misp-circl-feed/feeds/circl/misp/5af2a95d-762c-4692-9843-4ab3950d210f.json

1 line
No EOL
6.9 KiB
JSON

{"Event": {"info": "OSINT - Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users", "Tag": [{"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#37ab00", "exportable": true, "name": "enisa:nefarious-activity-abuse=\"mobile-malware\""}, {"colour": "#064800", "exportable": true, "name": "misp-galaxy:tool=\"Mimikatz\""}, {"colour": "#0088cc", "exportable": true, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\""}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "publish_timestamp": "0", "timestamp": "1525857538", "Object": [{"comment": "", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "uuid": "5af2b024-2fbc-42e8-8720-4b8a950d210f", "sharing_group_id": "0", "timestamp": "1525854244", "description": "File object describing a file with meta-information", "template_version": "11", "Attribute": [{"comment": "", "category": "Payload delivery", "uuid": "5af2b025-ae2c-4057-835a-4850950d210f", "timestamp": "1525854245", "to_ids": true, "value": "MiaKhalifa.rar", "disable_correlation": true, "object_relation": "filename", "type": "filename"}, {"comment": "", "category": "Other", "uuid": "5af2b026-d708-4c85-94c4-48d0950d210f", "timestamp": "1525854246", "to_ids": false, "value": "Malicious", "disable_correlation": true, "object_relation": "state", "type": "text"}], "distribution": "5", "meta-category": "file", "name": "file"}], "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5af2a976-856c-4d53-b2b7-4a2d950d210f", "timestamp": "1525852709", "to_ids": false, "value": "https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware-poses-as-adult-game-targets-windows-and-android-users/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0029ff", "exportable": true, "name": "estimative-language:confidence-in-analytic-judgment=\"high\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5af2a98a-2ecc-4d3c-9f89-4263950d210f", "timestamp": "1525852709", "to_ids": false, "value": "We discovered a malware family called Maikspy \u2014 a multi-platform spyware that can steal users\u2019 private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#0029ff", "exportable": true, "name": "estimative-language:confidence-in-analytic-judgment=\"high\""}], "disable_correlation": false, "object_relation": null, "type": "text"}, {"comment": "", "category": "Network activity", "uuid": "5af2ad8e-2e2c-4ff1-bd8e-49fd950d210f", "timestamp": "1525853582", "to_ids": true, "value": "http://miakhalifagame.com/", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2aee4-0dec-4023-80fa-457b950d210f", "timestamp": "1525853924", "to_ids": true, "value": "http://miakhalifagame.com/get_access2.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Support Tool", "uuid": "5af2b25c-263c-46ed-82ff-4608950d210f", "timestamp": "1525854812", "to_ids": false, "value": "https://github.com/gentilkiwi/mimikatz", "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "Payload delivery", "uuid": "5af2b2b4-c3d4-407d-a4f3-482f950d210f", "timestamp": "1525854900", "to_ids": true, "value": "VirtualGirlfriend.crx", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "", "category": "Network activity", "uuid": "5af2b2b4-52b4-4061-baf6-402b950d210f", "timestamp": "1525854900", "to_ids": true, "value": "http://miakhalifagame.com", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2b323-134c-46ea-b463-4399950d210f", "timestamp": "1525855011", "to_ids": true, "value": "https://miakhalifagame.com/testinn.php", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2b6e0-0e84-4492-850a-4378950d210f", "timestamp": "1525855968", "to_ids": true, "value": "https://twitter.com/RoundYear_Fun", "disable_correlation": true, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2b6e0-1dc4-4c64-b26d-4522950d210f", "timestamp": "1525855968", "to_ids": true, "value": "http://www.roundyearfun.org", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2b7b8-ce00-4c6c-9509-4f42950d210f", "timestamp": "1525856184", "to_ids": true, "value": "http://roundyearfun.org/noavi/MiaKhalifa.apk", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2b81b-3244-43a5-9326-42fd950d210f", "timestamp": "1525856283", "to_ids": true, "value": "http://miakhalifagame.com/img/ryf.jpg", "disable_correlation": true, "object_relation": null, "type": "url"}, {"comment": "C2", "category": "Network activity", "uuid": "5af2bace-0134-49e2-9913-4c21950d210f", "timestamp": "1525856974", "to_ids": true, "value": "107.180.46.243", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "C2", "category": "Network activity", "uuid": "5af2bacf-f104-49ed-8bcc-4a81950d210f", "timestamp": "1525856975", "to_ids": true, "value": "198.12.155.84", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "C2", "category": "Network activity", "uuid": "5af2bacf-6ee4-4ece-965f-4c94950d210f", "timestamp": "1525856975", "to_ids": true, "value": "192.169.217.55", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "C2", "category": "Network activity", "uuid": "5af2bacf-4634-4d58-b5d7-46f5950d210f", "timestamp": "1525856975", "to_ids": true, "value": "198.12.149.13", "disable_correlation": false, "object_relation": null, "type": "ip-dst"}, {"comment": "", "category": "Network activity", "uuid": "5af2bbd9-3300-47b8-82f6-4953950d210f", "timestamp": "1525857241", "to_ids": true, "value": "http://roundyearfun.org/", "disable_correlation": false, "object_relation": null, "type": "url"}, {"comment": "", "category": "Network activity", "uuid": "5af2bbfa-c3f8-47f7-91a5-40e2950d210f", "timestamp": "1525857274", "to_ids": true, "value": "http://fakeomegle.com", "disable_correlation": false, "object_relation": null, "type": "url"}], "extends_uuid": "", "published": false, "date": "2018-05-08", "Orgc": {"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f", "name": "CIRCL"}, "threat_level_id": "3", "uuid": "5af2a95d-762c-4692-9843-4ab3950d210f"}}