FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)

FlexiSpy is sophisticated surveillanceware for iOS and Android. Publicly-available, comprehensive analysis has only been found for the Android version.(Citation: FortiGuard-FlexiSpy)(Citation: CyberMerchants-FlexiSpy)

FlexiSpy markets itself as a parental control and employee monitoring application.(Citation: FlexiSpy-Website)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Stored Application Data - T1409 (702055ac-4e54-4ae9-9527-e23a38e0b160)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Non-Standard Port - T1509 (948a447c-d783-4ba0-8516-a64140fcacd5)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
System Runtime API Hijacking - T1625.001 (c6e17ca2-08b5-4379-9786-89bd05241831)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Location Tracking - T1430 (99e6295e-741b-4857-b6e5-64989eb039b4)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	System Network Connections Discovery - T1421 (dd818ea5-adf5-41c7-93b5-f3b839a219fb)	Attack Pattern	1
Audio Capture - T1429 (6683aa0c-d98a-4f5b-ac57-ca7e9934a760)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Screen Capture - T1513 (73c26732-6422-4081-8b63-6d0ae93d449e)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	1
FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	1
Video Capture - T1512 (d8940e76-f9c1-4912-bea6-e21c251370b6)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Data from Local System - T1533 (e1c912a9-e305-434b-9172-8a6ce3ec9c4a)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	1
FlexiSpy - S0408 (1622fd3d-fcfc-4d02-ac49-f2d786f79b81)	mitre-tool	Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a)	Attack Pattern	1
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	SMS Messages - T1636.004 (c6421411-ae61-42bb-9098-73fddb315002)	Attack Pattern	2
System Runtime API Hijacking - T1625.001 (c6e17ca2-08b5-4379-9786-89bd05241831)	Attack Pattern	Hijack Execution Flow - T1625 (670a4d75-103b-4b14-8a9e-4652fa795edd)	Attack Pattern	2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6)	Attack Pattern	Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Calendar Entries - T1636.001 (a9fa0d30-a8ff-45bf-922e-7720da0b7922)	Attack Pattern	2
Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e)	Attack Pattern	Contact List - T1636.003 (e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86)	Attack Pattern	2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63)	Attack Pattern	2
Input Capture - T1417 (a8c31121-852b-46bd-9ba4-674ae5afe7ad)	Attack Pattern	Keylogging - T1417.001 (b1c95426-2550-4621-8028-ceebf28b3a47)	Attack Pattern	2
Broadcast Receivers - T1624.001 (3775a580-a1d1-46c4-8147-c614a715f2e9)	Attack Pattern	Event Triggered Execution - T1624 (d446b9f0-06a9-4a8d-97ee-298cfee84f14)	Attack Pattern	2