2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "2" ,
"date" : "2017-04-23" ,
"extends_uuid" : "" ,
"info" : "OSINT - FlexSpy Application Analysis" ,
"publish_timestamp" : "1492981296" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1492981249" ,
"uuid" : "58fce117-452c-42ed-a2dc-b64a950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#3b7500" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "circl:incident-classification=\"malware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492967971" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58fce124-1a0c-4d73-904b-dbd5950d210f" ,
"value" : "http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html" ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0c9100" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "admiralty-scale:source-reliability=\"f\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492967972" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "58fce13b-fadc-4e55-a0d4-46ea950d210f" ,
"value" : "On 04/22/2017 FlexiDie released source code and binaries for FlexiSpy\u00e2\u20ac\u2122s mobile spyware program. Being a good reverse engineer that I am, my analysis is below. The IOC section is intended for other reverse engineers and antivirus vendors. General Overview is intended for journalists. I will release a detailed technical teardown in a day or two." ,
"Tag" : [
{
"colour" : "#00223b" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0c9100" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "admiralty-scale:source-reliability=\"f\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
]
} ,
{
"category" : "Network activity" ,
"comment" : "(found in com.vvt.phoenix.prot.test.CSMTest" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492967795" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58fce173-d508-4f0f-8a89-dba6950d210f" ,
"value" : "http://58.137.119.229/RainbowCore/"
} ,
{
"category" : "Network activity" ,
"comment" : "found in source//location_capture/tests/location_capture_tests/src/com/vvt/locationcapture/tests/Location_capture_testsActivity.java:" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492967796" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58fce174-1b68-4e69-b27f-dba6950d210f" ,
"value" : "http://trkps.com/m.php?lat=%f&long=%f&t=%s&i=%s&z=5"
} ,
{
"category" : "Network activity" ,
"comment" : "On port 8880" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492967797" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "58fce175-c7b4-4488-8f4d-dba6950d210f" ,
"value" : "http://202.176.88.55"
} ,
{
"category" : "Network activity" ,
"comment" : "Another IP address was found commented out in the code base //private String mUrl =" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492967868" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "58fce1bc-783c-4960-a449-dba5950d210f" ,
"value" : "202.176.88.55"
} ,
{
"category" : "Network activity" ,
"comment" : "(found in com.vvt.phoenix.prot.test.CSMTest)" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492967869" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "58fce1bd-c0a4-4862-a657-dba5950d210f" ,
"value" : "58.137.119.229"
} ,
{
"category" : "Network activity" ,
"comment" : "In sample comments" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492981246" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "58fd15fe-c4ac-4a6c-bbd3-4815950d210f" ,
"value" : "58.137.119.224"
} ,
{
"category" : "Network activity" ,
"comment" : "In sample comments" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1492981248" ,
"to_ids" : true ,
"type" : "ip-dst" ,
"uuid" : "58fd1600-dcf8-4103-af30-4e0f950d210f" ,
"value" : "58.137.119.239"
}
]
}
}