misp-circl-feed/feeds/circl/misp/5ab3841d-971c-47f8-9324-45d9950d210f.json

117 lines
No EOL
5.1 KiB
JSON

{
"type": "bundle",
"id": "bundle--5ab3841d-971c-47f8-9324-45d9950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-23T10:45:26.000Z",
"modified": "2018-03-23T10:45:26.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5ab3841d-971c-47f8-9324-45d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-23T10:45:26.000Z",
"modified": "2018-03-23T10:45:26.000Z",
"name": "OSINT - Igexin advertising network put user privacy at risk",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5ab38772-7708-4eaa-89e2-442e950d210f",
"url--5ab38772-7708-4eaa-89e2-442e950d210f",
"indicator--5ab4ab2b-92d8-4dff-9ce3-4e4e950d210f",
"x-misp-attribute--5ab4ab77-e424-444d-ae43-4d9e950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
"osint:source-type=\"blog-post\"",
"Android Malware",
"ms-caro-malware-full:malware-platform=\"AndroidOS\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5ab38772-7708-4eaa-89e2-442e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-23T08:50:39.000Z",
"modified": "2018-03-23T08:50:39.000Z",
"first_observed": "2018-03-23T08:50:39Z",
"last_observed": "2018-03-23T08:50:39Z",
"number_observed": 1,
"object_refs": [
"url--5ab38772-7708-4eaa-89e2-442e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5ab38772-7708-4eaa-89e2-442e950d210f",
"value": "https://blog.lookout.com/igexin-malicious-sdk"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ab4ab2b-92d8-4dff-9ce3-4e4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-23T07:22:19.000Z",
"modified": "2018-03-23T07:22:19.000Z",
"pattern": "[url:value = 'http://sdk.open.phone.igexin.com/api.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-23T07:22:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5ab4ab77-e424-444d-ae43-4d9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-03-23T08:50:46.000Z",
"modified": "2018-03-23T08:50:46.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "The Lookout Security Intelligence team has discovered an advertising software development kit (SDK) called Igexin that had the capability of spying on victims through otherwise benign apps by downloading malicious plugins. Over 500 apps available on Google Play used the Igexin ad SDK. While not all of these applications have been confirmed to download the malicious spying capability, Igexin could have introduced that functionality at their convenience. Apps containing the affected SDK were downloaded over 100 million times across the Android ecosystem."
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}