673 lines
No EOL
28 KiB
JSON
673 lines
No EOL
28 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a39216d-e93c-4046-8ff5-bfd8950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T03:00:57.000Z",
|
|
"modified": "2017-12-21T03:00:57.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5a39216d-e93c-4046-8ff5-bfd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T03:00:57.000Z",
|
|
"modified": "2017-12-21T03:00:57.000Z",
|
|
"name": "OSINT - Banking malware on Google Play targets Polish banks",
|
|
"published": "2017-12-28T13:34:35Z",
|
|
"object_refs": [
|
|
"observed-data--5a392180-b698-400a-9024-1536950d210f",
|
|
"url--5a392180-b698-400a-9024-1536950d210f",
|
|
"x-misp-attribute--5a3a24a1-2a94-44fa-88d7-46c0950d210f",
|
|
"indicator--5a3a26cc-30dc-4013-8210-4b21950d210f",
|
|
"indicator--5a3a26cd-2184-4b96-9018-4666950d210f",
|
|
"indicator--5a3a26cd-adc0-4e15-ac10-4428950d210f",
|
|
"indicator--5a3a26cd-7284-44be-9b2a-4461950d210f",
|
|
"indicator--5a3a26cd-0fbc-446c-8323-464f950d210f",
|
|
"indicator--5a3a26cd-ebe0-42da-880e-423a950d210f",
|
|
"indicator--5a3a26cd-40dc-45f5-9e92-4e8e950d210f",
|
|
"indicator--5a3a26cd-83a8-470d-b24a-4a56950d210f",
|
|
"indicator--5a3a26cd-7ad0-48d3-8d55-4435950d210f",
|
|
"indicator--5a3a26cd-4c38-47ad-9bfa-4715950d210f",
|
|
"indicator--5a3a26cd-a3dc-432a-b5cb-4171950d210f",
|
|
"indicator--5a3a26cd-cc3c-480c-8cb4-4612950d210f",
|
|
"indicator--5a3a26cd-634c-4d09-826d-4a28950d210f",
|
|
"indicator--5a3a26cd-6cd0-44dd-9c14-4ffa950d210f",
|
|
"indicator--5a3a2774-9c5c-48e5-b05e-49bb950d210f",
|
|
"indicator--5a3a2774-8a18-4838-a42e-47e6950d210f",
|
|
"indicator--5a3a279c-ebc4-44ab-b54e-4c19950d210f",
|
|
"indicator--5a3a27b5-7db0-4cbc-984b-47b9950d210f",
|
|
"indicator--277a53e1-58de-48f5-a24b-1020de7738aa",
|
|
"x-misp-object--026a1242-16cf-491b-9bab-2de522dfba23",
|
|
"indicator--f011249c-b0da-4bd6-9043-07bcc2414922",
|
|
"x-misp-object--faf365d9-29da-477a-b73d-a22e07c53249",
|
|
"relationship--473a45ab-99b1-4150-89fc-f455a63bfb27",
|
|
"relationship--4c0db846-0350-4c86-8474-f491e59cffec"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"osint:source-type=\"blog-post\"",
|
|
"Banker",
|
|
"ms-caro-malware-full:malware-family=\"Banker\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a392180-b698-400a-9024-1536950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"first_observed": "2017-12-20T09:17:53Z",
|
|
"last_observed": "2017-12-20T09:17:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a392180-b698-400a-9024-1536950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a392180-b698-400a-9024-1536950d210f",
|
|
"value": "https://www.welivesecurity.com/2017/12/11/banking-malware-targets-polish-banks/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5a3a24a1-2a94-44fa-88d7-46c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Another set of banking Trojans has found its way past Google Play\u00e2\u20ac\u2122s security mechanisms, this time targeting a number of Polish banks. The malware managed to sneak into Google Play disguised as seemingly legitimate apps \u00e2\u20ac\u0153Crypto Monitor\u00e2\u20ac\u009d, a cryptocurrency price tracking app, and \u00e2\u20ac\u0153StorySaver\u00e2\u20ac\u009d, a third-party tool for downloading stories from Instagram."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cc-30dc-4013-8210-4b21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'com.comarch.mobile']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-2184-4b96-9018-4666950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'pl.bzwbk.bzwbk24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-adc0-4e15-ac10-4428950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'com.getingroup.mobilebanking']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-7284-44be-9b2a-4461950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'pl.pkobp.iko']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-0fbc-446c-8323-464f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'pl.ing.mojeing']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-ebe0-42da-880e-423a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'wit.android.bcpBankingApp.millenniumPL']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-40dc-45f5-9e92-4e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'pl.mbank']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-83a8-470d-b24a-4a56950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'pl.bph']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-7ad0-48d3-8d55-4435950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'pl.fmbank.smart']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-4c38-47ad-9bfa-4715950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'eu.eleader.mobilebanking.pekao']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-a3dc-432a-b5cb-4171950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'eu.eleader.mobilebanking.pekao.firm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-cc3c-480c-8cb4-4612950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'eu.eleader.mobilebanking.invest']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-634c-4d09-826d-4a28950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'eu.eleader.mobilebanking.raiffeisen']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a26cd-6cd0-44dd-9c14-4ffa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"pattern": "[file:name = 'com.konylabs.cbplpat']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a2774-9c5c-48e5-b05e-49bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"description": "Phishing server",
|
|
"pattern": "[domain-name:value = 'nelis.at']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a2774-8a18-4838-a42e-47e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:53.000Z",
|
|
"modified": "2017-12-20T09:17:53.000Z",
|
|
"description": "Phishing server",
|
|
"pattern": "[domain-name:value = 'sdljfkh1313.win']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a279c-ebc4-44ab-b54e-4c19950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:04:28.000Z",
|
|
"modified": "2017-12-20T09:04:28.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '57a96d024e61f683020be46173d74fad4cf05806' AND file:name = 'in.crypto.monitor.coins' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:04:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3a27b5-7db0-4cbc-984b-47b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:04:53.000Z",
|
|
"modified": "2017-12-20T09:04:53.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '757ea52db39e9cdbf5e2e95485801e3e4b19020d' AND file:name = 'com.app.storysavernew' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:04:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--277a53e1-58de-48f5-a24b-1020de7738aa",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:56.000Z",
|
|
"modified": "2017-12-20T09:17:56.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5e9b289928004deade3fbfc20049abf5' AND file:hashes.SHA1 = '757ea52db39e9cdbf5e2e95485801e3e4b19020d' AND file:hashes.SHA256 = '204f2e5e18691156036cbcfc69fa759272a2180fba77a74415ccb2c7469a670b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--026a1242-16cf-491b-9bab-2de522dfba23",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:54.000Z",
|
|
"modified": "2017-12-20T09:17:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/204f2e5e18691156036cbcfc69fa759272a2180fba77a74415ccb2c7469a670b/analysis/1513618446/",
|
|
"category": "External analysis",
|
|
"uuid": "5a3a2ac2-17e4-4668-bec1-4fb102de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "26/62",
|
|
"category": "Other",
|
|
"uuid": "5a3a2ac2-8e18-430c-9768-488302de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-18T17:34:06",
|
|
"category": "Other",
|
|
"uuid": "5a3a2ac2-1be0-4199-bcfc-423302de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--f011249c-b0da-4bd6-9043-07bcc2414922",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:57.000Z",
|
|
"modified": "2017-12-20T09:17:57.000Z",
|
|
"pattern": "[file:hashes.MD5 = '883c2183fecc06f1faab8fbab03186e6' AND file:hashes.SHA1 = '57a96d024e61f683020be46173d74fad4cf05806' AND file:hashes.SHA256 = '86aaed9017e3af5d1d9c8460f2d8164f14e14db01b1a278b4b93859d3cf982f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-20T09:17:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--faf365d9-29da-477a-b73d-a22e07c53249",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-20T09:17:54.000Z",
|
|
"modified": "2017-12-20T09:17:54.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/86aaed9017e3af5d1d9c8460f2d8164f14e14db01b1a278b4b93859d3cf982f5/analysis/1513240956/",
|
|
"category": "External analysis",
|
|
"uuid": "5a3a2ac2-bd34-4ab5-a5fe-439302de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "17/63",
|
|
"category": "Other",
|
|
"uuid": "5a3a2ac2-2b70-47a0-98c7-4be502de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2017-12-14T08:42:36",
|
|
"category": "Other",
|
|
"uuid": "5a3a2ac2-e174-44ff-97a8-456f02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--473a45ab-99b1-4150-89fc-f455a63bfb27",
|
|
"created": "2017-12-28T13:34:34.000Z",
|
|
"modified": "2017-12-28T13:34:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--277a53e1-58de-48f5-a24b-1020de7738aa",
|
|
"target_ref": "x-misp-object--026a1242-16cf-491b-9bab-2de522dfba23"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4c0db846-0350-4c86-8474-f491e59cffec",
|
|
"created": "2017-12-28T13:34:35.000Z",
|
|
"modified": "2017-12-28T13:34:35.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--f011249c-b0da-4bd6-9043-07bcc2414922",
|
|
"target_ref": "x-misp-object--faf365d9-29da-477a-b73d-a22e07c53249"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |