misp-circl-feed/feeds/circl/misp/58b7da09-466c-4c5e-bb8d-4dd2950d210f.json

1022 lines
No EOL
45 KiB
JSON

{
"type": "bundle",
"id": "bundle--58b7da09-466c-4c5e-bb8d-4dd2950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58b7da09-466c-4c5e-bb8d-4dd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"name": "OSINT - Google Play Apps Infected with Malicious IFrames",
"published": "2017-03-02T08:46:59Z",
"object_refs": [
"x-misp-attribute--58b7da24-68e0-4673-88cf-45a0950d210f",
"observed-data--58b7da36-c774-40af-9de8-495e950d210f",
"url--58b7da36-c774-40af-9de8-495e950d210f",
"indicator--58b7dae4-c460-4021-8950-4872950d210f",
"indicator--58b7dae5-0178-4517-b1f4-4381950d210f",
"indicator--58b7dae6-99f4-49ac-8742-4572950d210f",
"indicator--58b7dae7-d934-491e-bdcd-436e950d210f",
"indicator--58b7dae8-acdc-4414-976a-4b81950d210f",
"indicator--58b7dae9-a714-4d6e-962e-4d5d950d210f",
"indicator--58b7dae9-6f88-40a3-a749-4c1f950d210f",
"indicator--58b7dafd-a9e4-46df-a212-4b07950d210f",
"indicator--58b7dafe-791c-46cc-b4f8-479b950d210f",
"indicator--58b7db1a-f024-417f-b30b-4a28950d210f",
"indicator--58b7db1b-81a0-4fad-ac39-411d950d210f",
"x-misp-attribute--58b7db5c-24d0-4982-893b-4733950d210f",
"x-misp-attribute--58b7db5d-9bb0-4bc2-abf6-4927950d210f",
"x-misp-attribute--58b7db5e-2ee0-4683-a6e4-4556950d210f",
"x-misp-attribute--58b7db5f-3a44-4066-9df2-4fd5950d210f",
"x-misp-attribute--58b7db60-1c68-4da8-b68e-492d950d210f",
"x-misp-attribute--58b7db61-a4a4-4f69-8012-4104950d210f",
"x-misp-attribute--58b7db62-58ec-47a1-8311-41b1950d210f",
"indicator--58b7dbb5-6390-4bf1-9e09-476b02de0b81",
"indicator--58b7dbb6-ff50-44bb-9039-4da902de0b81",
"observed-data--58b7dbb7-d870-4686-8a2e-4ed102de0b81",
"url--58b7dbb7-d870-4686-8a2e-4ed102de0b81",
"indicator--58b7dbb8-6ca8-49f6-9165-408802de0b81",
"indicator--58b7dbb8-d2f0-4856-ba60-409b02de0b81",
"observed-data--58b7dbb9-fee4-4d23-901c-47bb02de0b81",
"url--58b7dbb9-fee4-4d23-901c-47bb02de0b81",
"indicator--58b7dbba-5fe8-4b30-be42-467802de0b81",
"indicator--58b7dbbb-16d0-46a2-92b2-447f02de0b81",
"observed-data--58b7dbbb-400c-40e0-9b27-431e02de0b81",
"url--58b7dbbb-400c-40e0-9b27-431e02de0b81",
"indicator--58b7dbbc-e7a8-4edf-b5de-47b502de0b81",
"indicator--58b7dbbd-3d50-4b5c-8112-4aba02de0b81",
"observed-data--58b7dbbe-0c1c-49db-b0bb-487102de0b81",
"url--58b7dbbe-0c1c-49db-b0bb-487102de0b81",
"indicator--58b7dbbe-58a8-4f50-ac23-4f3102de0b81",
"indicator--58b7dbbf-c7c0-45a6-b750-481c02de0b81",
"observed-data--58b7dbc0-1754-4970-bdb8-4e6402de0b81",
"url--58b7dbc0-1754-4970-bdb8-4e6402de0b81",
"indicator--58b7dbc1-fb38-42bb-aac3-422402de0b81",
"indicator--58b7dbc2-ddd4-44fb-867f-4a9d02de0b81",
"observed-data--58b7dbc3-da58-4150-91c0-499002de0b81",
"url--58b7dbc3-da58-4150-91c0-499002de0b81",
"indicator--58b7dbc4-afd8-4732-839b-406802de0b81",
"indicator--58b7dbc5-c380-47b8-a7c4-41fe02de0b81",
"observed-data--58b7dbc6-fe44-4108-960f-4cb002de0b81",
"url--58b7dbc6-fe44-4108-960f-4cb002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"admiralty-scale:source-reliability=\"b\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7da24-68e0-4673-88cf-45a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Recently, we have discovered 132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages, with the most popular one having more than 10,000 installs alone. Our investigation indicates that the developers of these infected apps are not to blame, but are more likely victims themselves. We believe it is most likely that the app developers\u00e2\u20ac\u2122 development platforms were infected with malware that searches for HTML pages and injects malicious content at the end of the HTML pages it finds. If this is this case, this is another situation where mobile malware originated from infected development platforms without developers\u00e2\u20ac\u2122 awareness. We have reported our findings to Google Security Team and all infected apps have been removed from Google Play."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7da36-c774-40af-9de8-495e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"first_observed": "2017-03-02T08:45:22Z",
"last_observed": "2017-03-02T08:45:22Z",
"number_observed": 1,
"object_refs": [
"url--58b7da36-c774-40af-9de8-495e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7da36-c774-40af-9de8-495e950d210f",
"value": "http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dae4-c460-4021-8950-4872950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "com.aaronbalderapps.awesome3dstreetart",
"pattern": "[file:hashes.SHA256 = 'c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dae5-0178-4517-b1f4-4381950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "com.aaronbalderapps.awesomecheesecakeideas",
"pattern": "[file:hashes.SHA256 = 'a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dae6-99f4-49ac-8742-4572950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "com.aaronbalderapps.babyroomdesignideas",
"pattern": "[file:hashes.SHA256 = '1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dae7-d934-491e-bdcd-436e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "com.aaronbalderapps.backyardwoodprojects",
"pattern": "[file:hashes.SHA256 = 'db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dae8-acdc-4414-976a-4b81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "com.aaronbalderapps.bathroominteriordesigns",
"pattern": "[file:hashes.SHA256 = '28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dae9-a714-4d6e-962e-4d5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "com.aaronbalderapps.beautifulbotanicalgardens",
"pattern": "[file:hashes.SHA256 = 'b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dae9-6f88-40a3-a749-4c1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "com.aaronbalderapps.bedroomdesign5d",
"pattern": "[file:hashes.SHA256 = 'd6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dafd-a9e4-46df-a212-4b07950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "Malicious urls",
"pattern": "[url:value = 'www.Brenz.pl/rc/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dafe-791c-46cc-b4f8-479b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"description": "Malicious urls",
"pattern": "[url:value = 'jL.chura.pl/rc/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7db1a-f024-417f-b30b-4a28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"pattern": "[domain-name:value = 'brenz.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7db1b-81a0-4fad-ac39-411d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"pattern": "[domain-name:value = 'jl.chura.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7db5c-24d0-4982-893b-4733950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.aaronbalderapps.awesome3dstreetart"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7db5d-9bb0-4bc2-abf6-4927950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.aaronbalderapps.awesomecheesecakeideas"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7db5e-2ee0-4683-a6e4-4556950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.aaronbalderapps.babyroomdesignideas"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7db5f-3a44-4066-9df2-4fd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.aaronbalderapps.backyardwoodprojects"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7db60-1c68-4da8-b68e-492d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.aaronbalderapps.bathroominteriordesigns"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7db61-a4a4-4f69-8012-4104950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.aaronbalderapps.beautifulbotanicalgardens"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58b7db62-58ec-47a1-8311-41b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:22.000Z",
"modified": "2017-03-02T08:45:22.000Z",
"labels": [
"misp:type=\"mobile-application-id\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_type": "mobile-application-id",
"x_misp_value": "com.aaronbalderapps.bedroomdesign5d"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbb5-6390-4bf1-9e09-476b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:41.000Z",
"modified": "2017-03-02T08:45:41.000Z",
"description": "com.aaronbalderapps.bedroomdesign5d - Xchecked via VT: d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678",
"pattern": "[file:hashes.SHA1 = '4e61c0e8c198ea73207462376b392c493adad5ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbb6-ff50-44bb-9039-4da902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:42.000Z",
"modified": "2017-03-02T08:45:42.000Z",
"description": "com.aaronbalderapps.bedroomdesign5d - Xchecked via VT: d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678",
"pattern": "[file:hashes.MD5 = '9e6fa2164bc6af43451c2128e676d08f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7dbb7-d870-4686-8a2e-4ed102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:43.000Z",
"modified": "2017-03-02T08:45:43.000Z",
"first_observed": "2017-03-02T08:45:43Z",
"last_observed": "2017-03-02T08:45:43Z",
"number_observed": 1,
"object_refs": [
"url--58b7dbb7-d870-4686-8a2e-4ed102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7dbb7-d870-4686-8a2e-4ed102de0b81",
"value": "https://www.virustotal.com/file/d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678/analysis/1482024647/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbb8-6ca8-49f6-9165-408802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:44.000Z",
"modified": "2017-03-02T08:45:44.000Z",
"description": "com.aaronbalderapps.beautifulbotanicalgardens - Xchecked via VT: b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5",
"pattern": "[file:hashes.SHA1 = '23423929bf8e7d1a28e6d019ab374076bb613185']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbb8-d2f0-4856-ba60-409b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:44.000Z",
"modified": "2017-03-02T08:45:44.000Z",
"description": "com.aaronbalderapps.beautifulbotanicalgardens - Xchecked via VT: b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5",
"pattern": "[file:hashes.MD5 = 'db2f580568af363b091088b4b3a8b427']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7dbb9-fee4-4d23-901c-47bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:45.000Z",
"modified": "2017-03-02T08:45:45.000Z",
"first_observed": "2017-03-02T08:45:45Z",
"last_observed": "2017-03-02T08:45:45Z",
"number_observed": 1,
"object_refs": [
"url--58b7dbb9-fee4-4d23-901c-47bb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7dbb9-fee4-4d23-901c-47bb02de0b81",
"value": "https://www.virustotal.com/file/b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5/analysis/1482024641/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbba-5fe8-4b30-be42-467802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:46.000Z",
"modified": "2017-03-02T08:45:46.000Z",
"description": "com.aaronbalderapps.bathroominteriordesigns - Xchecked via VT: 28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed",
"pattern": "[file:hashes.SHA1 = '6a024c7de79a5fa0af6acdf88f5f665a75e9e176']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbbb-16d0-46a2-92b2-447f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:47.000Z",
"modified": "2017-03-02T08:45:47.000Z",
"description": "com.aaronbalderapps.bathroominteriordesigns - Xchecked via VT: 28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed",
"pattern": "[file:hashes.MD5 = '10a97ac50e8965b6a666aa4304c93581']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7dbbb-400c-40e0-9b27-431e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:47.000Z",
"modified": "2017-03-02T08:45:47.000Z",
"first_observed": "2017-03-02T08:45:47Z",
"last_observed": "2017-03-02T08:45:47Z",
"number_observed": 1,
"object_refs": [
"url--58b7dbbb-400c-40e0-9b27-431e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7dbbb-400c-40e0-9b27-431e02de0b81",
"value": "https://www.virustotal.com/file/28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed/analysis/1481336217/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbbc-e7a8-4edf-b5de-47b502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:48.000Z",
"modified": "2017-03-02T08:45:48.000Z",
"description": "com.aaronbalderapps.backyardwoodprojects - Xchecked via VT: db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6",
"pattern": "[file:hashes.SHA1 = 'e00529b31800ab2f0987ee7999f0b9dbe1a5a7a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbbd-3d50-4b5c-8112-4aba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:49.000Z",
"modified": "2017-03-02T08:45:49.000Z",
"description": "com.aaronbalderapps.backyardwoodprojects - Xchecked via VT: db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6",
"pattern": "[file:hashes.MD5 = 'c92a2d02f0a610f4087c858f15955de6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7dbbe-0c1c-49db-b0bb-487102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:50.000Z",
"modified": "2017-03-02T08:45:50.000Z",
"first_observed": "2017-03-02T08:45:50Z",
"last_observed": "2017-03-02T08:45:50Z",
"number_observed": 1,
"object_refs": [
"url--58b7dbbe-0c1c-49db-b0bb-487102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7dbbe-0c1c-49db-b0bb-487102de0b81",
"value": "https://www.virustotal.com/file/db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6/analysis/1481336222/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbbe-58a8-4f50-ac23-4f3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:50.000Z",
"modified": "2017-03-02T08:45:50.000Z",
"description": "com.aaronbalderapps.babyroomdesignideas - Xchecked via VT: 1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8",
"pattern": "[file:hashes.SHA1 = '904ae08d33f1c01262f0ac2e4489782066c7ef26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbbf-c7c0-45a6-b750-481c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:51.000Z",
"modified": "2017-03-02T08:45:51.000Z",
"description": "com.aaronbalderapps.babyroomdesignideas - Xchecked via VT: 1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8",
"pattern": "[file:hashes.MD5 = 'd53a2f554d00026bd9af5d4d33764357']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7dbc0-1754-4970-bdb8-4e6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:52.000Z",
"modified": "2017-03-02T08:45:52.000Z",
"first_observed": "2017-03-02T08:45:52Z",
"last_observed": "2017-03-02T08:45:52Z",
"number_observed": 1,
"object_refs": [
"url--58b7dbc0-1754-4970-bdb8-4e6402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7dbc0-1754-4970-bdb8-4e6402de0b81",
"value": "https://www.virustotal.com/file/1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8/analysis/1488422194/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbc1-fb38-42bb-aac3-422402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:53.000Z",
"modified": "2017-03-02T08:45:53.000Z",
"description": "com.aaronbalderapps.awesomecheesecakeideas - Xchecked via VT: a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268",
"pattern": "[file:hashes.SHA1 = '592c497851b9604b1575413f637479a6b330819e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbc2-ddd4-44fb-867f-4a9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:54.000Z",
"modified": "2017-03-02T08:45:54.000Z",
"description": "com.aaronbalderapps.awesomecheesecakeideas - Xchecked via VT: a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268",
"pattern": "[file:hashes.MD5 = '2894e4f2f66d5f85d561dde63a6f7b33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7dbc3-da58-4150-91c0-499002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:55.000Z",
"modified": "2017-03-02T08:45:55.000Z",
"first_observed": "2017-03-02T08:45:55Z",
"last_observed": "2017-03-02T08:45:55Z",
"number_observed": 1,
"object_refs": [
"url--58b7dbc3-da58-4150-91c0-499002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7dbc3-da58-4150-91c0-499002de0b81",
"value": "https://www.virustotal.com/file/a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268/analysis/1468332857/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbc4-afd8-4732-839b-406802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:56.000Z",
"modified": "2017-03-02T08:45:56.000Z",
"description": "com.aaronbalderapps.awesome3dstreetart - Xchecked via VT: c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61",
"pattern": "[file:hashes.SHA1 = '5ca403bf95c84f093cfb239a2e3c15bc78e94466']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58b7dbc5-c380-47b8-a7c4-41fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:57.000Z",
"modified": "2017-03-02T08:45:57.000Z",
"description": "com.aaronbalderapps.awesome3dstreetart - Xchecked via VT: c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61",
"pattern": "[file:hashes.MD5 = '365f63f870712a0046474c200737cff2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-02T08:45:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58b7dbc6-fe44-4108-960f-4cb002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-02T08:45:58.000Z",
"modified": "2017-03-02T08:45:58.000Z",
"first_observed": "2017-03-02T08:45:58Z",
"last_observed": "2017-03-02T08:45:58Z",
"number_observed": 1,
"object_refs": [
"url--58b7dbc6-fe44-4108-960f-4cb002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58b7dbc6-fe44-4108-960f-4cb002de0b81",
"value": "https://www.virustotal.com/file/c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61/analysis/1488422159/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}