{ "type": "bundle", "id": "bundle--5af2a95d-762c-4692-9843-4ab3950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:18:58.000Z", "modified": "2018-05-09T09:18:58.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--5af2a95d-762c-4692-9843-4ab3950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:18:58.000Z", "modified": "2018-05-09T09:18:58.000Z", "name": "OSINT - Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users", "context": "suspicious-activity", "object_refs": [ "observed-data--5af2a976-856c-4d53-b2b7-4a2d950d210f", "url--5af2a976-856c-4d53-b2b7-4a2d950d210f", "x-misp-attribute--5af2a98a-2ecc-4d3c-9f89-4263950d210f", "indicator--5af2ad8e-2e2c-4ff1-bd8e-49fd950d210f", "indicator--5af2aee4-0dec-4023-80fa-457b950d210f", "observed-data--5af2b25c-263c-46ed-82ff-4608950d210f", "url--5af2b25c-263c-46ed-82ff-4608950d210f", "indicator--5af2b2b4-c3d4-407d-a4f3-482f950d210f", "indicator--5af2b2b4-52b4-4061-baf6-402b950d210f", "indicator--5af2b323-134c-46ea-b463-4399950d210f", "indicator--5af2b6e0-0e84-4492-850a-4378950d210f", "indicator--5af2b6e0-1dc4-4c64-b26d-4522950d210f", "indicator--5af2b7b8-ce00-4c6c-9509-4f42950d210f", "indicator--5af2b81b-3244-43a5-9326-42fd950d210f", "indicator--5af2bace-0134-49e2-9913-4c21950d210f", "indicator--5af2bacf-f104-49ed-8bcc-4a81950d210f", "indicator--5af2bacf-6ee4-4ece-965f-4c94950d210f", "indicator--5af2bacf-4634-4d58-b5d7-46f5950d210f", "indicator--5af2bbd9-3300-47b8-82f6-4953950d210f", "indicator--5af2bbfa-c3f8-47f7-91a5-40e2950d210f", "indicator--5af2b024-2fbc-42e8-8720-4b8a950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"", "enisa:nefarious-activity-abuse=\"mobile-malware\"", "misp-galaxy:tool=\"Mimikatz\"", "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"", "osint:source-type=\"blog-post\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5af2a976-856c-4d53-b2b7-4a2d950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T07:58:29.000Z", "modified": "2018-05-09T07:58:29.000Z", "first_observed": "2018-05-09T07:58:29Z", "last_observed": "2018-05-09T07:58:29Z", "number_observed": 1, "object_refs": [ "url--5af2a976-856c-4d53-b2b7-4a2d950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "estimative-language:confidence-in-analytic-judgment=\"high\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5af2a976-856c-4d53-b2b7-4a2d950d210f", "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware-poses-as-adult-game-targets-windows-and-android-users/" }, { "type": "x-misp-attribute", "spec_version": "2.1", "id": "x-misp-attribute--5af2a98a-2ecc-4d3c-9f89-4263950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T07:58:29.000Z", "modified": "2018-05-09T07:58:29.000Z", "labels": [ "misp:type=\"text\"", "misp:category=\"External analysis\"", "osint:source-type=\"blog-post\"", "estimative-language:confidence-in-analytic-judgment=\"high\"" ], "x_misp_category": "External analysis", "x_misp_type": "text", "x_misp_value": "We discovered a malware family called Maikspy \u2014 a multi-platform spyware that can steal users\u2019 private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016." }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2ad8e-2e2c-4ff1-bd8e-49fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:13:02.000Z", "modified": "2018-05-09T08:13:02.000Z", "pattern": "[url:value = 'http://miakhalifagame.com/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:13:02Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2aee4-0dec-4023-80fa-457b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:18:44.000Z", "modified": "2018-05-09T08:18:44.000Z", "pattern": "[url:value = 'http://miakhalifagame.com/get_access2.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:18:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--5af2b25c-263c-46ed-82ff-4608950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:33:32.000Z", "modified": "2018-05-09T08:33:32.000Z", "first_observed": "2018-05-09T08:33:32Z", "last_observed": "2018-05-09T08:33:32Z", "number_observed": 1, "object_refs": [ "url--5af2b25c-263c-46ed-82ff-4608950d210f" ], "labels": [ "misp:type=\"link\"", "misp:category=\"Support Tool\"" ] }, { "type": "url", "spec_version": "2.1", "id": "url--5af2b25c-263c-46ed-82ff-4608950d210f", "value": "https://github.com/gentilkiwi/mimikatz" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b2b4-c3d4-407d-a4f3-482f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:35:00.000Z", "modified": "2018-05-09T08:35:00.000Z", "pattern": "[file:name = 'VirtualGirlfriend.crx']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:35:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Payload delivery" } ], "labels": [ "misp:type=\"filename\"", "misp:category=\"Payload delivery\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b2b4-52b4-4061-baf6-402b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:35:00.000Z", "modified": "2018-05-09T08:35:00.000Z", "pattern": "[url:value = 'http://miakhalifagame.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:35:00Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b323-134c-46ea-b463-4399950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:36:51.000Z", "modified": "2018-05-09T08:36:51.000Z", "pattern": "[url:value = 'https://miakhalifagame.com/testinn.php']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:36:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b6e0-0e84-4492-850a-4378950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:52:48.000Z", "modified": "2018-05-09T08:52:48.000Z", "pattern": "[url:value = 'https://twitter.com/RoundYear_Fun']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:52:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b6e0-1dc4-4c64-b26d-4522950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:52:48.000Z", "modified": "2018-05-09T08:52:48.000Z", "pattern": "[url:value = 'http://www.roundyearfun.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:52:48Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b7b8-ce00-4c6c-9509-4f42950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:56:24.000Z", "modified": "2018-05-09T08:56:24.000Z", "pattern": "[url:value = 'http://roundyearfun.org/noavi/MiaKhalifa.apk']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:56:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b81b-3244-43a5-9326-42fd950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:58:03.000Z", "modified": "2018-05-09T08:58:03.000Z", "pattern": "[url:value = 'http://miakhalifagame.com/img/ryf.jpg']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:58:03Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2bace-0134-49e2-9913-4c21950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:09:34.000Z", "modified": "2018-05-09T09:09:34.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.46.243']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T09:09:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2bacf-f104-49ed-8bcc-4a81950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:09:35.000Z", "modified": "2018-05-09T09:09:35.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.12.155.84']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T09:09:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2bacf-6ee4-4ece-965f-4c94950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:09:35.000Z", "modified": "2018-05-09T09:09:35.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.169.217.55']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T09:09:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2bacf-4634-4d58-b5d7-46f5950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:09:35.000Z", "modified": "2018-05-09T09:09:35.000Z", "description": "C2", "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.12.149.13']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T09:09:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2bbd9-3300-47b8-82f6-4953950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:14:01.000Z", "modified": "2018-05-09T09:14:01.000Z", "pattern": "[url:value = 'http://roundyearfun.org/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T09:14:01Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2bbfa-c3f8-47f7-91a5-40e2950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T09:14:34.000Z", "modified": "2018-05-09T09:14:34.000Z", "pattern": "[url:value = 'http://fakeomegle.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T09:14:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--5af2b024-2fbc-42e8-8720-4b8a950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2018-05-09T08:24:04.000Z", "modified": "2018-05-09T08:24:04.000Z", "pattern": "[file:name = 'MiaKhalifa.rar' AND file:x_misp_state = 'Malicious']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2018-05-09T08:24:04Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "file" } ], "labels": [ "misp:name=\"file\"", "misp:meta-category=\"file\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }