adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a57af9d-a0ec-4e54-a44d-483302de0b81.json

1074 lines
No EOL
47 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5a57af9d-a0ec-4e54-a44d-483302de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T03:00:34.000Z",
"modified": "2018-01-12T03:00:34.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a57af9d-a0ec-4e54-a44d-483302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-12T03:00:34.000Z",
"modified": "2018-01-12T03:00:34.000Z",
"name": "OSINT - First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services",
"published": "2018-02-16T08:46:57Z",
"object_refs": [
"observed-data--5a57afa7-8ce0-494d-ab37-a42202de0b81",
"url--5a57afa7-8ce0-494d-ab37-a42202de0b81",
"x-misp-attribute--5a57afb4-44f4-4a4e-8220-466302de0b81",
"indicator--5a57afdd-4bf0-4561-9258-395902de0b81",
"indicator--5a57afdd-6840-472e-a6aa-395902de0b81",
"indicator--5a57b018-2d2c-4378-9cfc-3c5902de0b81",
"indicator--5a57b018-1330-4ca7-b9f9-3c5902de0b81",
"indicator--5a57b019-1f5c-4013-9bb8-3c5902de0b81",
"indicator--5a57b019-7774-4f34-bf82-3c5902de0b81",
"indicator--5a57b019-1000-45df-a397-3c5902de0b81",
"indicator--5a57b019-e96c-4880-b290-3c5902de0b81",
"indicator--5a57b019-6488-4aef-ab2f-3c5902de0b81",
"indicator--5a57b019-4864-4123-b207-3c5902de0b81",
"indicator--5a57b019-3e78-43ff-a9fb-3c5902de0b81",
"indicator--5a57b019-7df4-48b1-b615-3c5902de0b81",
"indicator--bc1cef6c-4d5a-436a-9579-8cd4b6d782b2",
"x-misp-object--1bf0aa26-cd3c-47a6-81ac-3afdca27d963",
"indicator--476c045c-ea54-420b-a03a-8b26fbe58a1b",
"x-misp-object--2105ed48-0685-4700-b987-90f75b49e94a",
"indicator--e894048c-7d7d-493b-8f2c-70fad8bcd38a",
"x-misp-object--ad758221-7d66-4cec-901f-37c6833698ec",
"indicator--76c68a27-afc3-4d94-866b-ffb5c7cdd2c4",
"x-misp-object--0a23e347-6cea-4755-b85b-f90a9c9e7541",
"indicator--080d7c7a-d09d-4d58-86fb-b3a5f2e8481e",
"x-misp-object--f0b92dc7-6edb-4f1e-8ea7-00651f07c42c",
"indicator--85c68cf1-f521-42e7-83e5-6809af80abad",
"x-misp-object--13297574-af51-485e-8807-1c7b66f655ec",
"indicator--ee58fd13-7578-4389-9c9c-c1ce4f99df7f",
"x-misp-object--c6570cb6-61e3-4cd2-8e44-cb309a0726cb",
"indicator--59c0d9e3-395f-444f-9080-64f72087ac06",
"x-misp-object--23fad007-c563-45d2-90d1-cda2d4d05347",
"indicator--05de6304-76c1-4b35-822e-bcde5a58d1f8",
"x-misp-object--d2c9839e-e81e-4a2b-91b4-f8520b27adee",
"relationship--4ab33f62-315f-4c4f-be1c-117e7e0cf04b",
"relationship--9f61fb74-bdd4-4757-b78d-14b896d7cb4c",
"relationship--409f9254-2f95-4614-a06e-2368ee41685c",
"relationship--542504c1-5db9-47e4-bb06-17cf0e5e41f1",
"relationship--516886c3-3256-4647-b7f7-459c452448e4",
"relationship--6ae172f3-02f5-41ed-aeeb-d51aeb13572e",
"relationship--d821a008-4cee-4190-8bd3-fd1487795615",
"relationship--9e23242c-17f4-4418-baa1-460c8fb5151c",
"relationship--9ce00785-196e-4721-83b9-edcdbb65aeda"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"enisa:nefarious-activity-abuse=\"mobile-malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a57afa7-8ce0-494d-ab37-a42202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:45:10.000Z",
"modified": "2018-01-11T18:45:10.000Z",
"first_observed": "2018-01-11T18:45:10Z",
"last_observed": "2018-01-11T18:45:10Z",
"number_observed": 1,
"object_refs": [
"url--5a57afa7-8ce0-494d-ab37-a42202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a57afa7-8ce0-494d-ab37-a42202de0b81",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/first-kotlin-developed-malicious-app-signs-users-premium-sms-services/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5a57afb4-44f4-4a4e-8220-466302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:45:09.000Z",
"modified": "2018-01-11T18:45:09.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin\u00e2\u20ac\u201dan open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has 1,000-5,000 installs as of writing, is capable of remote command execution, information theft, SMS sending, URL forwarding, and click ad fraud. It can also sign up users for premium SMS subscription services without their permission."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57afdd-4bf0-4561-9258-395902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:06.000Z",
"modified": "2018-01-11T18:44:06.000Z",
"description": "C&C servers",
"pattern": "[url:value = 'http://adx.gmpmobi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57afdd-6840-472e-a6aa-395902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:06.000Z",
"modified": "2018-01-11T18:44:06.000Z",
"description": "C&C servers",
"pattern": "[url:value = 'http://52.76.80.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b018-2d2c-4378-9cfc-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:32.000Z",
"modified": "2018-01-11T18:42:32.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = '77d0c7dd4b3d87be6d9dfb0a9c371b4d8eeadccb8fde41d942f1c35e5e3ec063']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b018-1330-4ca7-b9f9-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:32.000Z",
"modified": "2018-01-11T18:42:32.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = '5886316c0b54bbb7ce6978acdb1ab4e2cf2b1494647b9d9ad014802e6bf5c7b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-1f5c-4013-9bb8-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:32.000Z",
"modified": "2018-01-11T18:42:32.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = 'aeef3ff7cc543bbacb6ab4df8da639b98be8f3c225678a4d0935f467bc6d720e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-7774-4f34-bf82-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:33.000Z",
"modified": "2018-01-11T18:42:33.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = '621092856e20e628a577dbe9248649eae78d1af611d9168635b22057c6c7552b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-1000-45df-a397-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:33.000Z",
"modified": "2018-01-11T18:42:33.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = '329b9c5670ecdf25248e484e23c21bbc86f943d7573ff131c0dc71bc80812d1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-e96c-4880-b290-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:33.000Z",
"modified": "2018-01-11T18:42:33.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = '2856f3d1282ddc6bcfe65b0c91a87d998edccb777387e3f998bc3b6f1d0b3342']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-6488-4aef-ab2f-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:33.000Z",
"modified": "2018-01-11T18:42:33.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = '4f649e0ea6a6f022e7a5701cecb5b7653d1334eb40918e52db8f3daacfb3b660']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-4864-4123-b207-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:33.000Z",
"modified": "2018-01-11T18:42:33.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = 'ab2c4886a4e0681a55b29c653b506b66721a3f36a1b098afa7f56da6f89bf5de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-3e78-43ff-a9fb-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:33.000Z",
"modified": "2018-01-11T18:42:33.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = '7d3e61c2c58906e09d56121be94601744e362e6f8c6b7bf87472b62b0cf8ce57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a57b019-7df4-48b1-b615-3c5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:42:33.000Z",
"modified": "2018-01-11T18:42:33.000Z",
"description": "Malicious app",
"pattern": "[file:hashes.SHA256 = 'b4822eeb71c83e4aab5ddfecfb58459e5c5e10d382a2364da1c42621f58e119b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bc1cef6c-4d5a-436a-9579-8cd4b6d782b2",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:09.000Z",
"modified": "2018-01-11T18:44:09.000Z",
"pattern": "[file:hashes.MD5 = '1d64514bc3391a1c0490d66fd219922e' AND file:hashes.SHA1 = '0a2b8a1012fbaeb0285025a43a4e467823eb1b2e' AND file:hashes.SHA256 = '5886316c0b54bbb7ce6978acdb1ab4e2cf2b1494647b9d9ad014802e6bf5c7b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--1bf0aa26-cd3c-47a6-81ac-3afdca27d963",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:06.000Z",
"modified": "2018-01-11T18:44:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/5886316c0b54bbb7ce6978acdb1ab4e2cf2b1494647b9d9ad014802e6bf5c7b8/analysis/1515614450/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b076-d2f4-4ab7-90a0-41b102de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "4/63",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b076-7f24-41a0-90c9-4ccb02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-10T20:00:50",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b076-3af4-4a65-a72c-4fe402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--476c045c-ea54-420b-a03a-8b26fbe58a1b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:09.000Z",
"modified": "2018-01-11T18:44:09.000Z",
"pattern": "[file:hashes.MD5 = 'd50e0523db467cf821df7ce3d8c0dc75' AND file:hashes.SHA1 = '9c79b28664797ae1b8af916226aeebd5060b1760' AND file:hashes.SHA256 = '77d0c7dd4b3d87be6d9dfb0a9c371b4d8eeadccb8fde41d942f1c35e5e3ec063']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2105ed48-0685-4700-b987-90f75b49e94a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:06.000Z",
"modified": "2018-01-11T18:44:06.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/77d0c7dd4b3d87be6d9dfb0a9c371b4d8eeadccb8fde41d942f1c35e5e3ec063/analysis/1515685812/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b076-8eac-4262-9b4b-448e02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "13/63",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b076-1410-454e-8d2c-432902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-11T15:50:12",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b076-ed18-4a2e-8f84-4c8202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e894048c-7d7d-493b-8f2c-70fad8bcd38a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:09.000Z",
"modified": "2018-01-11T18:44:09.000Z",
"pattern": "[file:hashes.MD5 = 'c0ffae6b8cdb5148533ea11810fb870e' AND file:hashes.SHA1 = '7e7f9e4fcca6f7517b1882e83d2e64470460c815' AND file:hashes.SHA256 = '329b9c5670ecdf25248e484e23c21bbc86f943d7573ff131c0dc71bc80812d1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--ad758221-7d66-4cec-901f-37c6833698ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:07.000Z",
"modified": "2018-01-11T18:44:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/329b9c5670ecdf25248e484e23c21bbc86f943d7573ff131c0dc71bc80812d1c/analysis/1515614398/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b077-229c-466c-9fb3-482a02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "5/63",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-4148-4bb2-b46d-41f402de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-10T19:59:58",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-e530-42b2-b507-4e3002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--76c68a27-afc3-4d94-866b-ffb5c7cdd2c4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:10.000Z",
"modified": "2018-01-11T18:44:10.000Z",
"pattern": "[file:hashes.MD5 = '9c66ff93022d399ab592d5587661c777' AND file:hashes.SHA1 = '3ec367d4aea942dbf161aef627f2dc8f3847a3a6' AND file:hashes.SHA256 = '7d3e61c2c58906e09d56121be94601744e362e6f8c6b7bf87472b62b0cf8ce57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--0a23e347-6cea-4755-b85b-f90a9c9e7541",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:07.000Z",
"modified": "2018-01-11T18:44:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/7d3e61c2c58906e09d56121be94601744e362e6f8c6b7bf87472b62b0cf8ce57/analysis/1515693693/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b077-8070-4497-9e7a-4bd602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "15/61",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-7aac-448d-a455-42da02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-11T18:01:33",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-dbc8-4d10-ae56-4eec02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--080d7c7a-d09d-4d58-86fb-b3a5f2e8481e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:10.000Z",
"modified": "2018-01-11T18:44:10.000Z",
"pattern": "[file:hashes.MD5 = '05c310308d916af4c56a89f8bbe45783' AND file:hashes.SHA1 = '2cbffddfbfd727d7595e3c37cc4e1bf588486e2c' AND file:hashes.SHA256 = 'aeef3ff7cc543bbacb6ab4df8da639b98be8f3c225678a4d0935f467bc6d720e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f0b92dc7-6edb-4f1e-8ea7-00651f07c42c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:07.000Z",
"modified": "2018-01-11T18:44:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/aeef3ff7cc543bbacb6ab4df8da639b98be8f3c225678a4d0935f467bc6d720e/analysis/1515685805/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b077-d794-475e-a057-488002de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "9/63",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-94bc-4055-9c9f-414702de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-11T15:50:05",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-d464-4a45-b8e6-45c402de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--85c68cf1-f521-42e7-83e5-6809af80abad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:10.000Z",
"modified": "2018-01-11T18:44:10.000Z",
"pattern": "[file:hashes.MD5 = '1cf1ed1a16ebe9aa92acd0857a73632a' AND file:hashes.SHA1 = 'd8d9b5b6ee549f842450f5fd73e88ba48c0fb1ba' AND file:hashes.SHA256 = 'ab2c4886a4e0681a55b29c653b506b66721a3f36a1b098afa7f56da6f89bf5de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--13297574-af51-485e-8807-1c7b66f655ec",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:07.000Z",
"modified": "2018-01-11T18:44:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ab2c4886a4e0681a55b29c653b506b66721a3f36a1b098afa7f56da6f89bf5de/analysis/1515685808/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b077-7e74-4b45-a123-44bd02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "13/63",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-497c-49ec-a8ed-437202de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-11T15:50:08",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b077-b3f8-4044-bb43-491a02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ee58fd13-7578-4389-9c9c-c1ce4f99df7f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:10.000Z",
"modified": "2018-01-11T18:44:10.000Z",
"pattern": "[file:hashes.MD5 = 'f15f17a6dd14785a12ab4b804cb16d3e' AND file:hashes.SHA1 = '3096250fe90826f05aee32474c7e20fe8a268e5b' AND file:hashes.SHA256 = '621092856e20e628a577dbe9248649eae78d1af611d9168635b22057c6c7552b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--c6570cb6-61e3-4cd2-8e44-cb309a0726cb",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:07.000Z",
"modified": "2018-01-11T18:44:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/621092856e20e628a577dbe9248649eae78d1af611d9168635b22057c6c7552b/analysis/1515688818/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b077-7ed8-4033-9d28-4a8c02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/62",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b078-ca70-4101-b2cc-476302de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-11T16:40:18",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b078-6bb0-47e3-bcbe-4ffb02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59c0d9e3-395f-444f-9080-64f72087ac06",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:11.000Z",
"modified": "2018-01-11T18:44:11.000Z",
"pattern": "[file:hashes.MD5 = '43183779b1da5cb60b949ab38d3c69c0' AND file:hashes.SHA1 = '78a6859349f3503c40b54f8706ec97e6272c496c' AND file:hashes.SHA256 = 'b4822eeb71c83e4aab5ddfecfb58459e5c5e10d382a2364da1c42621f58e119b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--23fad007-c563-45d2-90d1-cda2d4d05347",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:08.000Z",
"modified": "2018-01-11T18:44:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b4822eeb71c83e4aab5ddfecfb58459e5c5e10d382a2364da1c42621f58e119b/analysis/1515685803/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b078-a5fc-4c98-a267-45ad02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "9/63",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b078-5600-43a6-b9d7-408302de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-11T15:50:03",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b078-c784-4dc8-afa2-4c8002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--05de6304-76c1-4b35-822e-bcde5a58d1f8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:11.000Z",
"modified": "2018-01-11T18:44:11.000Z",
"pattern": "[file:hashes.MD5 = 'a18a70c259276e30b6a6305f568ed700' AND file:hashes.SHA1 = 'd4743b60452d2ca240f0045fed4b4b90b9a8b638' AND file:hashes.SHA256 = '2856f3d1282ddc6bcfe65b0c91a87d998edccb777387e3f998bc3b6f1d0b3342']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-01-11T18:44:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d2c9839e-e81e-4a2b-91b4-f8520b27adee",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-01-11T18:44:08.000Z",
"modified": "2018-01-11T18:44:08.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/2856f3d1282ddc6bcfe65b0c91a87d998edccb777387e3f998bc3b6f1d0b3342/analysis/1515685814/",
"category": "External analysis",
"comment": "Malicious app",
"uuid": "5a57b078-58cc-4fc9-affe-415602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "12/63",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b078-7444-4c22-8bb0-471802de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-01-11T15:50:14",
"category": "Other",
"comment": "Malicious app",
"uuid": "5a57b078-d3f8-4875-885b-436202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4ab33f62-315f-4c4f-be1c-117e7e0cf04b",
"created": "2018-02-16T08:46:56.000Z",
"modified": "2018-02-16T08:46:56.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bc1cef6c-4d5a-436a-9579-8cd4b6d782b2",
"target_ref": "x-misp-object--1bf0aa26-cd3c-47a6-81ac-3afdca27d963"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9f61fb74-bdd4-4757-b78d-14b896d7cb4c",
"created": "2018-02-16T08:46:56.000Z",
"modified": "2018-02-16T08:46:56.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--476c045c-ea54-420b-a03a-8b26fbe58a1b",
"target_ref": "x-misp-object--2105ed48-0685-4700-b987-90f75b49e94a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--409f9254-2f95-4614-a06e-2368ee41685c",
"created": "2018-02-16T08:46:57.000Z",
"modified": "2018-02-16T08:46:57.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--e894048c-7d7d-493b-8f2c-70fad8bcd38a",
"target_ref": "x-misp-object--ad758221-7d66-4cec-901f-37c6833698ec"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--542504c1-5db9-47e4-bb06-17cf0e5e41f1",
"created": "2018-02-16T08:46:57.000Z",
"modified": "2018-02-16T08:46:57.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--76c68a27-afc3-4d94-866b-ffb5c7cdd2c4",
"target_ref": "x-misp-object--0a23e347-6cea-4755-b85b-f90a9c9e7541"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--516886c3-3256-4647-b7f7-459c452448e4",
"created": "2018-02-16T08:46:57.000Z",
"modified": "2018-02-16T08:46:57.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--080d7c7a-d09d-4d58-86fb-b3a5f2e8481e",
"target_ref": "x-misp-object--f0b92dc7-6edb-4f1e-8ea7-00651f07c42c"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--6ae172f3-02f5-41ed-aeeb-d51aeb13572e",
"created": "2018-02-16T08:46:57.000Z",
"modified": "2018-02-16T08:46:57.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--85c68cf1-f521-42e7-83e5-6809af80abad",
"target_ref": "x-misp-object--13297574-af51-485e-8807-1c7b66f655ec"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d821a008-4cee-4190-8bd3-fd1487795615",
"created": "2018-02-16T08:46:57.000Z",
"modified": "2018-02-16T08:46:57.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ee58fd13-7578-4389-9c9c-c1ce4f99df7f",
"target_ref": "x-misp-object--c6570cb6-61e3-4cd2-8e44-cb309a0726cb"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9e23242c-17f4-4418-baa1-460c8fb5151c",
"created": "2018-02-16T08:46:57.000Z",
"modified": "2018-02-16T08:46:57.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--59c0d9e3-395f-444f-9080-64f72087ac06",
"target_ref": "x-misp-object--23fad007-c563-45d2-90d1-cda2d4d05347"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--9ce00785-196e-4721-83b9-edcdbb65aeda",
"created": "2018-02-16T08:46:57.000Z",
"modified": "2018-02-16T08:46:57.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--05de6304-76c1-4b35-822e-bcde5a58d1f8",
"target_ref": "x-misp-object--d2c9839e-e81e-4a2b-91b4-f8520b27adee"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink