misp-circl-feed/feeds/circl/misp/582176fc-def0-44a8-b435-4f66950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2016-11-08",
    "extends_uuid": "",
    "info": "OSINT - Exaspy \u00e2\u20ac\u201c Commodity Android Spyware Targeting High-level Executives",
    "publish_timestamp": "1478588487",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1478588454",
    "uuid": "582176fc-def0-44a8-b435-4f66950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#5f0077",
        "local": false,
        "name": "ms-caro-malware:malware-platform=\"AndroidOS\"",
        "relationship_type": ""
      },
      {
        "colour": "#37ab00",
        "local": false,
        "name": "enisa:nefarious-activity-abuse=\"mobile-malware\"",
        "relationship_type": ""
      },
      {
        "colour": "#3a7300",
        "local": false,
        "name": "circl:incident-classification=\"malware\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588172",
        "to_ids": false,
        "type": "link",
        "uuid": "5821770c-ac54-4173-992f-4d01950d210f",
        "value": "https://www.skycure.com/blog/exaspy-commodity-android-spyware-targeting-high-level-executives/"
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588199",
        "to_ids": false,
        "type": "comment",
        "uuid": "58217727-65a8-4dc0-b579-48c1950d210f",
        "value": "Early September, Skycure Research Labs detected a fake app within one of our customer\u00e2\u20ac\u2122s organizations, identified through our crowd-sourced intelligence policies (whereby anyone running the Skycure mobile app acts as a threat detecting sensor). This customer is a global technology company, which deployed Skycure\u00e2\u20ac\u2122s Enterprise Mobile Threat Defense solution for all iOS and Android devices within their organization. This incident happened on an Android 6.0.1 device, owned by one of the company\u00e2\u20ac\u2122s Vice Presidents. The customer has given us approval to share some of the details about the Spyware app that Skycure discovered."
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588230",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58217746-abb4-4d54-ad37-4df3950d210f",
        "value": "c4826138e07636af1eeb6008e580704575ec1bc7"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588230",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58217746-7bcc-4114-8ffb-41a1950d210f",
        "value": "4bf89c3bf4fb88ad6456fe5642868272e4e2f364"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588230",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58217746-e3c4-4a41-930f-4d9c950d210f",
        "value": "9725c1bf9483ff41f226f22bd331387c187e9179"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588230",
        "to_ids": true,
        "type": "sha1",
        "uuid": "58217746-4598-40a4-8287-4fb6950d210f",
        "value": "f1fbebc2beafe0467ee00e69b3f75719cdbbd693"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588252",
        "to_ids": true,
        "type": "x509-fingerprint-sha1",
        "uuid": "5821775c-cda4-4aa0-aa41-4d1d950d210f",
        "value": "c5c82ecf20af94e0f2a19078b790d8434ccedb59"
      },
      {
        "category": "Artifacts dropped",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588279",
        "to_ids": true,
        "type": "pattern-in-file",
        "uuid": "58217777-9a6c-43f6-8331-4551950d210f",
        "value": "Subject: /O=Exaspy/OU=Exaspy/CN=Exaspy"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: f1fbebc2beafe0467ee00e69b3f75719cdbbd693",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588454",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58217826-0f64-4c14-88ac-453f02de0b81",
        "value": "fee19f19638b0f66ba5cb32c229c4cb62e197cc10ce061666c543a7d0bdf784a"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: f1fbebc2beafe0467ee00e69b3f75719cdbbd693",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588455",
        "to_ids": true,
        "type": "md5",
        "uuid": "58217827-8734-4c43-a579-440602de0b81",
        "value": "7fa9b921f9cf78f9503fa808c44b3f0e"
      },
      {
        "category": "External analysis",
        "comment": "com.android.protect - Xchecked via VT: f1fbebc2beafe0467ee00e69b3f75719cdbbd693",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588455",
        "to_ids": false,
        "type": "link",
        "uuid": "58217827-14d0-43e8-bdaf-467002de0b81",
        "value": "https://www.virustotal.com/file/fee19f19638b0f66ba5cb32c229c4cb62e197cc10ce061666c543a7d0bdf784a/analysis/1478545205/"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: 9725c1bf9483ff41f226f22bd331387c187e9179",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588455",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58217827-a93c-41e4-849a-4eef02de0b81",
        "value": "b9d37ce509d37ade6cb064ff41e6de99fcf686fcea70ae355f76018896eaf508"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: 9725c1bf9483ff41f226f22bd331387c187e9179",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588455",
        "to_ids": true,
        "type": "md5",
        "uuid": "58217827-4c0c-41be-8414-4af602de0b81",
        "value": "204f3840d8e641642ddb682827c07e66"
      },
      {
        "category": "External analysis",
        "comment": "com.android.protect - Xchecked via VT: 9725c1bf9483ff41f226f22bd331387c187e9179",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588455",
        "to_ids": false,
        "type": "link",
        "uuid": "58217827-d514-4f1a-8d38-4f9602de0b81",
        "value": "https://www.virustotal.com/file/b9d37ce509d37ade6cb064ff41e6de99fcf686fcea70ae355f76018896eaf508/analysis/1478208415/"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: 4bf89c3bf4fb88ad6456fe5642868272e4e2f364",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588456",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58217828-a5f0-40ee-b9f5-49d702de0b81",
        "value": "cd021fdf7e00a76a13e51f8608a687208be3eb68139627a1986bb0c4009dc58c"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: 4bf89c3bf4fb88ad6456fe5642868272e4e2f364",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588456",
        "to_ids": true,
        "type": "md5",
        "uuid": "58217828-039c-4de5-a02c-41a802de0b81",
        "value": "b7a6e575fdd46ae65b0b2a8392811919"
      },
      {
        "category": "External analysis",
        "comment": "com.android.protect - Xchecked via VT: 4bf89c3bf4fb88ad6456fe5642868272e4e2f364",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588456",
        "to_ids": false,
        "type": "link",
        "uuid": "58217828-a050-4c4c-a8c2-4fd102de0b81",
        "value": "https://www.virustotal.com/file/cd021fdf7e00a76a13e51f8608a687208be3eb68139627a1986bb0c4009dc58c/analysis/1478547307/"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: c4826138e07636af1eeb6008e580704575ec1bc7",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588456",
        "to_ids": true,
        "type": "sha256",
        "uuid": "58217828-45ec-4cb9-a1bc-4dc202de0b81",
        "value": "0b8eb5b517a5a841a888d583e0a187983c6028b92634116cfc9bf79d165ac988"
      },
      {
        "category": "Payload installation",
        "comment": "com.android.protect - Xchecked via VT: c4826138e07636af1eeb6008e580704575ec1bc7",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588457",
        "to_ids": true,
        "type": "md5",
        "uuid": "58217829-ae18-45af-ac90-44d602de0b81",
        "value": "c4c3522074b9808d10e2828d41aafdda"
      },
      {
        "category": "External analysis",
        "comment": "com.android.protect - Xchecked via VT: c4826138e07636af1eeb6008e580704575ec1bc7",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1478588457",
        "to_ids": false,
        "type": "link",
        "uuid": "58217829-9d78-4f84-9fb1-431702de0b81",
        "value": "https://www.virustotal.com/file/0b8eb5b517a5a841a888d583e0a187983c6028b92634116cfc9bf79d165ac988/analysis/1478534532/"
      }
    ]
  }
}