1 line
6.9 KiB
JSON
1 line
6.9 KiB
JSON
|
{"Event": {"info": "OSINT - Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#37ab00", "exportable": true, "name": "enisa:nefarious-activity-abuse=\"mobile-malware\""}, {"colour": "#064800", "exportable": true, "name": "misp-galaxy:tool=\"Mimikatz\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1525857538", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af2b024-2fbc-42e8-8720-4b8a950d210f", "sharing_group_id": "0", "timestamp": "1525854244", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af2b025-ae2c-4057-835a-4850950d210f", "timestamp": "1525854245", "to_ids": true, "value": "MiaKhalifa.rar", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5af2b026-d708-4c85-94c4-48d0950d210f", "timestamp": "1525854246", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af2a976-856c-4d53-b2b7-4a2d950d210f", "timestamp": "1525852709", "to_ids": false, "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware-poses-as-adult-game-targets-windows-and-android-users/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0029ff", "exportable": true, "name": "estimative-language:confidence-in-analytic-judgment=\"high\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5af2a98a-2ecc-4d3c-9f89-4263950d210f", "timestamp": "1525852709", "to_ids": false, "value": "We discovered a malware family called Maikspy \u2014 a multi-platform spyware that can steal users\u2019 private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0029ff", "exportable": true, "name": "estimative-language:confidence-in-analytic-judgment=\"high\""}], "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5af2ad8e-2e2c-4ff1-bd8e-49fd950d210f", "timestamp": "1525853582", "to_ids": true, "value": "http://miakhalifagame.com/", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2aee4-0dec-4023-80fa-457b950d210f", "timestamp": "1525853924", "to_ids": true, "value": "http://miakhalifagame.com/get_access2.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Support Tool", "uuid": "5af2b25c-263c-46ed-82ff-4608950d210f", "timestamp": "1525854812", "to_ids": false, "value": "https://github.com/gentilkiwi/mimikatz", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "5af2b2b4-c3d4-407d-a4f3-482f950d210f", "timestamp": "1525854900", "to_ids": true, "value": "VirtualGirlfriend.crx", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Network activity", "uuid": "5af2b2b4-52b4-4061-baf6-402b950d210f", "timestamp": "1525854900", "to_ids": true, "value": "http://miakhalifagame.com", "disable_correlation": false, "object_relation":
|