200 lines
No EOL
8.5 KiB
JSON
200 lines
No EOL
8.5 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a2677b2-78e4-4370-a96d-5f3b950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-11T09:20:36.000Z",
|
|
"modified": "2017-12-11T09:20:36.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--5a2677b2-78e4-4370-a96d-5f3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-11T09:20:36.000Z",
|
|
"modified": "2017-12-11T09:20:36.000Z",
|
|
"name": "OSINT - SLocker Mobile Ransomware Starts Mimicking WannaCry",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"observed-data--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
|
|
"url--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
|
|
"indicator--5a294296-5dd0-404e-9929-4ffa950d210f",
|
|
"indicator--5a2942c0-0b20-4f4f-8018-4635950d210f",
|
|
"indicator--5a2945a9-2ce4-48bd-916e-a1b1950d210f",
|
|
"indicator--5a29466c-15bc-4df0-85be-4a6b950d210f",
|
|
"indicator--5a294691-da48-4d27-86b6-429a950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"malware_classification:malware-category=\"Ransomware\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"ms-caro-malware-full:malware-platform=\"AndroidOS\"",
|
|
"ms-caro-malware:malware-platform=\"AndroidOS\"",
|
|
"Android Malware",
|
|
"misp-galaxy:android=\"SLocker\"",
|
|
"workflow:todo=\"expansion\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-05T10:41:35.000Z",
|
|
"modified": "2017-12-05T10:41:35.000Z",
|
|
"first_observed": "2017-12-05T10:41:35Z",
|
|
"last_observed": "2017-12-05T10:41:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a2677d7-87c0-4ada-aacd-5f3b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
|
|
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a294296-5dd0-404e-9929-4ffa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-07T13:31:02.000Z",
|
|
"modified": "2017-12-07T13:31:02.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d' AND file:name = '\u738b\u8005\u8363\u8000\u8f85\u52a9' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-07T13:31:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a2942c0-0b20-4f4f-8018-4635950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-07T13:31:44.000Z",
|
|
"modified": "2017-12-07T13:31:44.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2ffd539d462847bebcdff658a83f74ca7f039946bbc6c6247be2fc62dc0e4060' AND file:name = '\u5343\u53d8\u8bed\u97f3' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-07T13:31:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a2945a9-2ce4-48bd-916e-a1b1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-07T13:44:09.000Z",
|
|
"modified": "2017-12-07T13:44:09.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '36f40d5a11d886a2280c57859cd5f22de2d78c87dcdb52ea601089745eeee494' AND file:name = '\u738b\u8005\u8363\u8000\u524d\u77bb\u7248' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-07T13:44:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a29466c-15bc-4df0-85be-4a6b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-07T13:47:24.000Z",
|
|
"modified": "2017-12-07T13:47:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c347e09b1489c5b8061828526f4ce778fda8ef7fb835255914eb3c9268a265bf' AND file:name = '\u5343\u53d8\u8bed\u97f3\u79c0' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-07T13:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a294691-da48-4d27-86b6-429a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-07T13:48:01.000Z",
|
|
"modified": "2017-12-07T13:48:01.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'cb0a18bcc8a2c9a966d3f585771db8b2e627a7b4427a889191a93b3a1b261ba3' AND file:name = '\u4e3b\u6d41\u5f71\u89c6\u5927\u5168' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-07T13:48:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |