5293 lines
No EOL
231 KiB
JSON
5293 lines
No EOL
231 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--599e9484-8cc4-4fe3-aa60-b71d950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:13:29.000Z",
|
|
"modified": "2017-08-24T09:13:29.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--599e9484-8cc4-4fe3-aa60-b71d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:13:29.000Z",
|
|
"modified": "2017-08-24T09:13:29.000Z",
|
|
"name": "OSINT - Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"observed-data--599e949c-d55c-4e54-adec-4655950d210f",
|
|
"url--599e949c-d55c-4e54-adec-4655950d210f",
|
|
"observed-data--599e949c-8180-4774-aa40-4841950d210f",
|
|
"url--599e949c-8180-4774-aa40-4841950d210f",
|
|
"x-misp-attribute--599e95b3-8300-44d2-b0fa-4436950d210f",
|
|
"indicator--599e979a-1d14-4556-8794-d47e950d210f",
|
|
"indicator--599e979a-ccc8-4b44-808d-d47e950d210f",
|
|
"indicator--599e979a-568c-4779-9b69-d47e950d210f",
|
|
"indicator--599e979a-efb0-4b3b-bf12-d47e950d210f",
|
|
"indicator--599e979a-1b74-413c-8656-d47e950d210f",
|
|
"indicator--599e979a-7448-4612-aa9b-d47e950d210f",
|
|
"indicator--599e979a-bb24-413c-8048-d47e950d210f",
|
|
"indicator--599e979a-e770-4d21-97c6-d47e950d210f",
|
|
"indicator--599e979a-32c0-4674-8a02-d47e950d210f",
|
|
"indicator--599e979a-1384-4a77-996b-d47e950d210f",
|
|
"indicator--599e979a-30f8-42bb-a236-d47e950d210f",
|
|
"indicator--599e979a-3f70-469e-af4d-d47e950d210f",
|
|
"indicator--599e979a-7c64-49f8-a365-d47e950d210f",
|
|
"indicator--599e979a-fdb4-4d09-b31e-d47e950d210f",
|
|
"indicator--599e979a-9b64-403f-8f96-d47e950d210f",
|
|
"indicator--599e979a-2eac-43bc-afdf-d47e950d210f",
|
|
"indicator--599e979a-8d9c-4cba-8bed-d47e950d210f",
|
|
"indicator--599e979a-a448-48bf-bf59-d47e950d210f",
|
|
"indicator--599e979a-1210-45cd-91f7-d47e950d210f",
|
|
"indicator--599e979a-ce5c-4ff2-af25-d47e950d210f",
|
|
"indicator--599e979a-176c-46bb-8a23-d47e950d210f",
|
|
"indicator--599e979a-a628-423c-bbe6-d47e950d210f",
|
|
"indicator--599e979a-2350-466f-aa13-d47e950d210f",
|
|
"indicator--599e979a-8b60-4e8c-bede-d47e950d210f",
|
|
"indicator--599e979a-9014-472e-a39d-d47e950d210f",
|
|
"indicator--599e979a-745c-444a-bd84-d47e950d210f",
|
|
"indicator--599e979a-1e70-4e98-af41-d47e950d210f",
|
|
"indicator--599e979a-65f0-46af-b5e6-d47e950d210f",
|
|
"indicator--599e979a-50dc-44e8-ab9a-d47e950d210f",
|
|
"indicator--599e979a-faf0-45ac-a00b-d47e950d210f",
|
|
"indicator--599e979a-3484-4a9a-8910-d47e950d210f",
|
|
"indicator--599e979a-0c70-44f7-aad7-d47e950d210f",
|
|
"indicator--599e979a-5c48-4b9b-9e8a-d47e950d210f",
|
|
"indicator--599e979a-d2cc-4446-9d71-d47e950d210f",
|
|
"indicator--599e979a-75d8-4496-bb1d-d47e950d210f",
|
|
"indicator--599e979a-e8b4-497c-8532-d47e950d210f",
|
|
"indicator--599e979a-2094-4d00-bd0b-d47e950d210f",
|
|
"indicator--599e979a-fa90-47f3-aed6-d47e950d210f",
|
|
"indicator--599e979a-b22c-4040-8801-d47e950d210f",
|
|
"indicator--599e979a-b744-40bd-9a34-d47e950d210f",
|
|
"indicator--599e979a-1ae4-4e5f-8d71-d47e950d210f",
|
|
"indicator--599e979a-d3ac-4492-a737-d47e950d210f",
|
|
"indicator--599e979a-6370-40ed-8e36-d47e950d210f",
|
|
"indicator--599e979a-935c-412d-b406-d47e950d210f",
|
|
"indicator--599e979a-997c-4921-89a3-d47e950d210f",
|
|
"indicator--599e979a-8d64-4915-b047-d47e950d210f",
|
|
"indicator--599e979a-5a7c-45f4-a6a1-d47e950d210f",
|
|
"indicator--599e979a-3220-4f76-a149-d47e950d210f",
|
|
"indicator--599e979b-5878-4e55-ba4f-d47e950d210f",
|
|
"indicator--599e979b-c210-423f-a68f-d47e950d210f",
|
|
"indicator--599e979b-1010-4c20-a313-d47e950d210f",
|
|
"indicator--599e979b-6edc-47ef-a16a-d47e950d210f",
|
|
"indicator--599e979b-b700-4d17-8b3b-d47e950d210f",
|
|
"indicator--599e979b-a740-46fe-becb-d47e950d210f",
|
|
"indicator--599e979b-890c-4597-8cc9-d47e950d210f",
|
|
"indicator--599e979b-5274-46a5-b9e4-d47e950d210f",
|
|
"indicator--599e979b-e78c-4cbf-98f9-d47e950d210f",
|
|
"indicator--599e979b-a888-4628-9439-d47e950d210f",
|
|
"indicator--599e979b-61b4-4c87-8d70-d47e950d210f",
|
|
"indicator--599e979b-d238-477f-9fc5-d47e950d210f",
|
|
"indicator--599e979b-f438-43d7-a559-d47e950d210f",
|
|
"indicator--599e979b-25a4-478c-9187-d47e950d210f",
|
|
"indicator--599e979b-1d2c-4b69-a860-d47e950d210f",
|
|
"indicator--599e979b-2b14-4b0e-b856-d47e950d210f",
|
|
"indicator--599e979b-c5a4-4e3c-b379-d47e950d210f",
|
|
"indicator--599e979b-8ce0-4d59-b28f-d47e950d210f",
|
|
"indicator--599e979b-e77c-4ce3-b593-d47e950d210f",
|
|
"indicator--599e979b-c730-4c6b-b77c-d47e950d210f",
|
|
"indicator--599e979b-2e54-44f7-b0a9-d47e950d210f",
|
|
"indicator--599e979b-4690-46cc-80cd-d47e950d210f",
|
|
"indicator--599e979b-c0d8-44f1-8609-d47e950d210f",
|
|
"indicator--599e979b-0600-46dd-b86a-d47e950d210f",
|
|
"indicator--599e979b-51cc-4320-9666-d47e950d210f",
|
|
"indicator--599e979b-5c5c-4851-b8eb-d47e950d210f",
|
|
"indicator--599e979b-5d04-4c5a-ba1d-d47e950d210f",
|
|
"indicator--599e979b-ccc0-464b-ae09-d47e950d210f",
|
|
"indicator--599e979b-69a8-4372-8f5e-d47e950d210f",
|
|
"indicator--599e979b-3b70-4034-837b-d47e950d210f",
|
|
"indicator--599e979b-e3d0-47c5-b134-d47e950d210f",
|
|
"indicator--599e979b-8c30-4482-8d7a-d47e950d210f",
|
|
"indicator--599e979b-2360-4cd0-ba65-d47e950d210f",
|
|
"indicator--599e979b-caf8-4ba1-a751-d47e950d210f",
|
|
"indicator--599e979b-840c-48be-9031-d47e950d210f",
|
|
"indicator--599e979b-7d00-44b5-a600-d47e950d210f",
|
|
"indicator--599e979c-7840-429d-84ed-d47e950d210f",
|
|
"indicator--599e979c-cf68-4e34-8293-d47e950d210f",
|
|
"indicator--599e979c-17ec-4239-8d23-d47e950d210f",
|
|
"indicator--599e979c-2f90-49d2-95e4-d47e950d210f",
|
|
"indicator--599e979c-5700-492a-9bd2-d47e950d210f",
|
|
"indicator--599e979c-9ef4-45cb-aeae-d47e950d210f",
|
|
"indicator--599e979c-e72c-445a-b2bf-d47e950d210f",
|
|
"indicator--599e979c-ce00-4333-b83d-d47e950d210f",
|
|
"indicator--599e979c-0cc4-47aa-8a87-d47e950d210f",
|
|
"indicator--599e979c-2f28-4e9a-ac29-d47e950d210f",
|
|
"indicator--599e979c-44a8-41ae-bdef-d47e950d210f",
|
|
"indicator--599e979c-4ed4-478b-a717-d47e950d210f",
|
|
"indicator--599e979c-3ed4-4e0c-afbf-d47e950d210f",
|
|
"indicator--599e979c-0e18-4328-a62f-d47e950d210f",
|
|
"indicator--599e979c-3ef0-450f-8195-d47e950d210f",
|
|
"indicator--599e979c-ba24-4b43-a180-d47e950d210f",
|
|
"indicator--599e979c-5178-436b-ba32-d47e950d210f",
|
|
"indicator--599e979c-6014-4a93-998a-d47e950d210f",
|
|
"indicator--599e979c-23b0-47ea-80a8-d47e950d210f",
|
|
"indicator--599e979c-1c48-4f40-93b9-d47e950d210f",
|
|
"indicator--599e979c-2b00-4c2f-9fc6-d47e950d210f",
|
|
"indicator--599e979c-ed8c-4f80-bfa6-d47e950d210f",
|
|
"indicator--599e979c-53c4-446c-8154-d47e950d210f",
|
|
"indicator--599e979c-ca00-4e6c-b80d-d47e950d210f",
|
|
"indicator--599e979c-c594-485a-bd5c-d47e950d210f",
|
|
"indicator--599e979c-ced4-4edf-9032-d47e950d210f",
|
|
"indicator--599e979c-ba00-49dd-8b78-d47e950d210f",
|
|
"indicator--599e979c-a52c-4d9f-add8-d47e950d210f",
|
|
"indicator--599e979c-fee4-4581-9cdd-d47e950d210f",
|
|
"indicator--599e979c-958c-4854-80a0-d47e950d210f",
|
|
"indicator--599e979c-3210-48f8-9d37-d47e950d210f",
|
|
"indicator--599e979c-8074-4e1d-91b5-d47e950d210f",
|
|
"indicator--599e979c-39e0-4453-b332-d47e950d210f",
|
|
"indicator--599e979c-9140-4e18-8f38-d47e950d210f",
|
|
"indicator--599e979c-5944-4cb8-90d2-d47e950d210f",
|
|
"indicator--599e979c-937c-4b07-8f2d-d47e950d210f",
|
|
"indicator--599e979c-7ff8-491a-82f8-d47e950d210f",
|
|
"indicator--599e979c-3ad8-4978-b16d-d47e950d210f",
|
|
"indicator--599e979c-746c-479f-82ad-d47e950d210f",
|
|
"indicator--599e979c-ea8c-4d1a-8c73-d47e950d210f",
|
|
"indicator--599e979c-02ec-494e-b0ea-d47e950d210f",
|
|
"indicator--599e979c-5b5c-40ba-8be9-d47e950d210f",
|
|
"indicator--599e979c-c36c-4b60-89c9-d47e950d210f",
|
|
"indicator--599e979c-3d74-4d0c-afdb-d47e950d210f",
|
|
"indicator--599e979c-97d8-40fc-a274-d47e950d210f",
|
|
"indicator--599e979c-06f0-4e29-8a0b-d47e950d210f",
|
|
"indicator--599e979c-ffac-40c8-a67b-d47e950d210f",
|
|
"indicator--599e979c-aaac-4d3d-af6b-d47e950d210f",
|
|
"indicator--599e979c-246c-4a46-aff4-d47e950d210f",
|
|
"indicator--599e979c-4be4-40c7-986a-d47e950d210f",
|
|
"indicator--599e979c-0854-4eaf-be15-d47e950d210f",
|
|
"indicator--599e979c-6f38-431a-b7ad-d47e950d210f",
|
|
"indicator--599e979c-67d0-4252-ba50-d47e950d210f",
|
|
"indicator--599e979c-1f2c-4dd6-91f4-d47e950d210f",
|
|
"indicator--599e979c-4600-4772-bdab-d47e950d210f",
|
|
"indicator--599e979c-6d14-4042-89a4-d47e950d210f",
|
|
"indicator--599e979c-c498-4d19-9771-d47e950d210f",
|
|
"indicator--599e979c-0f38-48e7-a472-d47e950d210f",
|
|
"indicator--599e979c-efd8-4189-972d-d47e950d210f",
|
|
"indicator--599e979c-394c-431d-bb78-d47e950d210f",
|
|
"indicator--599e979c-6128-4133-9027-d47e950d210f",
|
|
"indicator--599e979c-d530-43f1-9cff-d47e950d210f",
|
|
"indicator--599e979c-e6c8-4522-ae13-d47e950d210f",
|
|
"indicator--599e979c-5f40-4cc0-b2cb-d47e950d210f",
|
|
"indicator--599e979c-0058-4dee-83bb-d47e950d210f",
|
|
"indicator--599e979c-a8dc-4ebf-a058-d47e950d210f",
|
|
"indicator--599e979c-38c4-463b-a22b-d47e950d210f",
|
|
"indicator--599e979c-a264-4b82-b01a-d47e950d210f",
|
|
"indicator--599e979c-ff20-4d42-b2ad-d47e950d210f",
|
|
"indicator--599e979c-c234-47b5-a1f3-d47e950d210f",
|
|
"indicator--599e979c-7ea4-4a67-a3ba-d47e950d210f",
|
|
"indicator--599e979c-0d60-4955-a3b3-d47e950d210f",
|
|
"indicator--599e979c-66fc-4d79-8678-d47e950d210f",
|
|
"indicator--599e979c-86c8-4faf-aea5-d47e950d210f",
|
|
"indicator--599e979c-e578-4289-a4dc-d47e950d210f",
|
|
"indicator--599e979c-8244-48b9-9234-d47e950d210f",
|
|
"indicator--599e979c-1bf0-4428-a078-d47e950d210f",
|
|
"indicator--599e979c-6244-4bd8-b6dc-d47e950d210f",
|
|
"indicator--599e979c-ac80-4b7c-b8a1-d47e950d210f",
|
|
"indicator--599e979c-ad4c-4044-8119-d47e950d210f",
|
|
"indicator--599e979c-b948-40ce-9c5c-d47e950d210f",
|
|
"indicator--599e979d-28d8-4c67-8fe0-d47e950d210f",
|
|
"indicator--599e979d-a444-4e56-977e-d47e950d210f",
|
|
"indicator--599e979d-b5f8-4b57-9488-d47e950d210f",
|
|
"indicator--599e979d-c15c-46a7-b9c7-d47e950d210f",
|
|
"indicator--599e979d-1630-416e-abda-d47e950d210f",
|
|
"indicator--599e979d-0fe4-4d83-a85e-d47e950d210f",
|
|
"indicator--599e979d-0a98-45c4-a0e4-d47e950d210f",
|
|
"indicator--599e979d-f204-4e73-826f-d47e950d210f",
|
|
"indicator--599e979d-ee24-441d-965b-d47e950d210f",
|
|
"indicator--599e979d-d5f4-4e55-84bc-d47e950d210f",
|
|
"indicator--599e979d-5724-43c8-a6f6-d47e950d210f",
|
|
"indicator--599e979d-d2c0-4f46-bea6-d47e950d210f",
|
|
"indicator--599e979d-b410-48a2-8576-d47e950d210f",
|
|
"indicator--599e979d-6a4c-4e22-a55d-d47e950d210f",
|
|
"indicator--599e979d-cc1c-4fbb-a5b6-d47e950d210f",
|
|
"indicator--599e979d-baf0-41c3-92fe-d47e950d210f",
|
|
"indicator--599e979d-88ac-4848-8c36-d47e950d210f",
|
|
"indicator--599e979d-2ed0-496c-8de6-d47e950d210f",
|
|
"indicator--599e979d-e6c8-4bf7-b33c-d47e950d210f",
|
|
"indicator--599e979d-92c8-4999-8e02-d47e950d210f",
|
|
"indicator--599e979d-6784-42b5-9e63-d47e950d210f",
|
|
"indicator--599e979d-4f80-4f07-bd23-d47e950d210f",
|
|
"indicator--599e979d-1f84-4d18-a6cc-d47e950d210f",
|
|
"indicator--599e979d-c03c-4272-8643-d47e950d210f",
|
|
"indicator--599e979d-3d8c-4c09-9435-d47e950d210f",
|
|
"indicator--599e979d-0578-4a4e-b313-d47e950d210f",
|
|
"indicator--599e979d-e624-46b2-821d-d47e950d210f",
|
|
"indicator--599e979d-7b24-4792-94de-d47e950d210f",
|
|
"indicator--599e979d-4d38-40d6-949f-d47e950d210f",
|
|
"indicator--599e979d-5a08-4abe-891d-d47e950d210f",
|
|
"indicator--599e979d-c628-4487-8429-d47e950d210f",
|
|
"indicator--599e979d-7010-4928-b96f-d47e950d210f",
|
|
"indicator--599e979d-5480-4f00-bb5e-d47e950d210f",
|
|
"indicator--599e979d-a8e4-4efb-95d7-d47e950d210f",
|
|
"indicator--599e979d-0340-4936-9a9d-d47e950d210f",
|
|
"indicator--599e979d-6c90-4afd-8693-d47e950d210f",
|
|
"indicator--599e979d-5f44-47b0-83ba-d47e950d210f",
|
|
"indicator--599e979d-43e0-4625-a55c-d47e950d210f",
|
|
"indicator--599e986a-d31c-4868-b0da-4a5c950d210f",
|
|
"indicator--599e986a-420c-4723-b5e7-48ae950d210f",
|
|
"indicator--599e986a-3e44-4ee7-b416-4fbd950d210f",
|
|
"indicator--599e986a-8bd0-4f3c-b26d-4a47950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:source-type=\"blog-post\"",
|
|
"ms-caro-malware-full:malware-type=\"Backdoor\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--599e949c-d55c-4e54-adec-4655950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T08:59:29.000Z",
|
|
"modified": "2017-08-24T08:59:29.000Z",
|
|
"first_observed": "2017-08-24T08:59:29Z",
|
|
"last_observed": "2017-08-24T08:59:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--599e949c-d55c-4e54-adec-4655950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--599e949c-d55c-4e54-adec-4655950d210f",
|
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-backdoor-ghostctrl-can-silently-record-your-audio-video-and-more/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--599e949c-8180-4774-aa40-4841950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T08:58:25.000Z",
|
|
"modified": "2017-08-24T08:58:25.000Z",
|
|
"first_observed": "2017-08-24T08:58:25Z",
|
|
"last_observed": "2017-08-24T08:58:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--599e949c-8180-4774-aa40-4841950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"technical-report\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--599e949c-8180-4774-aa40-4841950d210f",
|
|
"value": "https://documents.trendmicro.com/assets/Appendix-Android-Backdoor-GhostCtrl-can-Silently-Record-Your-Audio-Video-and-More.pdf"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--599e95b3-8300-44d2-b0fa-4436950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:00:35.000Z",
|
|
"modified": "2017-08-24T09:00:35.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought\u2014at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device.\r\n\r\nDetected by Trend Micro as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA, we\u2019ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device\u2019s functionalities."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-1d14-4556-8794-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'ef761f4819aa5ff14e14e05c49a49c9cd4f18df76bd51f1b8d33dc312213f6e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-ccc8-4b44-808d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '18bde9201d7470372b6e04db866c2ce1183c3ead0eb8c05ca6e93709655fcd9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-568c-4779-9b69-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd463c96c24839b763fb9def1dc33be1b217ea6ef77d84a7092a7cc0b4c8cea51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-efb0-4b3b-bf12-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '82a2bb72c1e3385fcc731ecbe1525fb1a5fbdf0abfa156cbae1606b0e597543e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-1b74-413c-8656-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '6dc7d5ca86b2c5794ab6c899fc17f3778a54d7de222ee9d6a50b90bb04921068']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-7448-4612-aa9b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b309d4f5bb3e61bba7048c19bec6773db94656c567404c960a20ce42f9d6f201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-bb24-413c-8048-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3117fb71a7bd141eb7d8975867e922635a705df5097c694ceca2e15578912516']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-e770-4d21-97c6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3b4d28060c14cfcb7ab9b83339b6b38f2e35de8b270ec0d454bcb5781b5ef2c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-32c0-4674-8a02-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9000c92fffd2ee53e8d52784b9c68892c543552c157c9fcff47213ca4b9972e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-1384-4a77-996b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f22b834f7b0feadd17f920262b6eda6a1edfbf494a065d48206f735a2372c147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-30f8-42bb-a236-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '212ab6673295089c24debaec557aafd14d2bcb40b55dd342798172b7874eed88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-3f70-469e-af4d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5818470b1970fbc87d3cd48fb3ceb50a8fb66df0dd17699d8bdce62ef4851e1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-7c64-49f8-a365-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0ae2f02395e5f618c0271d21305e664cce97a259b1332b880f2cd879373d2198']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-fdb4-4d09-b31e-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '2b49ef19cb51ea364fb71b2def46f145f38b01f915b55320d9dd5f763eaf8d61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-9b64-403f-8f96-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '56a064476acf1c675928da57d7325f42a5a1d2ed2a7890190e38a05f6689ee95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-2eac-43bc-afdf-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '7bdf98c910eef7b72acfce258791e1a78ce50d9d71ae4f450c29272d1ca9f07c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-8d9c-4cba-8bed-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f94008607e069f0c39f69061384af694af6418623904b4c67569b1e43a0410d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-a448-48bf-bf59-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9e413bfcb8f421a0916323028095014b13bee5dfd4bae753d0777f89bcc57145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-1210-45cd-91f7-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'c2877b6b49c5d8c5866bf763c45abf95095c37d241a2e098db7175415f18ae09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-ce5c-4ff2-af25-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '92d3fa65204213c046432d5e33bb4231c1035ee51d41082431d90ddcd93c51e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-176c-46bb-8a23-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b5f9ed7126d13bce244a362ce4adf77e53179dd26853e2c364d9d0db4d15183c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-a628-423c-bbe6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b688e2a7f2e299ac310c2e5f039a13c7d1049fd18595e5505821bea6c78ad88b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-2350-466f-aa13-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5808705a093158accefce5e062de766f7cdf117a83eaf8305b2e8c0a2518ee68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-8b60-4e8c-bede-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5e58bba9bc014472e3b2b23baa77aef5471b075236c6f6f9172e85234290bb00']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-9014-472e-a39d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'be10d01b539b4aa6adaef60d39835b05618797c61ecb7d9bab26ee9bec10bef9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-745c-444a-bd84-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9d82c42fda07a6f776f79bfbe9ed5103a1a8a4aae415cf7b55c1a8cb4041534f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-1e70-4e98-af41-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '43c9b78e31d4368b7c50d1e276992bd7d2bee52ca7fa2d9ed7db82f53bfeca28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-65f0-46af-b5e6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f52c2c0e3f4da0bc36431d0be6f760fac7553dcc531c143aa057cf388d5df044']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-50dc-44e8-ab9a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'dba32f04161897b73f9fcd4d3e4e6ec3e5506c221cfc34566cf72348d1a07688']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-faf0-45ac-a00b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e112000e34a82c5e3b8f1c27886be68120513cdb2d3dde257fe58814468b8e39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-3484-4a9a-8910-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5d71243013f838713e45db57e39f0617afc29729b7c7829a5f7f126a55187a91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-0c70-44f7-aad7-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b84014224b89b9ed455bb37a0d73fdc7110228f82232a04a1127a744d304b893']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-5c48-4b9b-9e8a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '241e8664db6622e0e7cdddbeac8d1e97eaf98c93d0723751568ad42a1a8ea948']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-d2cc-4446-9d71-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3e27a1e5ad9b9161d4f612d31eb26ca121bfabc0309dbd117d6431f73d95a443']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-75d8-4496-bb1d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5bd7e738bf8a39da211360c28dcd656d6b9eebce143f6594e11d62a75e6cf311']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-e8b4-497c-8532-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '87f5263c87b84735b6817872fb8cf0e312c9b7dc98b75dbaecf0ad163f87f07e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-2094-4d00-bd0b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd54e6dd782ae46f84a3f0ee9adc9fefe56d344858babe5cec3a083b90d4b0b54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-fa90-47f3-aed6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '73f88353c2c8836398f2b4d3ccd8a651eb0c06fec4dfe35459044e5cb77fd0d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-b22c-4040-8801-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b1043db6e77b6e88f353ffea26130a65fdb55b11ca7a86b1bf2724b16eb73497']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-b744-40bd-9a34-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '42829222012ec02ef94e7f78a67979d2bcde4e9f6f94d1bc3bff17f081687b19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-1ae4-4e5f-8d71-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0a0277695e4ccbcf54b459846ddc04b162ae81798c40d4bab3f41727ea663cc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-d3ac-4492-a737-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3f4096c71a3de0ee7dfecd260d071d02ceccaf7d724a8997b6106b2e56eddfaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-6370-40ed-8e36-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '4f82f043050918f184a6120143909332b39ef84b0a86a256c24128e6d80e7faf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-935c-412d-b406-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '55090b668dcf068ea652ee7505b6eebaa39c59054764e39544a27f3623279407']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-997c-4921-89a3-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd57e83380c79dbfed3b8cef0427fd120722dc474c0b079a3d7b8be6a1e547591']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-8d64-4915-b047-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '29a02bd886c674559aa17157a631bee0629f2aa50f64392ac2684378cf7c2ff0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-5a7c-45f4-a6a1-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'c75032da92eb544327bc658c4fe7fc0ee4030daf4c09f28730c12cc65ff8122a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979a-3220-4f76-a149-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:42.000Z",
|
|
"modified": "2017-08-24T09:08:42.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'ef67ed2919b86ae88081578652707f4b8a2121e6c5030a32ebe6d67cd629a465']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-5878-4e55-ba4f-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '4fea75702342729fac9a858b46e953605c1b6b22fd23beed0594c622ab02587a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-c210-423f-a68f-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '8772ab9f293b0e8af12a6f03cef3e59bfe8c8f33a19de29d0d43d479a347859a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-1010-4c20-a313-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '06ec556c379373b9a4947ecfc898b90176720bcafb7c5123ca0b1c42e4330284']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-6edc-47ef-a16a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'cf85e1603b1717e60700fa31f765e2c0933492b5dbe5ce3c32c3bfefcb89d011']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-b700-4d17-8b3b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'dc249b4a0c6719ae456b2c7d61867b9a5e8232e3c44e50e0469fecca2fabbe94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-a740-46fe-becb-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '006e5c51e27e5b84ca4d9966e3f40156b5642ccb0cd98a58cb0052b6ffbc748d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-890c-4597-8cc9-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '8a0fbf8c7c8c1cdfc7e0b277951a12db3f148ff737ef55522c3b9f9a2d3a9ec1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-5274-46a5-b9e4-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '48a0dae35c78780ac56d2601b4de2e89540995b4b960f6305d6db8ac1740ef68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-e78c-4cbf-98f9-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '23669806ba79cc48d1affc978ef2cc47a659275f6b8789ed560db4757b47505d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-a888-4628-9439-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e5fa7262cefba7dc6611719bd2730f252c3d8e45f07d6657f538b59b5b440f88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-61b4-4c87-8d70-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5a95c92f5239f037894bde7633d662d32ba14f7cc4836cc81d753770a03495cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-d238-477f-9fc5-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '1b41b69ff00fb86b29f750634ac4c0cebedb85245619ea5733f7566ac5484998']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-f438-43d7-a559-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'fb9ea01c46406d76207e6e0981580d52b60a5f49e32daeb5b4ded1dc9ec170e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-25a4-478c-9187-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '46d95b1681e6b21f3a6eff44892dc864bbfec2ffecd580634b946f2cc56ececa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-1d2c-4b69-a860-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0879ad90d6f9f1b955eac690addb91c01a034a087c198ba7cab3bb24576bb62f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-2b14-4b0e-b856-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd2cc6b7011966bd7b109af5390fbf89bdc82a55549028ea298ddc3d6e0ee86c1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-c5a4-4e3c-b379-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e7cadfe51df4df95bbf4e576514c77c7ef7400c2bfc23192d724a5661537d4cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-8ce0-4d59-b28f-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '4dfb2c77d881d37b2c05da7463f01bebd5bbe6ff3a8c2755670007fb05d6ac2b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-e77c-4ce3-b593-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '610da7d04b65489227ec188f1759431468432986e2f576e64854fa17d4b807c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-c730-4c6b-b77c-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '85cf48adb52efbd1e5be4a4a54bd17c0c65e6cfd38239693d403b2fb4b0901be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-2e54-44f7-b0a9-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e45db170cef67560b6444ed1296c16e59e0ba0c35272c46d6ff5c60999d36a44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-4690-46cc-80cd-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'fbf3f3441ed2ae726064439cd1e57f9d0771f99bd4965edf806085a4b62ca552']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-c0d8-44f1-8609-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '478d8ce51938a42831505354cc11f9bac22578eba23e0536b5a4a3381e41457b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-0600-46dd-b86a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '20fece0ee96070a1ab1fb3052416613d9e5c3c7814ea60659da842697c6c3b8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-51cc-4320-9666-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b29e02b0b7ec8030c4950a04d70e7e8dbf53d0f5e14139b1624c380dc50950ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-5c5c-4851-b8eb-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '4b092395f7dd8cf69d14933b5b1b83889635563c68bbcee5aa1bf7a336e077b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-5d04-4c5a-ba1d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9f1e23b954a9854559c0cb0902c04bcac7af4af40bcdbe36ad81052329f1aa3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-ccc0-464b-ae09-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '645f7c089732ae62d87d1e776eda893f7e6f8f1cef8f1d0b3e391b8d091da1a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-69a8-4372-8f5e-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '77cf7ac64b5ab5614c7d7beb428e548e57905567451ec22c2cb532693ec64c10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-3b70-4034-837b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0e2df79cc7cf1bc1f3d8f02a5d37c519dcf88bee4ac41f3259e25b65245cec42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-e3d0-47c5-b134-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'cdf42659e9a6c24013a57ebff557bf5255824592a2d68509a2f27391123312b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-8c30-4482-8d7a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '7fe44f1c122a2c7e3f1c32098f0addd1f17212c1ed96683698ff30aaa20f167d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-2360-4cd0-ba65-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '16e292be7af2b9d5993caa7cba0c6e9e7fbaaa348379f58cd305ff955ce06cbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-caf8-4ba1-a751-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '1f895972793ac5bc2d362ea160b0d1d6ad96880449d9dbd01e92f89808d07583']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-840c-48be-9031-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'a5b78f93e69e828e522b69cdf56b442dc45d28af1b8a6ce8e6c4e0a95234f0cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979b-7d00-44b5-a600-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:43.000Z",
|
|
"modified": "2017-08-24T09:08:43.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '29dad558fe387cc1706399f86b8d60fd74e9fb8e231cd693090a880240df1364']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-7840-429d-84ed-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'cdda4ba0249778984ef8e1fe711194cb6301bf436ca333e3dcbded551a5829f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-cf68-4e34-8293-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0dc9d4799c0c9a48081ecddb7d13ef04803deb1176fd104389f72983698592f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-17ec-4239-8d23-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'a4231f932fc9ee5d5b907e2d75243f00e6ebbfd3ecaab7b332f1b02352c2973a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-2f90-49d2-95e4-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0a77fd2470c4bc4ed40677cd5e0202f91d4d6931188d086b352773f0040d4a10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-5700-492a-9bd2-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '60c54b21e40daeb513b8db8029db96598f9dfbcd2fc98d2c1f417f62d734f2d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-9ef4-45cb-aeae-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0f3850d41204d2eff6f2a55cd6fec56db9c24e32455e6d46f2e8cc8522f4cee2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-e72c-445a-b2bf-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0334af2801dd7948fca93cb712e5cd34a2d1b3ea10d56a3df81b1a3a854e7741']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ce00-4333-b83d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e3b504aacacafd4d2de28e072506ab05a0fb98099bc6e10308eeca15853e46b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-0cc4-47aa-8a87-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'cf3a8e47c51009b143c5296bf7733e1399b92dc6a80dc218ce98a85ea6ff0d4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-2f28-4e9a-ac29-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '388c12765d2b91f13842711ab0356f3fa79f197653f726725df758876964d33a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-44a8-41ae-bdef-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b1523f50de02cd2fad54d62ab4a40333a60de8a6a55f94c2883ff1ffc4b1e118']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-4ed4-478b-a717-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'a77a77ab72f08b09d9af1cf2ef33b270b2012e1c94e6157c1ff8c1ad9d3daba5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-3ed4-4e0c-afbf-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'eadb5cfccf7f30af3f8db8dcc5c008f78488c3bec0db682767631f3c28132686']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-0e18-4328-a62f-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f9a45f1cdabd11c1ba5431c4552aa26a3c845f167ae71696ce9e7f15f8cf9348']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-3ef0-450f-8195-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'fa28b95b17c1eb01b7d18eaa302c9be50964a82bc92b10ef7bf13d9d11940ff5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ba24-4b43-a180-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f498b60ec551c5533d9e9691831c0123308348c5211cbaef4eb1bfb0d7433451']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-5178-436b-ba32-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b87620ded1a8c3a6d2190357cfb9152cf142bd6212c95104fb4094d78a6070a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-6014-4a93-998a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'eb22db82a7725737c492bc64850f9009beabe3bbdf1cf3755ca6fd3711b20656']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-23b0-47ea-80a8-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd87014fe2f96b9e765cdf49eb0b1f5bfc7b6e5bd454c5d6e7048db2e9f84a177']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-1c48-4f40-93b9-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3402fc1ba175097f73218e49648a2bdca9f95ba375eb1757fac9f3b47c96aaa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-2b00-4c2f-9fc6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9ca85c35c24350e980cec49a95e61d0086be642be43806782096da8e212546ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ed8c-4f80-bfa6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '1139b438ad6c415bacdd22ae2bea93227faf1b6af2434576c6577ee55dbe6c28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-53c4-446c-8154-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '8337202bb5d0aff3914cf4ec516c835618f9760ba2c2f6c921295732ac6ff01a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ca00-4e6c-b80d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'c1033a23c8dc51dbc1916a9fa7d721462cb5fd7f81ac9b0e8683b99a43ed5bdd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-c594-485a-bd5c-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '73e0e9213ea2970e33dfa71f51b6e10a25a559ac606b26fc204cf4fe321dbbe7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ced4-4edf-9032-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9e7ab8c98c6a38e90e6247e95ddf08ac939ac99a30e0627a8b56aefcff9d955e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ba00-49dd-8b78-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b3fe7703e4c5c97b8e88e9a3d48aae5554a1873e68528faf84a6fdc5ca0086f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-a52c-4d9f-add8-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '78e0d60c0e64a79e1cbee54e6173c9c625e68960ec0788d1921c3594754a63ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-fee4-4581-9cdd-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '2bb4a764b1ed4c85077b5969ff66605ed37167dcc5aa4d264044c353625c4bbf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-958c-4854-80a0-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '197b5a735047b400a7d51f906962eb7719e4ff22b8b5d4263a712aae747dd18b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-3210-48f8-9d37-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9a6ba83aa7cb4a7719601d4d9c9c3e5a4863fc5c3e18039767db925582dc01c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-8074-4e1d-91b5-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0ffa95941fc9e21c276db98a69af2b985ec9c72720d991f532acd2b779fffc6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-39e0-4453-b332-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'bd2234bdbe1ba4e314a9298e37cbcfca095ae33d7ea686c2490acb455f95be94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-9140-4e18-8f38-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '142c0d08f7208ba1464fb4d0a1aa67ad780337ad0a1e36402285741805b90c44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-5944-4cb8-90d2-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'baf0bb78b36206bb2685ef92ba611029b0acd2350e0ca32861418c1536baca65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-937c-4b07-8f2d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9490f36eaf6cac19e0f288bd19875080f53e2452ca79974917b3b951b4c87d3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-7ff8-491a-82f8-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '52801eda6947d89057123eb09c69e08fd43d62d1395b840c8d90458fba9758c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-3ad8-4978-b16d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '42398a332249a1b15692adde66a18a8c95c542ac7ecb25fff2374630465383c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-746c-479f-82ad-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '13a0d7648e3131e58b87d2372761425f5ee1a6ef520377e16c508b171b2a231b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ea8c-4d1a-8c73-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'a97c8cd8d6a574a0054a51ad03c463116412bc3134d48762d81774624fc9b5e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-02ec-494e-b0ea-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f02470a7212b3a0351a62add30435850260be11b6b547479e68e83b475b4dab0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-5b5c-40ba-8be9-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '784e01e44b8fbcad860bfa38e15d8b2e7ec4150eca6dc7e8558663d4c0e6278f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-c36c-4b60-89c9-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '63bf86334a5d8856b61778158adf2eac08cbc036f2cf1211d976043a8419c6e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-3d74-4d0c-afdb-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5eae6ff7984ab968cff0ff606f12dcffc12541f8c51f31da6f656ef670e4d9cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-97d8-40fc-a274-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b2efdd0625683cdfc97719d9bcec4d050908b3d364b7a0ee495b7c7fbe7ca22c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-06f0-4e29-8a0b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd0c7301ece62a10b58cd4469ec8b1e36ded089aeda9dbf50d0ec1b5c85b78f4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ffac-40c8-a67b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '68afff3ae4849a5cb3fdd3dc249a950e04bc74a195a03c4f6d40be709fe049ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-aaac-4d3d-af6b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0349b01ee61460a84869a2a947802111a7b3085de590dfe123cb5a5e29b8c613']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-246c-4a46-aff4-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3ce6ba9af7a1e6ddc3f839b96f1d42d3aeb8738e679d7c1539756356b0e0bb04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-4be4-40c7-986a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'ebe0ae2345edaf9e0439a93d332162f9ee9d3419127b4244b3c54dc7d305e89b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-0854-4eaf-be15-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f57dc1d01e016d0cef749231c0ebe651efd7b0bef99e6ffdafb0227236661771']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-6f38-431a-b7ad-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '35bf708689847c08022c43ad3f210bd2f01397a4d54782596221c21adfcaade1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-67d0-4252-ba50-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '8bdae3f7f90788c8fa94f1ef2496680ce9609acc11c262725d9341654ffdb621']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-1f2c-4dd6-91f4-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'c8c381c7d3df400c0088fc90361959dfc2d6faf868f2b9ac16364f11eaf7e41a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-4600-4772-bdab-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '259f9ec185398ce443a78c28d01c1a627aab3cd8666f341fb28d0f3a79481f53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-6d14-4042-89a4-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3b1cf82794b1fd428d32c9b4e1f0bbf5a989329135f17120b2e141506f05f7d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-c498-4d19-9771-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '691644e245f46e7da4fd035e691ab864793ce5ae01b952ffbbbb93e7e0587134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-0f38-48e7-a472-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5e08356371e35a0248dd50d59240d0a3b19e607aa8462669b60677f7e569e99c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-efd8-4189-972d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '89bc4c4447311e8569e291671cbf91ea7e63fa566a3ef255a0b472b21e41a418']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-394c-431d-bb78-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b1f14c5cdc60bd0ed0cab6f274b90be5c85f79eff3213c4f452f62e718d7c62f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-6128-4133-9027-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '603c546a4b3710d2163afc42a2d3ca12a589e4f6a45ddcce1cda63b771eee632']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-d530-43f1-9cff-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0c98f843293d403dd5f821f5eab8e02ec35297f3112e96a34aba8a98dfe097e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-e6c8-4522-ae13-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '8fc13e96547bb7ecb655c506d48a3c32ddba275cfb8e32eb1516d02f91aa6bf6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-5f40-4cc0-b2cb-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b1dcba85194e384e87533a0629f221a5afadfea4b00ab800ec2082a79d5f1e2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-0058-4dee-83bb-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e0805eee4f09d28b5688dd9cc45972a79720c365b162bf2432649956ee688a31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-a8dc-4ebf-a058-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0bb1bb3d377bc4f9c2fa41611b31cb4b8ee02c8ba0d782d824885ce44c572b32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-38c4-463b-a22b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '2103fd2077f073ed5141198d789ef9525b676fd5208808601b8a248438fcfa87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-a264-4b82-b01a-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'fd8cfe70e0b64f3af0f3bac1299f7fc9d8f16f0f682d34b6b5b8a73a81918cd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ff20-4d42-b2ad-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '58c06e9805ed769f63c7ac01d324fa158f453956957a790e74100923d595461c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-c234-47b5-a1f3-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '473277522c78c9a61c591f9c417d54831dd3f6483c226cc008c523110df4e8ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-7ea4-4a67-a3ba-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'f044098ab7a8773d368afab05a8ca7bdba6df729c033900bb105259c22be8607']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-0d60-4955-a3b3-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '93f0158b78ac622c1edf7999654f97188efe6fd82136412d89021657a1965c4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-66fc-4d79-8678-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '1986c1def0e7b22c12a1001554d3740ecb94b6fe54f3722abc512806304d46e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-86c8-4faf-aea5-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'aa1d258ddace9f4cc6591bcaecdd53d54446d5bd4e52634bb9eaee4e4d85020d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-e578-4289-a4dc-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b45661e02a3cc9af9664da0f51413035fe80ebcdb82fcd548106fe566d9ff3b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-8244-48b9-9234-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '320878334b90cbae5666834eb97e5365c369e3b789fa0b11faf2130975794134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-1bf0-4428-a078-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '0cddb0d58855dea1608116cd90dd174c8abc64fe573a4e706f7e2d7c1427bb5e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-6244-4bd8-b6dc-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'cdf3b0e42f10aeecf0c8113dae41883d9e8c04e422079b0bdd0e44087f724a9b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ac80-4b7c-b8a1-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3a7911e198761e56ce5d5451de61971d73b8006e2ad1721075b95bc9161db2ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-ad4c-4044-8119-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'a9ab7fc53d871241ecb3edc53596e33dde172d7636da5d01b1cb3c6361aee235']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979c-b948-40ce-9c5c-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5ee38dd6c7ab3b2f8d7f4c666efc7b250a3170b4fe21f1de308f3f200efc42e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-28d8-4c67-8fe0-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:44.000Z",
|
|
"modified": "2017-08-24T09:08:44.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '6c8c01969dd5aab4792e9509b424d130da6b3c6e9cffdf522ebd2ead2d10485c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-a444-4e56-977e-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'bae1c2dcc03e76d6dbfd3320d976446446e10e700f2dc69b45244038cb265060']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-b5f8-4b57-9488-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '134f7fbf5b5ffd8c1cdcd400cb07065716459c527e2f543aeaa5c1b310c16b3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-c15c-46a7-b9c7-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'bf402dac79221047e88e4d21a8fcbbaf6f4535a91f950499933091b3b8327c8b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-1630-416e-abda-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '43842117c2762ddd463ca408271b07c3c03b1b39b999cd2f6b46044935fe2275']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-0fe4-4d83-a85e-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'a8376081d42153b4947c995057eb7242290dc32fd2b515be2910e0c2d7f134b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-0a98-45c4-a0e4-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '6db16b177b8a752647110a1ed262b611c82f5bd097e55fad074ea5c2a35dbedf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-f204-4e73-826f-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5700a94679197cbb1d19633e618884c49bdcc3d0252ae687b13a44ae76fb0e46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-ee24-441d-965b-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '62f29b85500d72c071d4f5d924a4da649f83152a9172e4fe98a922ed088bb5b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-d5f4-4e55-84bc-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '83849158cb6c55a96695bd4f5242f8adf3fe5e729c60669d446f1d8a9d685935']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-5724-43c8-a6f6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '654e4054d6240c2f8e2a28a17eb0a97b21c6cf4a9d93983ae8356415b50d3290']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-d2c0-4f46-bea6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '6672bfc35550bc6f4c9848951808134b7719ba070227a63f057528c555e4ce83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-b410-48a2-8576-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '7d1a07a742171f13cbf45b11d01ec84bf3443acf3a9177eff0e6b8c4b2664256']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-6a4c-4e22-a55d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'c3e1bf40c4192947f6be7330ffa195bfa8e18f072d4121c344fa0b20cb81e22c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-cc1c-4fbb-a5b6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5d15cfc5096fd650b718c943a77fa4509dcef81c84d118847737607d45e3bdfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-baf0-41c3-92fe-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '75a315c670fb0cb179f035d437de98d326d3abc040648b93e0b1f64ae57c3de9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-88ac-4848-8c36-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e61c95a88fd66f2e4b717189095ce065f9b7eafbe799dc4fd2af6c914857b1c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-2ed0-496c-8de6-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '55430a9fa6fd979d9c244e85e00a2aa057cd7eb4eaa654a8ca42c8d57775d378']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-e6c8-4bf7-b33c-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '5f75149e414176d67b7331197b00770b2e7945c921cf3657d2d4f29833661425']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-92c8-4999-8e02-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '534e49087a17bcdbf6d40f17814777e9d50f018dbb319d9ecb864c42d68174d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-6784-42b5-9e63-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '68edfe0311705420681bbb937696fc137678c28573ef12d6cfe4419114d51e46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-4f80-4f07-bd23-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b0c0776b910b13da0a884112ec1904b9eaf41daca1cb51c2e04724a087ae9b08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-1f84-4d18-a6cc-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '135df84a4866c23fe77d8dbac4837979ade7a12074326817058f21d4c9551479']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-c03c-4272-8643-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b6983a8b27ef8148e2ddb4ea73e37ce92cf13939fbb7982b28a4521aa422d270']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-3d8c-4c09-9435-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '32db0ede0dc2fa891c0f9e8b1857ba72fb8172dbdeb12d6a3bfdd4be82586254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-0578-4a4e-b313-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '561c722599bed26747e783bdb2b69d3cb0ba9563d2b81509447ed593d5abb821']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-e624-46b2-821d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b48dca023db9bacda7218f79d3d73ae300613b0d29434198466c189e692d0a70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-7b24-4792-94de-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '9ecc5f50f0f275f32595dd5e5421422e85a95b7a8d0f7f2ec6b203b368e934fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-4d38-40d6-949f-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b00994acd716b91865154c4006d6fed8e90466f2e6298cb5c338798060d1e452']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-5a08-4abe-891d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd3b5eb99de6c818d85a9363a9f4a08576405ee8b207d86c5e8b9627a4e53c4e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-c628-4487-8429-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '1790e5a6be73c71db332d0b28e3a4f339e464c05002cf0c395ecc29e5a2f1dc2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-7010-4928-b96f-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '3b620bc7d1807f6a23c290501f1df2e40fd45dc310932703d3ba0c08d4096b11']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-5480-4f00-bb5e-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '22c68c733c698c41128505acbccba942c94fd15c80f81067f80e457e7710d03c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-a8e4-4efb-95d7-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'd16054094b687680475d38db8d890c847116f8d2fb89e801badb11853d9f5f33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-0340-4936-9a9d-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = '8eed4bf367904aa97aa6c87b4b1cebbc3b82a8d047efb24992d721321e3c0690']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-6c90-4afd-8693-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'e14b5a289293e3f0089e012507bf242a968b5afc1a437d1724af73cd30d4a26e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-5f44-47b0-83ba-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'cc4a7221a2fb7c3a0ffab24a4f808918f5d3156675a9d827c8e9c2550ba27448']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e979d-43e0-4625-a55c-d47e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:08:45.000Z",
|
|
"modified": "2017-08-24T09:08:45.000Z",
|
|
"description": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS",
|
|
"pattern": "[file:hashes.SHA256 = 'b4bb31444b60f3b58076be31e4f78770d3efa631e7fa0bc0e96537b03778fcda']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:08:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e986a-d31c-4868-b0da-4a5c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:12:10.000Z",
|
|
"modified": "2017-08-24T09:12:10.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[file:name = 'hef\u2013klife.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:12:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e986a-420c-4723-b5e7-48ae950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:12:10.000Z",
|
|
"modified": "2017-08-24T09:12:10.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[file:name = 'f\u2013klife.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:12:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e986a-3e44-4ee7-b416-4fbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:12:10.000Z",
|
|
"modified": "2017-08-24T09:12:10.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'php.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:12:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--599e986a-8bd0-4f3c-b26d-4a47950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-08-24T09:12:10.000Z",
|
|
"modified": "2017-08-24T09:12:10.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[domain-name:value = 'ayalove.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-08-24T09:12:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |