ioc[.]one - OSINT Cyber Threat Intelligence Database

LightSpy: Implant for iOS

Tags

country:	China Hong Kong
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Contact List - T1636.003 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Keychain - T1634.001 Keychain - T1555.001 Keychain - T1579 Launchctl - T1569.001 Malware - T1587.001 Malware - T1588.001 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Tool - T1588.002 Keychain - T1142 Launchctl - T1152 Screen Capture - T1113 Screen Capture

Show in Graph

Common Information

Type	Value
UUID	c58e91d7-e9cd-4bc8-965d-75e7741b09c9
Fingerprint	26201e1b86b7bf41
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 1, 2024, midnight
Added to db	Oct. 29, 2024, 11:32 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	UNKNOWN
Title	LightSpy: Implant for iOS
Detected Hints/Tags/Attributes	94/3/153

Source URLs

	Redirection	Url
Details	Source	https://www.threatfabric.com/blogs/lightspy-implant-for-ios

URL Provider

Details	Provider	Source level domain
Details	threatfabric.com	www.threatfabric.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	381	✔	Articles — ThreatFabric	https://www.threatfabric.com/blogs/rss.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	9	cve-2020-9802
Details	CVE	17	cve-2020-3837
Details	CVE	5	cve-2020-9870
Details	CVE	5	cve-2020-9910
Details	Domain	3	resources.zip
Details	Domain	48	baidu.com
Details	Domain	2	resource.zip
Details	Domain	21	xcode.app
Details	Domain	1	light.framework.zip
Details	File	816	index.html
Details	File	3	offsets.js
Details	File	2	device.js
Details	File	1	binary.js
Details	File	1	primitives130401.js
Details	File	1	wrapper.js
Details	File	1	gadget.js
Details	File	1	20012001330.png
Details	File	1	20012001241.png
Details	File	2	b.pl
Details	File	86	manifest.json
Details	File	4	version.json
Details	File	130	info.pl
Details	File	1	signcert.p12
Details	File	3	resources.zip
Details	File	2	resource.zip
Details	File	2	light.db
Details	File	1	contacts.db
Details	File	1	ghmail.db
Details	File	2	int64.js
Details	File	11	utils.js
Details	File	1	200000112.png
Details	File	2	framework.zip
Details	md5	3	53acd56ca69a04e13e32f7787a021bb5
Details	md5	2	4bbd20358202e618843ca23b90906122
Details	md5	2	6cc277a36e18725c88b6b48324be6497
Details	md5	2	66f0afaef75f871645458f672a21ae4d
Details	sha256	2	02dd4603043cca0f5c641b98446ecb52eaca0f354ad7241d565722eaaa0710f4
Details	sha256	2	e4e2eccc3a545a3c925fe4f54cb1f9c7d6259098c01659781900876543a89eba
Details	sha256	2	347a82e5ab252da7a17ab5b9ab1f9cfaeb383cd2fdd1ae551569da9acd952633
Details	sha256	2	0682f6855b5c046f65e021bd9834d22314a7797a6a8c621ebc203bf2520080e0
Details	sha256	2	f31b9ca07b9d70aee742d92e2b8f7c9ea6033beff6b85a64900cfd7b8878c3a0
Details	sha256	2	1339966b7e8d291af077f89ae566c613604f642c69a1b0e64a17f56aee1ff970
Details	sha256	2	6ee4590714ce28e2f1730aa454fff993c669c3bb2ff487768abe13687946241c
Details	sha256	2	c3acb5e1ea8965a1202f932518c052bfac77bfbc5b64a01a5538e51174f97c36
Details	sha256	2	d9c147b65499ac7ca4d7ab8cab5367092f4ea5158a10da82e96ac8b732320ad2
Details	sha256	2	dd0f33e40d7f2af5d993286ae4d13948c4aab92b26963a37f650160427fc78a6
Details	sha256	2	ca3254c5eada6456085d83c8360d043f21e7fb25ff5ac5296b3fd090fe788f02
Details	sha256	2	165d5292aab6128321fadfb0b9c5b8111eb1bf0ec958d7ca82c03319dc9d9db3
Details	sha256	2	5cdcb1cacb27c539494e02aba7e264e0959741184215c69da66a11a5815c5025
Details	sha256	2	89ff38bd4a8c2773447eacd6c3fe82a92e02aa68b7efae8aae42b1b9f01a4807
Details	sha256	2	3cf03ce0ed2b9840d8d9ed467d105df177dac2818101964c97ba9a281a180558
Details	sha256	2	9cf003a978eac7a68e1f6762df61aa22f68280c0df91042a249b501e75ff1d92
Details	sha256	2	57bd2d8ecd457fe4f14178d2401960db720d1e2590d283fd6026ce1373355ccc
Details	sha256	2	bd2a6d543564963960faafd83b1fbe12b238b38e797be35596a38cc560d029b7
Details	sha256	2	26644ef5c8118d88b98648058ea5e9561b3bef983b78e6d91964cb392c12d273
Details	sha256	2	6d6301a1221283beb09cca91d2430f3ca979b540db37b129a26c646dcafd9745
Details	sha256	2	22490eb6347283328220f33df497e67148253e29175d97446f4fdc7b7d5caef8
Details	sha256	2	0da53982d0be92399a077f6eae9fa332e8b736ff16425b4343eefb5e8d2869d4
Details	sha256	2	9dbb13077a6e72fc191b8ebfb4ecf04007e98ffa0792b3fcf5971dbc30137257
Details	sha256	2	942b80ada65ae0a9f4f3c9a0f5ee91833c9c3217afee228a81c0d9d75e9e755c
Details	sha256	2	9a8103f28152ba0e82a7775fcd83e05cf0c3e301fae031091e8a326047984b74
Details	sha256	2	9086ff8136674efcbbd7afb5f816904e1f0094a44315b69268ecb977a16370e6
Details	sha256	2	78bf7dd28083c1d2b0b1367729465b313a6cab58c8548db4ec20d753621e82ec
Details	sha256	2	040e8f236cd6e2e5d5a051d7cbb499df1fab371feee9ec78e1eb60f3ccdcc51c
Details	sha256	2	fe0f16851e01bdd70edbc14da4ecef5baa7119a57b580b7ea6ba8800af59546a
Details	sha256	2	8e3730a06ef97a3481df55e8e9043ad97899834d42970ed9feffad220723b7b3
Details	sha256	2	798c1bb247eb2bb61d2c4c9a946e067748dad20659c6d9321a352956ace79748
Details	sha256	3	9db4584225eaaaf7b983683351519912fd56cc51ce93b8b08d463fd2ac9fadf2
Details	sha256	2	2fd90d6feeedfe9dcd3c1f386030a46d6a8cc9e2e19db6fb67cca5a85cf51064
Details	sha256	2	63c5582cb496a8494fd5e6146c7ad32abc15ef133553aa9e71145518c8101291
Details	sha256	2	978218c1f6e043c80868d2da3e0365d0e4dcc74b8e4567a69081d2f313951d8f
Details	sha256	2	0ed3f82059f6aa098bfbcc8c2cc5c858e1e2db29920ac67713f9f31d4de739dc
Details	sha256	2	9e4e2c92037f43441376685af7f30c6df602ed9706715073e696a6a178a4b5d7
Details	sha256	2	27d982e7d5dddebf3c6a6568f902b7da7bb72f5cda411d61020077db4a3fcbeb
Details	sha256	2	b8f355887534dc9cebf7035968bef8840190310c043fd2a8b156050a798a65a6
Details	sha256	2	8e4d656e2952b961d79301764b2e630d07a5bcba0a43bba3e7e4f078b2525600
Details	sha256	2	0b3e632e8d0f6ae556f9c76b7b4f4d1e63cabdcb98f58770150122d63457abf1
Details	sha256	2	0e50423f5901dd214a049d362d05635c9dba425a630c2068dde5ed80d669da84
Details	sha256	2	585ddcf1caf2d0a0df98cf3c85e6aa16a54a9b307372d08385e3710fceb6c3ee
Details	sha256	2	9d035cd54e1558119984e7639d5378618a384d34376194e18e44c07625b6f077
Details	sha256	2	8383ee925a2eb5d709e4146c1bc492257e5ccb4d1801dd5a734ca69f269def64
Details	sha256	2	2140684b7ed8b4822cf55a3fb65a322b46f1b173b7a5f09cc355d18383b1a2bb
Details	sha256	2	af776575806413078163d239194942e3a8c11e1aec2721e429f31c57cd2daf26
Details	sha256	2	5777d14d3de3311a198f43006f515362a6d034b3937f7065090cd682687e807a
Details	sha256	2	6da8cdf5c3327ab57ff8f454aafa764e83942fdfa2e3b166781e08f18cc931dd
Details	sha256	2	dd6297282a98ca461dc836fc85b4ad42430aef98f5b643dcc5fc7fc75606b40f
Details	sha256	2	646f57d27fa1b3f6cc57fa0c0f1bc4bf9f92c3991e6da2a50a23b09c77f5d8d4
Details	sha256	2	93d5438f2403bca4efac38b879d9557508c2490d8a905e44ded3adcecc278628
Details	sha256	2	3a9460ed21ec66e32d912df891fef4c96a9124a4cb276531b2fc4dc17a1bcc3f
Details	sha256	2	1f77953f4ced82c4a5df3e7a85643054ef4bc5fe9dd13f87a9f042c5986b3169
Details	sha256	2	9ba7ece4355dddc5191df82b8da156ad21273ad8f0ecaedbf56daaf646f69831
Details	sha256	2	dd08c6f797f068a267f997895651dadf9dda7e0fc5f7cb66302934a7269839af
Details	sha256	2	165931a104f1d047e6afcc72adfece7841e5564d787c1b226c18ef0fb738883b
Details	sha256	2	31466e06d8bea3f2b567be103a630fe2b2249c3818efd45de37f8c3bbe248984
Details	sha256	2	5051bb42d4afaa4617fd4e8b25554bb84418dce29f3ae598bf9be7251a66e227
Details	sha256	2	36f72df74306363676488ef2f6842c653fd565b7a50ad6867ceb0b95cab40411
Details	sha256	2	02f36b26b73cd4fe632e45fc1d668b57045068e167d737f9befa652046880561
Details	sha256	2	5e46d2905fc4f3f8971c7b24da970766410e2cfac00a733709829e80c69c2613
Details	sha256	2	604aaee47b82b873fd7c0645813fc587948bdd86a4efd6b7761a7b46f0f1a262
Details	sha256	2	15528f109da5ffd687e41eb1a193ff28711bc6054a538b7ba58eef3fbaf10b09
Details	sha256	2	db66cd7f1a84d29977af4c9eecc36c84e42903766401a2760ea4321b71ba92ff
Details	sha256	2	2af751cc194213a40aa8b1cd6f589da260cea81c0509bd694ae28dfca87cd160
Details	sha256	2	4aada58332ee97163bbd04754d85fb08df67fc6c1bfade8f041550a2a7c69128
Details	sha256	2	5bdcd83c8561255764f91fda531e8cbdda808600eb75758e44e66df3d1ae1311
Details	sha256	2	a236291133f6ba262d5531bfa7840f07489a948c3dcf18865f2a0612f4890064
Details	sha256	2	1218ea3d7e16af38f3aec50a3011f69df51b1347145dcb74b67927a3af971ae1
Details	sha256	2	7802b373a8c26211d0c2624910a414555fbc509d46ab9fb8aad5f2686d98dd8e
Details	sha256	2	152a7b8c6a203f4e0d38b7a82257f186f03dd8a1182b614c6bb5630a9342c37d
Details	sha256	2	6d22cb1bc700b00ea23041566de48d6e13ac7cf9f0680c8d3148cd10fa2c2c77
Details	sha256	2	c5d84c20a379320bd06ab09ed84c5cd2003cbb0e518f561853fc0c9f9970d49a
Details	sha256	2	b7dd27414ba4afddaf946e4ab9d8d775a511f3ad99933bde19456216477f3716
Details	sha256	2	aa81f6dc28086656a6e69c7a696e6fedf6e35b242dc072ee7960449c806af7ae
Details	sha256	2	dc9aa56c3e2237b756233ef4547cd64e7aa6c547a7ca13833b73e774e79a6d6d
Details	sha256	2	9c86203004ed0a519d8dcc674fd0e4b1b736289ea5f33e37b4dddd111767fd37
Details	sha256	2	c380de365c6a91adc5db9642eb63a305fbc1bd01d2a0037f7511d48694a1e079
Details	sha256	2	6ad214703eed1105fe282a8b5e961205e735c1ed7d2bd3a624032a7d1063621a
Details	sha256	2	bdfb0e52ebb6f79d37736fab0150cfb96e2965d62c242adc830b6aab7b1d37db
Details	sha256	2	dee36d6a25dfa2c8e8a22e99138a650cddee0089a006c703b85b253153f9b22c
Details	sha256	2	0d23ab0ad7dc6f7ead847d92631349a387b6b365057ecae3038dda4763448d9e
Details	sha256	2	90ac267222e38ce06724527fb780816db57bef12b939d37d6d827b826fa909d7
Details	sha256	2	3078a4d36bb1eaad82f54e8e93be89eaa5cd5d25c709605edbf29b60c293d848
Details	sha256	2	8b686507065623248f8292524195c39d4ae94e2a7a1315bb9d8a22178a5b1942
Details	sha256	2	7fe822ef8e51efece5c0c6540aeeb454985ab91518aad12c6bf24c025a0350fe
Details	sha256	2	ab2e44005cb63c0c506288b9e63abb254e83b8f3bb1f1349a4cb02a45bdc47f4
Details	sha256	2	4163f6a184b0f1f23db81d2c3ab5e4ef305eb1967905efca01eacd51e4fbf55d
Details	sha256	2	562ae257506a25de48019cb13947090d164181ba4e107ea19a0ab8274ad696df
Details	sha256	2	ddd950ddceff147922cef44f781c2c4b77b6e803613f83761ee6d5e2bb1450b7
Details	sha256	2	0f651fcf352fbf929e639a825145b68ece8cfcd09359fe8fe017b07e1e0dcfca
Details	sha256	2	3c3aca2a6d4a4f7210c869affe55e05b55c110d53fc3fb9d46cb2847fb115238
Details	sha256	2	a3fcaf7b16ea46100c1cadbbf770492de07633afb4720c78fd1981627aa9f3c6
Details	sha256	2	e3fc4fa2903e5f1039145913d9054a0f6ccb76afa07add3a00f71f7433b740ab
Details	sha256	2	1662207a892ed36af2012870aaaf884985a0ebe0e92be60c5d9c84ffe78e8cba
Details	sha256	2	c4e5dc5f301a5be652b4cf491c7337dd0d15f4b09982e5a361d06dccba95a32d
Details	sha256	2	c94e28acf97eb774da50d4fbd17f2d9dc5f390b193fbf417750c68ed77ffbf46
Details	sha256	2	6a5d7e2c950960d9a541ff27e9c74185d27564f879d42f261f70f8f7cb70b5ce
Details	sha256	2	2689e08a103682095ef8eba016f28909199cb4365b84c815183be64686a11084
Details	sha256	2	55f1e618ad53489a2cab0744381d92a5d97c3e0355a9a912eb616c37b9b914d9
Details	sha256	2	98dc1fb1773277bbea2bdeaf88b1ece101b5b0e7aec2857017268001a6996e9f
Details	sha256	2	32f2348a5cd8de57f3b1c6b68f4b95c4e1c9d2b55f257bd0c2deca7f81ad1c4c
Details	sha256	2	690b7c2017de6dacfeed4f6ec70403ba7fa10cc457eb996ed4cac1b4d4ac27cf
Details	sha256	2	a4fafd63213a40447841e853f341ca3a0afd08adfcfb630c8f34b5fabfac0462
Details	IPv4	8	103.27.109.217
Details	IPv4	5	103.43.17.99
Details	IPv4	2	103.27.109.28
Details	IPv4	2	43.248.136.110
Details	IPv4	2	222.219.183.84
Details	Url	1	http://103.27.109.217:52202/963852741/ios/ios123-133/index.html
Details	Url	1	http://103.27.109.217:52202/963852741/ios/ios120-122/index.html
Details	Url	2	http://103.27.109.217:52202/963852741/csm/tem2/0914-3/aaa13
Details	Url	2	http://103.27.109.217:52202/963852741/csm/tem2/0914-3/eee
Details	Url	2	http://103.27.109.217:52202/963852741/csm/tem2/0914-3/bb
Details	Url	2	http://103.27.109.217:52202/963852741/csm/tem2/0914-3/cc
Details	Url	2	http://103.27.109.217:52202/963852741/csm/tem2/0914-3/b.plist