misp-circl-feed/feeds/circl/misp/58fce117-452c-42ed-a2dc-b64a950d210f.json

{
  "Event": {
    "analysis": "2",
    "date": "2017-04-23",
    "extends_uuid": "",
    "info": "OSINT - FlexSpy Application Analysis",
    "publish_timestamp": "1492981296",
    "published": true,
    "threat_level_id": "3",
    "timestamp": "1492981249",
    "uuid": "58fce117-452c-42ed-a2dc-b64a950d210f",
    "Orgc": {
      "name": "CIRCL",
      "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:white",
        "relationship_type": ""
      },
      {
        "colour": "#3a7300",
        "local": false,
        "name": "circl:incident-classification=\"malware\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492967971",
        "to_ids": false,
        "type": "link",
        "uuid": "58fce124-1a0c-4d73-904b-dbd5950d210f",
        "value": "http://www.cybermerchantsofdeath.com/blog/2017/04/23/FlexiSpy.html",
        "Tag": [
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          },
          {
            "colour": "#0c9100",
            "local": false,
            "name": "admiralty-scale:source-reliability=\"f\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492967972",
        "to_ids": false,
        "type": "text",
        "uuid": "58fce13b-fadc-4e55-a0d4-46ea950d210f",
        "value": "On 04/22/2017 FlexiDie released source code and binaries for FlexiSpy\u00e2\u20ac\u2122s mobile spyware program. Being a good reverse engineer that I am, my analysis is below. The IOC section is intended for other reverse engineers and antivirus vendors. General Overview is intended for journalists. I will release a detailed technical teardown in a day or two.",
        "Tag": [
          {
            "colour": "#00223b",
            "local": false,
            "name": "osint:source-type=\"blog-post\"",
            "relationship_type": ""
          },
          {
            "colour": "#0c9100",
            "local": false,
            "name": "admiralty-scale:source-reliability=\"f\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "(found in com.vvt.phoenix.prot.test.CSMTest",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492967795",
        "to_ids": true,
        "type": "url",
        "uuid": "58fce173-d508-4f0f-8a89-dba6950d210f",
        "value": "http://58.137.119.229/RainbowCore/"
      },
      {
        "category": "Network activity",
        "comment": "found in source//location_capture/tests/location_capture_tests/src/com/vvt/locationcapture/tests/Location_capture_testsActivity.java:",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492967796",
        "to_ids": true,
        "type": "url",
        "uuid": "58fce174-1b68-4e69-b27f-dba6950d210f",
        "value": "http://trkps.com/m.php?lat=%f&long=%f&t=%s&i=%s&z=5"
      },
      {
        "category": "Network activity",
        "comment": "On port 8880",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492967797",
        "to_ids": true,
        "type": "url",
        "uuid": "58fce175-c7b4-4488-8f4d-dba6950d210f",
        "value": "http://202.176.88.55"
      },
      {
        "category": "Network activity",
        "comment": "Another IP address was found commented out in the code base //private String mUrl =",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492967868",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58fce1bc-783c-4960-a449-dba5950d210f",
        "value": "202.176.88.55"
      },
      {
        "category": "Network activity",
        "comment": "(found in com.vvt.phoenix.prot.test.CSMTest)",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492967869",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58fce1bd-c0a4-4862-a657-dba5950d210f",
        "value": "58.137.119.229"
      },
      {
        "category": "Network activity",
        "comment": "In sample comments",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492981246",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58fd15fe-c4ac-4a6c-bbd3-4815950d210f",
        "value": "58.137.119.224"
      },
      {
        "category": "Network activity",
        "comment": "In sample comments",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1492981248",
        "to_ids": true,
        "type": "ip-dst",
        "uuid": "58fd1600-dcf8-4103-af30-4e0f950d210f",
        "value": "58.137.119.239"
      }
    ]
  }
}