misp-circl-feed/feeds/circl/misp/5d01fda4-353c-4011-854f-459c950d210f.json

450 lines
No EOL
15 KiB
JSON

{
"Event": {
"analysis": "0",
"date": "2019-06-12",
"extends_uuid": "",
"info": "OSINT - Trojan downloader found on Google Play by @Maler360",
"publish_timestamp": "1566554388",
"published": true,
"threat_level_id": "3",
"timestamp": "1566554377",
"uuid": "5d01fda4-353c-4011-854f-459c950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#500064",
"local": false,
"name": "ms-caro-malware:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#00183c",
"local": false,
"name": "ms-caro-malware-full:malware-type=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#004f4f",
"local": false,
"name": "ecsirt:malicious-code=\"trojan\"",
"relationship_type": ""
},
{
"colour": "#5a0041",
"local": false,
"name": "CERT-XLM:malicious-code=\"trojan-malware\"",
"relationship_type": ""
},
{
"colour": "#284800",
"local": false,
"name": "malware_classification:malware-category=\"Trojan\"",
"relationship_type": ""
},
{
"colour": "#004646",
"local": false,
"name": "type:OSINT",
"relationship_type": ""
},
{
"colour": "#0071c3",
"local": false,
"name": "osint:lifetime=\"perpetual\"",
"relationship_type": ""
},
{
"colour": "#0087e8",
"local": false,
"name": "osint:certainty=\"50\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
}
],
"Object": [
{
"comment": "",
"deleted": false,
"description": "Microblog post like a Twitter tweet or a post on a Facebook wall.",
"meta-category": "misc",
"name": "microblog",
"template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60",
"template_version": "6",
"timestamp": "1560416338",
"uuid": "5d021052-19e0-4c1a-9f4e-4beb950d210f",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "post",
"timestamp": "1560416338",
"to_ids": false,
"type": "text",
"uuid": "5d021052-eaa4-46aa-834d-47e0950d210f",
"value": "Trojan downloader found on Google Play by @Maler360\r\n\r\n\r\n-once launched, hides itself icon\r\n-downloads additional app over HTTP\r\n-makes user install it\r\n-second app can then download additional apps & make user install them as \"Update Alert\" + display ads\r\n-100,000+ installs\r\n-reported"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "type",
"timestamp": "1560416339",
"to_ids": false,
"type": "text",
"uuid": "5d021053-7740-497d-b628-4080950d210f",
"value": "Twitter"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "url",
"timestamp": "1560416339",
"to_ids": true,
"type": "url",
"uuid": "5d021053-c424-4754-a928-4d60950d210f",
"value": "https://mobile.twitter.com/LukasStefanko/status/1138764352411131905"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username-quoted",
"timestamp": "1560416339",
"to_ids": false,
"type": "text",
"uuid": "5d021053-5310-4d89-9100-4cc4950d210f",
"value": "@Maler360"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "username",
"timestamp": "1560416339",
"to_ids": false,
"type": "text",
"uuid": "5d021053-f308-4168-8167-4f9a950d210f",
"value": "LukasStefanko"
},
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "creation-date",
"timestamp": "1560416339",
"to_ids": false,
"type": "datetime",
"uuid": "5d021053-5a70-46c7-938e-47dc950d210f",
"value": "2019-06-12T13:05:00"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560416558",
"uuid": "5d02112e-2e34-48ce-9cc6-42aa950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1560416558",
"to_ids": true,
"type": "filename",
"uuid": "5d02112e-20ac-452a-903b-43f1950d210f",
"value": "com.pippa.amazingmonstercar"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560416568",
"to_ids": true,
"type": "md5",
"uuid": "5d021138-4ab8-49a2-b718-4513950d210f",
"value": "6d48cf90e0af21da5e516f0009efcc7f"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1560416709",
"uuid": "5d0211c5-e644-494f-9fb6-4475950d210f",
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "filename",
"timestamp": "1560416710",
"to_ids": true,
"type": "filename",
"uuid": "5d0211c6-7fb4-451f-ac91-4cb8950d210f",
"value": "nightdescent.apk"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560416713",
"to_ids": true,
"type": "md5",
"uuid": "5d0211c9-beec-436e-98b8-4be8950d210f",
"value": "f64cbd33651a99b08a9168607a2374d1"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566554363",
"uuid": "1aff6893-393f-4b72-ac4d-9e083901d021",
"ObjectReference": [
{
"comment": "",
"object_uuid": "1aff6893-393f-4b72-ac4d-9e083901d021",
"referenced_uuid": "97e74bae-c5ce-4338-8ccc-42d85a523d67",
"relationship_type": "analysed-with",
"timestamp": "1566554365",
"uuid": "5d5fb8fd-f340-4de1-9dc9-4168950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560416713",
"to_ids": true,
"type": "md5",
"uuid": "b32c0591-6c4a-4ed8-a915-35eba5cb1fac",
"value": "f64cbd33651a99b08a9168607a2374d1"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560416713",
"to_ids": true,
"type": "sha1",
"uuid": "a5d88c4e-b23b-4185-9c52-3e15f613d37a",
"value": "a16bb93ee35e7636e4f824010ddbba975a7db5ed"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560416713",
"to_ids": true,
"type": "sha256",
"uuid": "6373314d-4122-4da7-9e1f-1207fef3b124",
"value": "3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566554363",
"uuid": "97e74bae-c5ce-4338-8ccc-42d85a523d67",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1560416713",
"to_ids": false,
"type": "datetime",
"uuid": "230977f5-f6de-4656-b687-80da6fea7b01",
"value": "2019-06-30T19:04:50"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1560416713",
"to_ids": false,
"type": "link",
"uuid": "cace9e83-b407-4f5f-8650-67b59112656b",
"value": "https://www.virustotal.com/file/3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7/analysis/1561921490/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1560416713",
"to_ids": false,
"type": "text",
"uuid": "7f114609-9d79-47f5-a3f9-1ab3d9abd96f",
"value": "24/61"
}
]
},
{
"comment": "",
"deleted": false,
"description": "File object describing a file with meta-information",
"meta-category": "file",
"name": "file",
"template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215",
"template_version": "17",
"timestamp": "1566554364",
"uuid": "43258e1d-e7f7-4d86-81e2-be8ea5699a06",
"ObjectReference": [
{
"comment": "",
"object_uuid": "43258e1d-e7f7-4d86-81e2-be8ea5699a06",
"referenced_uuid": "e77b5597-90c3-4499-8562-25ffbea00286",
"relationship_type": "analysed-with",
"timestamp": "1566554365",
"uuid": "5d5fb8fd-e214-4ed1-ab14-4dca950d210f"
}
],
"Attribute": [
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "md5",
"timestamp": "1560416568",
"to_ids": true,
"type": "md5",
"uuid": "878fd93b-27bf-49e3-a7db-04083ed645d8",
"value": "6d48cf90e0af21da5e516f0009efcc7f"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha1",
"timestamp": "1560416568",
"to_ids": true,
"type": "sha1",
"uuid": "f6772f0b-7182-4768-b096-109a2d023768",
"value": "83dbf7f9097aa314c64d1ed50a7a112ca87ed38d"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "sha256",
"timestamp": "1560416568",
"to_ids": true,
"type": "sha256",
"uuid": "c95bcce1-789d-4e80-a880-d839f1b2d3d4",
"value": "32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c"
}
]
},
{
"comment": "",
"deleted": false,
"description": "VirusTotal report",
"meta-category": "misc",
"name": "virustotal-report",
"template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4",
"template_version": "2",
"timestamp": "1566554364",
"uuid": "e77b5597-90c3-4499-8562-25ffbea00286",
"Attribute": [
{
"category": "Other",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "last-submission",
"timestamp": "1560416568",
"to_ids": false,
"type": "datetime",
"uuid": "bd891f80-8e4c-4dc6-801a-dc838de32a1a",
"value": "2019-06-30T19:04:34"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"object_relation": "permalink",
"timestamp": "1560416568",
"to_ids": false,
"type": "link",
"uuid": "24a845de-e030-41f1-893e-d0b69cdfb811",
"value": "https://www.virustotal.com/file/32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c/analysis/1561921474/"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": true,
"object_relation": "detection-ratio",
"timestamp": "1560416568",
"to_ids": false,
"type": "text",
"uuid": "55169594-dc67-4c52-8b57-5b134a3fdd8e",
"value": "16/60"
}
]
}
]
}
}