misp-circl-feed/feeds/circl/misp/5603c00a-e4d0-42e1-a0b7-85ab950d210b.json

999 lines
No EOL
43 KiB
JSON

{
"type": "bundle",
"id": "bundle--5603c00a-e4d0-42e1-a0b7-85ab950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:30:40.000Z",
"modified": "2015-09-24T09:30:40.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5603c00a-e4d0-42e1-a0b7-85ab950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:30:40.000Z",
"modified": "2015-09-24T09:30:40.000Z",
"name": "OSINT - Guaranteed Clicks: Mobile App Company Takes Control of Android Phones",
"published": "2015-09-24T09:31:59Z",
"object_refs": [
"observed-data--5603c021-4ca0-4fa9-8839-85ab950d210b",
"url--5603c021-4ca0-4fa9-8839-85ab950d210b",
"indicator--5603c0fa-1ad4-434c-af63-960e950d210b",
"indicator--5603c0fb-5eb8-4e97-8f67-960e950d210b",
"indicator--5603c0fb-d66c-440d-84c7-960e950d210b",
"indicator--5603c0fb-7db4-4dc4-8278-960e950d210b",
"indicator--5603c0fc-8798-4437-a81f-960e950d210b",
"indicator--5603c0fc-5294-45ec-a43f-960e950d210b",
"indicator--5603c0fd-dfc4-4c7d-b420-960e950d210b",
"indicator--5603c0fd-08a8-47b6-be19-960e950d210b",
"indicator--5603c0fe-0004-4fb9-ad04-960e950d210b",
"indicator--5603c0fe-726c-47b5-83a7-960e950d210b",
"indicator--5603c115-6914-4c2c-9b78-937a950d210b",
"indicator--5603c115-cad4-48b9-8da4-937a950d210b",
"observed-data--5603c115-5d84-4823-a75f-937a950d210b",
"url--5603c115-5d84-4823-a75f-937a950d210b",
"indicator--5603c116-4ec8-4426-b62f-937a950d210b",
"indicator--5603c116-e0a0-474c-bfbd-937a950d210b",
"observed-data--5603c116-3ea4-4cdd-b173-937a950d210b",
"url--5603c116-3ea4-4cdd-b173-937a950d210b",
"indicator--5603c117-ef18-4a50-9f3c-937a950d210b",
"indicator--5603c117-ec1c-45cb-946e-937a950d210b",
"observed-data--5603c118-d910-4a0f-80ef-937a950d210b",
"url--5603c118-d910-4a0f-80ef-937a950d210b",
"indicator--5603c118-0cf0-44a1-83eb-937a950d210b",
"indicator--5603c118-5814-449d-a196-937a950d210b",
"observed-data--5603c119-0e04-41f2-9bbd-937a950d210b",
"url--5603c119-0e04-41f2-9bbd-937a950d210b",
"indicator--5603c119-c3cc-443f-a009-937a950d210b",
"indicator--5603c119-4bd0-4ff5-87b4-937a950d210b",
"observed-data--5603c11a-fcec-4fc2-a04e-937a950d210b",
"url--5603c11a-fcec-4fc2-a04e-937a950d210b",
"indicator--5603c11a-6914-4589-adaa-937a950d210b",
"indicator--5603c11a-5c88-4d87-b3b6-937a950d210b",
"observed-data--5603c11b-67e0-4c7a-ab1c-937a950d210b",
"url--5603c11b-67e0-4c7a-ab1c-937a950d210b",
"indicator--5603c11b-1080-4a87-8599-937a950d210b",
"indicator--5603c11b-ed78-442e-b2ab-937a950d210b",
"observed-data--5603c11c-2364-4b72-b9fd-937a950d210b",
"url--5603c11c-2364-4b72-b9fd-937a950d210b",
"indicator--5603c24f-ea00-471f-b2de-9393950d210b",
"indicator--5603c2a9-8690-4bc7-8ad1-963b950d210b",
"indicator--5603c2a9-fe84-4073-8397-963b950d210b",
"indicator--5603c2aa-ad04-4e0f-80ad-963b950d210b",
"indicator--5603c2aa-d9a4-40ab-80ea-963b950d210b",
"indicator--5603c2c0-8d0c-4158-81a1-85a9950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c021-4ca0-4fa9-8839-85ab950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:19:29.000Z",
"modified": "2015-09-24T09:19:29.000Z",
"first_observed": "2015-09-24T09:19:29Z",
"last_observed": "2015-09-24T09:19:29Z",
"number_observed": 1,
"object_refs": [
"url--5603c021-4ca0-4fa9-8839-85ab950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c021-4ca0-4fa9-8839-85ab950d210b",
"value": "https://www.fireeye.com/blog/threat-research/2015/09/guaranteed_clicksm.html"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fa-1ad4-434c-af63-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:06.000Z",
"modified": "2015-09-24T09:23:06.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.locker.maboo.tow' AND file:hashes.SHA256 = '12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fb-5eb8-4e97-8f67-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:07.000Z",
"modified": "2015-09-24T09:23:07.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.tmdfkslakssspp111.ivityfffds1133' AND file:hashes.SHA256 = '8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fb-d66c-440d-84c7-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:07.000Z",
"modified": "2015-09-24T09:23:07.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com1.xiaoao2.FruitSingle' AND file:hashes.SHA256 = 'd65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fb-7db4-4dc4-8278-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:07.000Z",
"modified": "2015-09-24T09:23:07.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.mobilefish.pig.enpais' AND file:hashes.SHA256 = '3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fc-8798-4437-a81f-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:08.000Z",
"modified": "2015-09-24T09:23:08.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.adad.flashlight' AND file:hashes.SHA256 = 'b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fc-5294-45ec-a43f-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:08.000Z",
"modified": "2015-09-24T09:23:08.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.liuximnb.videokl2' AND file:hashes.SHA256 = '396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fd-dfc4-4c7d-b420-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:09.000Z",
"modified": "2015-09-24T09:23:09.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.4puBX.Bu1q0' AND file:hashes.SHA256 = '98bdad683b0ae189ed0fa56fb1e147c93e96e085dff90565ee246a4f6c4e2850']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fd-08a8-47b6-be19-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:09.000Z",
"modified": "2015-09-24T09:23:09.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.sQ1z7.JXhkN' AND file:hashes.SHA256 = 'f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fe-0004-4fb9-ad04-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:10.000Z",
"modified": "2015-09-24T09:23:10.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.cg.wifienhancer' AND file:hashes.SHA256 = 'b3c3d131200369d1c28285010b99d591f9a9c0629b0ba9fedd1b4ffe0170cf4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c0fe-726c-47b5-83a7-960e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:10.000Z",
"modified": "2015-09-24T09:23:10.000Z",
"description": "Package name - samples",
"pattern": "[file:name = 'com.BmiZX.p6l9v' AND file:hashes.SHA256 = '0a63ca301d97930eb8352c0772fb39015e4b89cd82e72391213ee82414e60cf8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c115-6914-4c2c-9b78-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:33.000Z",
"modified": "2015-09-24T09:23:33.000Z",
"description": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07",
"pattern": "[file:hashes.SHA1 = 'd07f56b2f51dfbe8638f927dbf18edc4b9c74f3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c115-cad4-48b9-8da4-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:33.000Z",
"modified": "2015-09-24T09:23:33.000Z",
"description": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07",
"pattern": "[file:hashes.MD5 = 'd407f8fd7369bb73fe87c99ee4b86f18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c115-5d84-4823-a75f-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:33.000Z",
"modified": "2015-09-24T09:23:33.000Z",
"first_observed": "2015-09-24T09:23:33Z",
"last_observed": "2015-09-24T09:23:33Z",
"number_observed": 1,
"object_refs": [
"url--5603c115-5d84-4823-a75f-937a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c115-5d84-4823-a75f-937a950d210b",
"value": "https://www.virustotal.com/file/f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07/analysis/1443012182/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c116-4ec8-4426-b62f-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:34.000Z",
"modified": "2015-09-24T09:23:34.000Z",
"description": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713",
"pattern": "[file:hashes.SHA1 = '7f29a5012107aebf89cb00b792540791df32fd75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c116-e0a0-474c-bfbd-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:34.000Z",
"modified": "2015-09-24T09:23:34.000Z",
"description": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713",
"pattern": "[file:hashes.MD5 = 'a4431ef1d9a275a39831fac2d255fb9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c116-3ea4-4cdd-b173-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:34.000Z",
"modified": "2015-09-24T09:23:34.000Z",
"first_observed": "2015-09-24T09:23:34Z",
"last_observed": "2015-09-24T09:23:34Z",
"number_observed": 1,
"object_refs": [
"url--5603c116-3ea4-4cdd-b173-937a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c116-3ea4-4cdd-b173-937a950d210b",
"value": "https://www.virustotal.com/file/396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713/analysis/1443012179/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c117-ef18-4a50-9f3c-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:35.000Z",
"modified": "2015-09-24T09:23:35.000Z",
"description": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58",
"pattern": "[file:hashes.SHA1 = 'ada4466924a7fb08dbe2a7650f2d0e789b984284']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c117-ec1c-45cb-946e-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:35.000Z",
"modified": "2015-09-24T09:23:35.000Z",
"description": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58",
"pattern": "[file:hashes.MD5 = '3788d40651151f0fcf441b7fceaf7f2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c118-d910-4a0f-80ef-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:36.000Z",
"modified": "2015-09-24T09:23:36.000Z",
"first_observed": "2015-09-24T09:23:36Z",
"last_observed": "2015-09-24T09:23:36Z",
"number_observed": 1,
"object_refs": [
"url--5603c118-d910-4a0f-80ef-937a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c118-d910-4a0f-80ef-937a950d210b",
"value": "https://www.virustotal.com/file/b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58/analysis/1442581837/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c118-0cf0-44a1-83eb-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:36.000Z",
"modified": "2015-09-24T09:23:36.000Z",
"description": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e",
"pattern": "[file:hashes.SHA1 = 'c97cbc54f0a0f313092f1a2a33dd2850974cd3cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c118-5814-449d-a196-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:36.000Z",
"modified": "2015-09-24T09:23:36.000Z",
"description": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e",
"pattern": "[file:hashes.MD5 = '8c5ff2b37657fe28bcbc6b6eac0165fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c119-0e04-41f2-9bbd-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:37.000Z",
"modified": "2015-09-24T09:23:37.000Z",
"first_observed": "2015-09-24T09:23:37Z",
"last_observed": "2015-09-24T09:23:37Z",
"number_observed": 1,
"object_refs": [
"url--5603c119-0e04-41f2-9bbd-937a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c119-0e04-41f2-9bbd-937a950d210b",
"value": "https://www.virustotal.com/file/3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e/analysis/1443012180/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c119-c3cc-443f-a009-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:37.000Z",
"modified": "2015-09-24T09:23:37.000Z",
"description": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7",
"pattern": "[file:hashes.SHA1 = '5bd07c5b8c8e1b8c7d62b525b1d98ef7efaa3ac7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c119-4bd0-4ff5-87b4-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:37.000Z",
"modified": "2015-09-24T09:23:37.000Z",
"description": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7",
"pattern": "[file:hashes.MD5 = '396ca4c3594c705d3289ad8e59a995d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c11a-fcec-4fc2-a04e-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:38.000Z",
"modified": "2015-09-24T09:23:38.000Z",
"first_observed": "2015-09-24T09:23:38Z",
"last_observed": "2015-09-24T09:23:38Z",
"number_observed": 1,
"object_refs": [
"url--5603c11a-fcec-4fc2-a04e-937a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c11a-fcec-4fc2-a04e-937a950d210b",
"value": "https://www.virustotal.com/file/d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7/analysis/1443012179/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c11a-6914-4589-adaa-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:38.000Z",
"modified": "2015-09-24T09:23:38.000Z",
"description": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553",
"pattern": "[file:hashes.SHA1 = '7be4297d98b41a5974af610351b58c677f364125']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c11a-5c88-4d87-b3b6-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:38.000Z",
"modified": "2015-09-24T09:23:38.000Z",
"description": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553",
"pattern": "[file:hashes.MD5 = '138d642a9c793ff54959812c376a0835']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c11b-67e0-4c7a-ab1c-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:39.000Z",
"modified": "2015-09-24T09:23:39.000Z",
"first_observed": "2015-09-24T09:23:39Z",
"last_observed": "2015-09-24T09:23:39Z",
"number_observed": 1,
"object_refs": [
"url--5603c11b-67e0-4c7a-ab1c-937a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c11b-67e0-4c7a-ab1c-937a950d210b",
"value": "https://www.virustotal.com/file/8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553/analysis/1443012180/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c11b-1080-4a87-8599-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:39.000Z",
"modified": "2015-09-24T09:23:39.000Z",
"description": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d",
"pattern": "[file:hashes.SHA1 = 'ddce1aee88946f2312d5fbc56f4dd866a44fd6e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c11b-ed78-442e-b2ab-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:39.000Z",
"modified": "2015-09-24T09:23:39.000Z",
"description": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d",
"pattern": "[file:hashes.MD5 = 'c9d2b9e3f7dd7e01612679f44b65462d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:23:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5603c11c-2364-4b72-b9fd-937a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:23:40.000Z",
"modified": "2015-09-24T09:23:40.000Z",
"first_observed": "2015-09-24T09:23:40Z",
"last_observed": "2015-09-24T09:23:40Z",
"number_observed": 1,
"object_refs": [
"url--5603c11c-2364-4b72-b9fd-937a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5603c11c-2364-4b72-b9fd-937a950d210b",
"value": "https://www.virustotal.com/file/12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d/analysis/1443012180/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c24f-ea00-471f-b2de-9393950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:28:47.000Z",
"modified": "2015-09-24T09:28:47.000Z",
"description": "it downloads an APK from the following URL and dynamically loads logic to execute",
"pattern": "[url:value = 'http://down.onowcdn.com/onekeysdk/tr_new/rt_0907_129.apk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:28:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c2a9-8690-4bc7-8ad1-963b950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:30:17.000Z",
"modified": "2015-09-24T09:30:17.000Z",
"pattern": "[domain-name:value = 'aedxdrcb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:30:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c2a9-fe84-4073-8397-963b950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:30:17.000Z",
"modified": "2015-09-24T09:30:17.000Z",
"pattern": "[domain-name:value = 'hdyfhpoi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:30:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c2aa-ad04-4e0f-80ad-963b950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:30:18.000Z",
"modified": "2015-09-24T09:30:18.000Z",
"pattern": "[domain-name:value = 'syllyq1n.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:30:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c2aa-d9a4-40ab-80ea-963b950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:30:18.000Z",
"modified": "2015-09-24T09:30:18.000Z",
"pattern": "[domain-name:value = 'wksnkys7.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:30:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5603c2c0-8d0c-4158-81a1-85a9950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-09-24T09:30:40.000Z",
"modified": "2015-09-24T09:30:40.000Z",
"pattern": "[url:value = 'http://down.agacdn.com/onlyapk/coolbroser_2.2_release_yeahmobi_self_1.apk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-24T09:30:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}