d8ec-4d05-8479-411902de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667e6-d8ec-4d05-8479-411902de0b81",
|
|
"value": "https://www.virustotal.com/file/a07745f05913e122ec19eba9848af6dfda88533d67b7ec17d11c1562245cbed1/analysis/1489193908/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667e7-1e4c-4f0f-85d1-42c602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:35.000Z",
|
|
"modified": "2017-03-13T09:35:35.000Z",
|
|
"description": "- Xchecked via VT: 01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a",
|
|
"pattern": "[file:hashes.SHA1 = '7eb75fba47da4c5b4624a083d11cd80536c48c8d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667e8-c510-432d-bb0d-405e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:36.000Z",
|
|
"modified": "2017-03-13T09:35:36.000Z",
|
|
"description": "- Xchecked via VT: 01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a",
|
|
"pattern": "[file:hashes.MD5 = 'fcbb243294bb87b039f113352a8db158']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667e8-9bf0-423a-ba65-419e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:36.000Z",
|
|
"modified": "2017-03-13T09:35:36.000Z",
|
|
"first_observed": "2017-03-13T09:35:36Z",
|
|
"last_observed": "2017-03-13T09:35:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667e8-9bf0-423a-ba65-419e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667e8-9bf0-423a-ba65-419e02de0b81",
|
|
"value": "https://www.virustotal.com/file/01b8cb51464b07775ff5f45207d26d8d9f4a3b6863c110b56076b446bda03a8a/analysis/1489193907/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667e9-b4dc-4980-a0e8-4f5702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:37.000Z",
|
|
"modified": "2017-03-13T09:35:37.000Z",
|
|
"description": "- Xchecked via VT: e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b",
|
|
"pattern": "[file:hashes.SHA1 = '0845ad3fb76ae29372211368827e1c023b0b83ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ea-ebfc-4691-a8b1-4ca902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:38.000Z",
|
|
"modified": "2017-03-13T09:35:38.000Z",
|
|
"description": "- Xchecked via VT: e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b",
|
|
"pattern": "[file:hashes.MD5 = '0e987ba8da76f93e8e541150d08e2045']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667eb-6630-48a6-a79a-468502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:39.000Z",
|
|
"modified": "2017-03-13T09:35:39.000Z",
|
|
"first_observed": "2017-03-13T09:35:39Z",
|
|
"last_observed": "2017-03-13T09:35:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667eb-6630-48a6-a79a-468502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667eb-6630-48a6-a79a-468502de0b81",
|
|
"value": "https://www.virustotal.com/file/e9a30767e69dccb1b980eae42601dff857a394c7abdfe93a18e8739fa218d14b/analysis/1489370659/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ec-23dc-44d1-a5d2-445902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:40.000Z",
|
|
"modified": "2017-03-13T09:35:40.000Z",
|
|
"description": "- Xchecked via VT: 998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea",
|
|
"pattern": "[file:hashes.SHA1 = '99a077ac5ed849f0c568ad05ac2fb5e8aa7b1a07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ed-8674-4e8b-92a2-4d3902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:41.000Z",
|
|
"modified": "2017-03-13T09:35:41.000Z",
|
|
"description": "- Xchecked via VT: 998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea",
|
|
"pattern": "[file:hashes.MD5 = '4d904a24f8f4c52726eb340b329731dd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667ed-328c-4051-b185-40ff02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:41.000Z",
|
|
"modified": "2017-03-13T09:35:41.000Z",
|
|
"first_observed": "2017-03-13T09:35:41Z",
|
|
"last_observed": "2017-03-13T09:35:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667ed-328c-4051-b185-40ff02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667ed-328c-4051-b185-40ff02de0b81",
|
|
"value": "https://www.virustotal.com/file/998ab3d91cbc4f1b02ea6095f833bfed9d4f610eea83c51c56ce9979a2469aea/analysis/1489193906/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ee-16fc-4590-a78d-4c2d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:42.000Z",
|
|
"modified": "2017-03-13T09:35:42.000Z",
|
|
"description": "- Xchecked via VT: 39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1",
|
|
"pattern": "[file:hashes.SHA1 = '3468577e251f23950b05b18cee2dbf06b3a4887d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667ef-f09c-4237-bddb-40c202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:43.000Z",
|
|
"modified": "2017-03-13T09:35:43.000Z",
|
|
"description": "- Xchecked via VT: 39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1",
|
|
"pattern": "[file:hashes.MD5 = '629da296cba945662e436bbe10a5cdaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667f0-4a5c-48d2-bde8-41ac02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:44.000Z",
|
|
"modified": "2017-03-13T09:35:44.000Z",
|
|
"first_observed": "2017-03-13T09:35:44Z",
|
|
"last_observed": "2017-03-13T09:35:44Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667f0-4a5c-48d2-bde8-41ac02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667f0-4a5c-48d2-bde8-41ac02de0b81",
|
|
"value": "https://www.virustotal.com/file/39c6bab80cc157bfe540bdee9ce2440b3b363e830bc7adaab9fc37075fb26fb1/analysis/1489193905/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f1-a538-4f33-975f-4c2002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:45.000Z",
|
|
"modified": "2017-03-13T09:35:45.000Z",
|
|
"description": "- Xchecked via VT: 936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b",
|
|
"pattern": "[file:hashes.SHA1 = '20f0ddd13c1bbdef8062f878b6a467b933496fa5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f2-4514-484b-869a-4c4c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:46.000Z",
|
|
"modified": "2017-03-13T09:35:46.000Z",
|
|
"description": "- Xchecked via VT: 936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b",
|
|
"pattern": "[file:hashes.MD5 = 'd5f5480a7b29ffd51c718b63d1ffa165']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667f2-7368-4486-acc5-4ec202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:46.000Z",
|
|
"modified": "2017-03-13T09:35:46.000Z",
|
|
"first_observed": "2017-03-13T09:35:46Z",
|
|
"last_observed": "2017-03-13T09:35:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667f2-7368-4486-acc5-4ec202de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667f2-7368-4486-acc5-4ec202de0b81",
|
|
"value": "https://www.virustotal.com/file/936e7af60845c4a90b8ce033734da67d080b4f4f0ca9c319755c4a179d54bf1b/analysis/1489193905/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f3-5014-41b1-9401-45ab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:47.000Z",
|
|
"modified": "2017-03-13T09:35:47.000Z",
|
|
"description": "- Xchecked via VT: b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b",
|
|
"pattern": "[file:hashes.SHA1 = 'e71933f29d8d2a2cf4fdefd9a056b23e8d6028a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f4-cb6c-4173-a9b5-4fb002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:48.000Z",
|
|
"modified": "2017-03-13T09:35:48.000Z",
|
|
"description": "- Xchecked via VT: b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b",
|
|
"pattern": "[file:hashes.MD5 = '660638f5212ef61891090200c354a6d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667f5-ade4-4fab-9dc6-474e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:49.000Z",
|
|
"modified": "2017-03-13T09:35:49.000Z",
|
|
"first_observed": "2017-03-13T09:35:49Z",
|
|
"last_observed": "2017-03-13T09:35:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667f5-ade4-4fab-9dc6-474e02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667f5-ade4-4fab-9dc6-474e02de0b81",
|
|
"value": "https://www.virustotal.com/file/b4e70118905659cd9b2c948ce59eba2c4431149d8eb8f043796806262d9a625b/analysis/1489193904/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f6-cc18-4ce4-a920-44a002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:50.000Z",
|
|
"modified": "2017-03-13T09:35:50.000Z",
|
|
"description": "com.lu.compass - Xchecked via VT: f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c",
|
|
"pattern": "[file:hashes.SHA1 = '13542eec9b7704bbaf7302210bfde52e6523b440']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f6-a658-4cd4-872b-47af02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:50.000Z",
|
|
"modified": "2017-03-13T09:35:50.000Z",
|
|
"description": "com.lu.compass - Xchecked via VT: f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c",
|
|
"pattern": "[file:hashes.MD5 = '3f188b9aa8f739ee0ed572992a21b118']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667f7-944c-438a-8882-4c7702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:51.000Z",
|
|
"modified": "2017-03-13T09:35:51.000Z",
|
|
"first_observed": "2017-03-13T09:35:51Z",
|
|
"last_observed": "2017-03-13T09:35:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667f7-944c-438a-8882-4c7702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667f7-944c-438a-8882-4c7702de0b81",
|
|
"value": "https://www.virustotal.com/file/f901fd1fc2ce079a18c619e1192b14dcc164c97da3286031ee542dabe0b4cd8c/analysis/1489193903/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f8-0860-4789-9e1f-45d302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:52.000Z",
|
|
"modified": "2017-03-13T09:35:52.000Z",
|
|
"description": "com.fone.player1 - Xchecked via VT: 3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f",
|
|
"pattern": "[file:hashes.SHA1 = '9b35e4c31a55031cfae0d2f7a6c12625f0a296cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--58c667f9-6640-4312-9d9c-4b1802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:53.000Z",
|
|
"modified": "2017-03-13T09:35:53.000Z",
|
|
"description": "com.fone.player1 - Xchecked via VT: 3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f",
|
|
"pattern": "[file:hashes.MD5 = '41b1f607f153a28a67629617d3fe1007']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-03-13T09:35:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--58c667fa-f83c-4ee4-8605-428b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-03-13T09:35:54.000Z",
|
|
"modified": "2017-03-13T09:35:54.000Z",
|
|
"first_observed": "2017-03-13T09:35:54Z",
|
|
"last_observed": "2017-03-13T09:35:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--58c667fa-f83c-4ee4-8605-428b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--58c667fa-f83c-4ee4-8605-428b02de0b81",
|
|
"value": "https://www.virustotal.com/file/3d99f490802f767201e8d507def4360319ce12ddf46765ca1b1168d64041f20f/analysis/1489193903/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |