599 lines
No EOL
25 KiB
JSON
599 lines
No EOL
25 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--56df115b-5030-4328-a9ee-4484950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:39.000Z",
|
|
"modified": "2016-03-08T17:55:39.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--56df115b-5030-4328-a9ee-4484950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:39.000Z",
|
|
"modified": "2016-03-08T17:55:39.000Z",
|
|
"name": "BadMirror: New Android Malware Family Spotted by SherlockDroid",
|
|
"published": "2016-03-08T17:55:47Z",
|
|
"object_refs": [
|
|
"indicator--56df117b-4f04-4945-b56a-4591950d210f",
|
|
"indicator--56df117b-ff24-431b-83d7-457f950d210f",
|
|
"indicator--56df117b-fde8-4890-9b65-494f950d210f",
|
|
"indicator--56df117b-9578-43b5-9155-416e950d210f",
|
|
"indicator--56df119a-c078-4452-a404-5cd9950d210f",
|
|
"indicator--56df119a-8a5c-42a6-ad39-5cd9950d210f",
|
|
"indicator--56df119b-0e04-455d-9301-5cd9950d210f",
|
|
"indicator--56df119b-4558-4616-9bd8-5cd9950d210f",
|
|
"indicator--56df119b-1054-45de-a07a-5cd9950d210f",
|
|
"indicator--56df119c-903c-49ca-ad6b-5cd9950d210f",
|
|
"indicator--56df119c-5af8-4711-a455-5cd9950d210f",
|
|
"indicator--56df119c-4f38-4f82-a8ee-5cd9950d210f",
|
|
"indicator--56df119d-fdb0-4e36-add5-5cd9950d210f",
|
|
"indicator--56df119d-2018-4457-b8c4-5cd9950d210f",
|
|
"indicator--56df11ac-0c48-4f48-b57e-4206950d210f",
|
|
"indicator--56df11f9-6a3c-45af-ab0e-460a02de0b81",
|
|
"indicator--56df11f9-1fac-4cb2-b73e-45c702de0b81",
|
|
"observed-data--56df11fa-6568-42b1-b6ba-415502de0b81",
|
|
"url--56df11fa-6568-42b1-b6ba-415502de0b81",
|
|
"indicator--56df11fa-fc88-41ef-b781-478a02de0b81",
|
|
"indicator--56df11fa-7ad8-4ed6-9a63-471c02de0b81",
|
|
"observed-data--56df11fa-5510-469d-8869-421b02de0b81",
|
|
"url--56df11fa-5510-469d-8869-421b02de0b81",
|
|
"observed-data--56df121b-9fd0-4b3e-b630-414c950d210f",
|
|
"url--56df121b-9fd0-4b3e-b630-414c950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df117b-4f04-4945-b56a-4591950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:52:59.000Z",
|
|
"modified": "2016-03-08T17:52:59.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://silent.googlestatistics.net:10055/api/sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:52:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df117b-ff24-431b-83d7-457f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:52:59.000Z",
|
|
"modified": "2016-03-08T17:52:59.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://silent.800t.net:10055/api/sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:52:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df117b-fde8-4890-9b65-494f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:52:59.000Z",
|
|
"modified": "2016-03-08T17:52:59.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://googlestatistics.net:10055/boxgame/appmore/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:52:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df117b-9578-43b5-9155-416e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:52:59.000Z",
|
|
"modified": "2016-03-08T17:52:59.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'http://bg.800t.net:10055/appmore/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:52:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119a-c078-4452-a404-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:30.000Z",
|
|
"modified": "2016-03-08T17:53:30.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = '835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119a-8a5c-42a6-ad39-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:30.000Z",
|
|
"modified": "2016-03-08T17:53:30.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = 'ba56136e88e398a8e7f7c3c398b21550d17beb3ae533b579d6a1abf5de6d4d5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119b-0e04-455d-9301-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:31.000Z",
|
|
"modified": "2016-03-08T17:53:31.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = '171ccb5ef9ff1bbeb65912b7fbaa30724aa17f949e4ac75738d4fbf74ad6577c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119b-4558-4616-9bd8-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:31.000Z",
|
|
"modified": "2016-03-08T17:53:31.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = '4393b8d81d6ccd5be5aa2652180dfb7213dca8a9f089c70edf4b2b1711aadeba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119b-1054-45de-a07a-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:31.000Z",
|
|
"modified": "2016-03-08T17:53:31.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = 'bad6b2f190c042e85c18fab79f3008bc167dd20a37a2382089e8c50910b2d8bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119c-903c-49ca-ad6b-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:32.000Z",
|
|
"modified": "2016-03-08T17:53:32.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = 'c17e327c1b35589317ad4f9f877fb260eac7fc4d1d8647bf1335348ce7ba1564']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119c-5af8-4711-a455-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:32.000Z",
|
|
"modified": "2016-03-08T17:53:32.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = 'c684f0d3a87b8bc1f69291fa526ccad2fa71a4701cf55531b23509a985a36210']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119c-4f38-4f82-a8ee-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:32.000Z",
|
|
"modified": "2016-03-08T17:53:32.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = '8721d98ef053e6f429cbc07a710b87b8048c8b8bb9788651f20e90281bb37ac5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119d-fdb0-4e36-add5-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:33.000Z",
|
|
"modified": "2016-03-08T17:53:33.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = 'f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df119d-2018-4457-b8c4-5cd9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:53:33.000Z",
|
|
"modified": "2016-03-08T17:53:33.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = '86e48e907a412f110db908234899037e6890872452b260274e03c5c736537932']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:53:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df11ac-0c48-4f48-b57e-4206950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:54:12.000Z",
|
|
"modified": "2016-03-08T17:54:12.000Z",
|
|
"description": "Samples",
|
|
"pattern": "[file:hashes.SHA256 = 'a839afe5b67de0d7500f30cd787abfbcaf268c2684b8e247381e28e4bb18e551']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:54:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df11f9-6a3c-45af-ab0e-460a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:05.000Z",
|
|
"modified": "2016-03-08T17:55:05.000Z",
|
|
"description": "Samples - Xchecked via VT: f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6",
|
|
"pattern": "[file:hashes.SHA1 = 'c3edf6fcdc0770c62cc03078051392db418fec7e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:55:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df11f9-1fac-4cb2-b73e-45c702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:05.000Z",
|
|
"modified": "2016-03-08T17:55:05.000Z",
|
|
"description": "Samples - Xchecked via VT: f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6",
|
|
"pattern": "[file:hashes.MD5 = '415990651f6b53b6df3208bea7e5e29d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:55:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56df11fa-6568-42b1-b6ba-415502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:06.000Z",
|
|
"modified": "2016-03-08T17:55:06.000Z",
|
|
"first_observed": "2016-03-08T17:55:06Z",
|
|
"last_observed": "2016-03-08T17:55:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56df11fa-6568-42b1-b6ba-415502de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56df11fa-6568-42b1-b6ba-415502de0b81",
|
|
"value": "https://www.virustotal.com/file/f45fc90d1f2818c72ece2b1a88d6dad6f6065a7a6e1b366e919c8fc85c1391f6/analysis/1457418028/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df11fa-fc88-41ef-b781-478a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:06.000Z",
|
|
"modified": "2016-03-08T17:55:06.000Z",
|
|
"description": "Samples - Xchecked via VT: 835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e",
|
|
"pattern": "[file:hashes.SHA1 = '05d9c9eeded99da30bbddbb81150c0eff45d812e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:55:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56df11fa-7ad8-4ed6-9a63-471c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:06.000Z",
|
|
"modified": "2016-03-08T17:55:06.000Z",
|
|
"description": "Samples - Xchecked via VT: 835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e",
|
|
"pattern": "[file:hashes.MD5 = '4f437c0e4a424bc25c1a3abf26321d98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-03-08T17:55:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56df11fa-5510-469d-8869-421b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:06.000Z",
|
|
"modified": "2016-03-08T17:55:06.000Z",
|
|
"first_observed": "2016-03-08T17:55:06Z",
|
|
"last_observed": "2016-03-08T17:55:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56df11fa-5510-469d-8869-421b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56df11fa-5510-469d-8869-421b02de0b81",
|
|
"value": "https://www.virustotal.com/file/835c14d38926c88ee9a51a0b6d8c7893a76e3bf4e8d1978b650e178c88b1e07e/analysis/1457415536/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56df121b-9fd0-4b3e-b630-414c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-03-08T17:55:39.000Z",
|
|
"modified": "2016-03-08T17:55:39.000Z",
|
|
"first_observed": "2016-03-08T17:55:39Z",
|
|
"last_observed": "2016-03-08T17:55:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56df121b-9fd0-4b3e-b630-414c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56df121b-9fd0-4b3e-b630-414c950d210f",
|
|
"value": "http://blog.fortinet.com/post/badmirror-new-android-malware-family-spotted-by-sherlockdroid"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |