misp-circl-feed/feeds/circl/misp/5a2677b2-78e4-4370-a96d-5f3b950d210f.json

200 lines
No EOL
8.5 KiB
JSON

{
"type": "bundle",
"id": "bundle--5a2677b2-78e4-4370-a96d-5f3b950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:20:36.000Z",
"modified": "2017-12-11T09:20:36.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a2677b2-78e4-4370-a96d-5f3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-11T09:20:36.000Z",
"modified": "2017-12-11T09:20:36.000Z",
"name": "OSINT - SLocker Mobile Ransomware Starts Mimicking WannaCry",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
"url--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
"indicator--5a294296-5dd0-404e-9929-4ffa950d210f",
"indicator--5a2942c0-0b20-4f4f-8018-4635950d210f",
"indicator--5a2945a9-2ce4-48bd-916e-a1b1950d210f",
"indicator--5a29466c-15bc-4df0-85be-4a6b950d210f",
"indicator--5a294691-da48-4d27-86b6-429a950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\"",
"ms-caro-malware-full:malware-platform=\"AndroidOS\"",
"ms-caro-malware:malware-platform=\"AndroidOS\"",
"Android Malware",
"misp-galaxy:android=\"SLocker\"",
"workflow:todo=\"expansion\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-05T10:41:35.000Z",
"modified": "2017-12-05T10:41:35.000Z",
"first_observed": "2017-12-05T10:41:35Z",
"last_observed": "2017-12-05T10:41:35Z",
"number_observed": 1,
"object_refs": [
"url--5a2677d7-87c0-4ada-aacd-5f3b950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a2677d7-87c0-4ada-aacd-5f3b950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a294296-5dd0-404e-9929-4ffa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-07T13:31:02.000Z",
"modified": "2017-12-07T13:31:02.000Z",
"pattern": "[file:hashes.SHA256 = '200d8f98c326fc65f3a11dc5ff1951051c12991cc0996273eeb9b71b27bc294d' AND file:name = '\u738b\u8005\u8363\u8000\u8f85\u52a9' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-07T13:31:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2942c0-0b20-4f4f-8018-4635950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-07T13:31:44.000Z",
"modified": "2017-12-07T13:31:44.000Z",
"pattern": "[file:hashes.SHA256 = '2ffd539d462847bebcdff658a83f74ca7f039946bbc6c6247be2fc62dc0e4060' AND file:name = '\u5343\u53d8\u8bed\u97f3' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-07T13:31:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a2945a9-2ce4-48bd-916e-a1b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-07T13:44:09.000Z",
"modified": "2017-12-07T13:44:09.000Z",
"pattern": "[file:hashes.SHA256 = '36f40d5a11d886a2280c57859cd5f22de2d78c87dcdb52ea601089745eeee494' AND file:name = '\u738b\u8005\u8363\u8000\u524d\u77bb\u7248' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-07T13:44:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a29466c-15bc-4df0-85be-4a6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-07T13:47:24.000Z",
"modified": "2017-12-07T13:47:24.000Z",
"pattern": "[file:hashes.SHA256 = 'c347e09b1489c5b8061828526f4ce778fda8ef7fb835255914eb3c9268a265bf' AND file:name = '\u5343\u53d8\u8bed\u97f3\u79c0' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-07T13:47:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a294691-da48-4d27-86b6-429a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-07T13:48:01.000Z",
"modified": "2017-12-07T13:48:01.000Z",
"pattern": "[file:hashes.SHA256 = 'cb0a18bcc8a2c9a966d3f585771db8b2e627a7b4427a889191a93b3a1b261ba3' AND file:name = '\u4e3b\u6d41\u5f71\u89c6\u5927\u5168' AND file:x_misp_text = 'com.android.tencent.zdevs.bah']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-07T13:48:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}