{ "name": "LightSpy: Implant for macOS", "slug": "lightspy-implant-for-macos", "description": "A technical analysis reveals details about LightSpy, a sophisticated surveillance framework that targeted macOS devices using publicly available exploits. The report provides insights into the threat actor's tactics, including exploiting vulnerabilities to deliver implants, exfiltrating private data through various plugins, and maintaining persistent access to infected systems. The analysis uncovers the attack chain, malware capabilities, administration panel, and potential victimology.", "published": "2024-05-30T09:29:22+00:00", "created_at": "2024-05-30T09:29:22+00:00", "modified_at": "2024-05-30T09:31:30+00:00", "created_at_opencti": "2024-05-30T09:29:22+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-05-30", "exploit", "lightspy", "macos" ], "related_entities": { "observables": [ { "id": "", "name": "103.27.109.217" }, { "id": "", "name": "ff4332365b1628f88bc84bec102b534e5a6e9a32b2fc61dd43c951a338f976d8" }, { "id": "", "name": "fcd864b79d6108c7e6615a5e1202669098ea34ab431624f6b0ab762229937552" }, { "id": "", "name": "fbd3f8c8f4b2f4a0c73855e35f96797ef3c5aa6fa11d89081cdacd942e18c933" }, { "id": "", "name": "e3735950775fbdae7bbcc4a49c09372f605ae021fff8ff32340c794af14a7e47" }, { "id": "", "name": "db3b7989f6c410a43c839a933343a66f706c6ad65c2031b628b059a8df774038" }, { "id": "", "name": "cf709c7b4c68e6d81f8239b4275dac8eb0b026f05934b81867e645dd389d65fb" }, { "id": "", "name": "c984bbdcdff4d84fb5e07924cc94ad44da153865d444652e8676dc9751e121f7" }, { "id": "", "name": "c6bad1ef115cacd81fa00a235f7ffd34c187e5b05bf9bcf500f7639b632f1480" }, { "id": "", "name": "ba4d77387c7b5761893ca2b1e75b2d05733d3fbfb1bb3a2bad81cfc8f641545b" }, { "id": "", "name": "adf5a55988a457a8de234b652eae8fd2a0f0c2187cb9ede28ee5e22aba252d70" }, { "id": "", "name": "9b58e3a82b14e329dab6108a5f25d20edd50cac95072dac420c94718ed8c1764" }, { "id": "", "name": "9aae47b5c3673e7dd3f542913f91abbea3cc93f01275583169e33f6e1e443260" }, { "id": "", "name": "97607d1b12d7234a42a62cdff4d6a7b2b5b93bf38d827b9e4448b0d7bd5da464" }, { "id": "", "name": "8d729aa29db506f1abe4ed8ab7406e0017dc3f5fc1b3c7c8e7b59af41f07c650" }, { "id": "", "name": "8a4f8a755ca123e9c3aa77b525f59ce99f1f2e288afc2e29afb6d15573776a16" }, { "id": "", "name": "848e4e30987d526413d80c450652d4cef55d931c932edd722c1055b8b1450502" }, { "id": "", "name": "7ed786a259982cce0fad8a704547c72690970145b9587d84ee6205b7c578b663" }, { "id": "", "name": "768f1cb8b8ac45c6e854f0320f833367cf7aa69279fd82aa1a6c3bc3d765ce7e" }, { "id": "", "name": "75a571d33a7c11fb5515a08a46fcb67dabbcb3fd4cbf69894ab82e394e68679c" }, { "id": "", "name": "65dee715b928f07da356e8bce7a762b0ab4c140ebea63e4bd66c2eb85e0fa2dc" }, { "id": "", "name": "4e7c9bd8c623d7de9dc225fbdc9305f32c961f473acb99256012ccf6d45ba494" }, { "id": "", "name": "4cbc70b1c7d4ccc593fad895299e88a6734c8f4687f37f43850996f7fa076df9" }, { "id": "", "name": "47719e45d14c9700928979cdb33fe0b58677d2566bc0848de7858c2f05566d76" }, { "id": "", "name": "4607dfdd78fcb8d6bf94ecc34cf125f20e4ea94ac9fce002d9e7cd7956a707dd" }, { "id": "", "name": "2c2471150aacc8443aa92a6063a848e8bb9dbcc8e369fb378c003d98bceaa728" }, { "id": "", "name": "2b4fbd5aa06f70d84091d2f7cca4bd582237f1a1084835c3c031a718b6e283f9" }, { "id": "", "name": "23d0b9ae73145106cffe56719526801e024092cd6d25b9628ae3d9995b0b5395" }, { "id": "", "name": "22b0f53bb7ff5047b2d2f77f9cc4f1a503bde2fa2b279fa999e48fb656c42782" }, { "id": "", "name": "21b099c7eadd1d6895e025f670fc660769e617794400f35c52b4726fc546cb68" }, { "id": "", "name": "1d499c401d8854b6331d3b531fc57418dd2b132861e0448ae198dcbea41484ab" }, { "id": "", "name": "048ab442a2617f37c3145c0c2bdda057baa09e017a29e649f17d43c95a34e69f" }, { "id": "", "name": "fc7e77a56772d5ff644da143718ee7dbaf7a1da37cceb446580cd5efb96a9835" }, { "id": "", "name": "d2ccbf41552299b24f186f905c846fb20b9f76ed94773677703f75189b838f63" }, { "id": "", "name": "ac6d34f09fcac49c203e860da00bbbe97290d5466295ab0650265be242d692a6" }, { "id": "", "name": "65aa91d8ae68e64607652cad89dab3273cf5cd3551c2c1fda2a7b90aed2b3883" }, { "id": "", "name": "5fb67d42575151dd2a04d7dda7bd9331651c270d0f4426acd422b26a711156b5" }, { "id": "", "name": "4b973335755bd8d48f34081b6d1bea9ed18ac1f68879d4b0a9211bbab8fa5ff4" }, { "id": "", "name": "4511567b33915a4c8972ef16e5d7de89de5c6dffe18231528a1d93bfc9acc59f" }, { "id": "", "name": "3d6ef4d88d3d132b1e479cf211c9f8422997bfcaa72e55e9cc5d985fd2939e6d" }, { "id": "", "name": "18bad57109ac9be968280ea27ae3112858e8bc18c3aec02565f4c199a7295f3a" }, { "id": "", "name": "0f66a4daba647486d2c9d838592cba298df2dbf38f2008b6571af8a562bc306c" }, { "id": "", "name": "0f662991dbd0568fc073b592f46e60b081eedf0c18313f2c3789e8e3f7cb8144" } ], "attack_patterns": [ { "id": "953066f4-4563-4b19-8260-e938c456cb88", "name": "T1146" }, { "id": "5f4773ff-58ec-4510-b93a-8c102da43d02", "name": "T1109" }, { "id": "3da78f6d-c968-43ce-b1f3-149ce4a042aa", "name": "T1556" }, { "id": "436e795b-553f-444e-b837-65818d8f539f", "name": "T1119" }, { "id": "4d36ebe8-4925-419a-bdd5-73f6427a975d", "name": "T1064" }, { "id": "444de5e0-bd7f-4700-b700-26320057dd80", "name": "T1110" }, { "id": "e73b317e-ea92-49b4-a45d-051f7279aced", "name": "T1213" }, { "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7", "name": "T1555" }, { "id": "29f7ff93-033b-4f8d-8691-5bcaa438c80f", "name": "T1592" } ], "vulnerabilities": [ { "id": "", "name": "CVE-2018-4404" }, { "id": "", "name": "CVE-2018-4233" } ] }, "external_refs": [ "https://www.threatfabric.com/blogs/lightspy-implant-for-macos", "https://otx.alienvault.com/pulse/66586313ea90a531d2a34463" ] }