misp-circl-feed/feeds/circl/misp/56e9b21a-98fc-4d0e-ae29-4e53950d210f.json

1039 lines
42 KiB
JSON
Raw Permalink Normal View History

2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event": {
"analysis": "2",
"date": "2016-03-16",
"extends_uuid": "",
"info": "OSINT - AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device",
"publish_timestamp": "1458156568",
"published": true,
"threat_level_id": "3",
"timestamp": "1458156513",
"uuid": "56e9b21a-98fc-4d0e-ae29-4e53950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#ffffff",
2024-04-05 12:15:17 +00:00
"local": false,
2023-12-14 14:30:15 +00:00
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156104",
"to_ids": false,
"type": "link",
"uuid": "56e9b248-c8b4-40ab-977f-5ef7950d210f",
"value": "http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156123",
"to_ids": false,
"type": "comment",
"uuid": "56e9b25b-880c-46b8-8e3e-4757950d210f",
"value": "We\u00e2\u20ac\u2122ve discovered a new family of iOS malware that successfully infected non-jailbroken devices we\u00e2\u20ac\u2122ve named \u00e2\u20ac\u0153AceDeceiver\u00e2\u20ac\u009d.\r\n\r\nWhat makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple\u00e2\u20ac\u2122s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.\r\n\r\nAceDeceiver is the first iOS malware we\u00e2\u20ac\u2122ve seen that abuses certain design flaws in Apple\u00e2\u20ac\u2122s DRM protection mechanism \u00e2\u20ac\u201d namely FairPlay \u00e2\u20ac\u201d to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called \u00e2\u20ac\u0153FairPlay Man-In-The-Middle (MITM)\u00e2\u20ac\u009d and has been used since 2013 to spread pirated iOS apps, but this is the first time we\u00e2\u20ac\u2122ve seen it used to spread malware. (The FairPlay MITM attack technique was also presented at the USENIX Security Symposium in 2014; however, attacks using this technique are still occurring successfully.)"
},
{
"category": "Network activity",
"comment": "C2 Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156191",
"to_ids": true,
"type": "hostname",
"uuid": "56e9b29f-c87c-4af3-a97f-4d47950d210f",
"value": "tool.verify.i4.cn"
},
{
"category": "Network activity",
"comment": "C2 Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156191",
"to_ids": true,
"type": "hostname",
"uuid": "56e9b29f-363c-4673-8be4-4006950d210f",
"value": "auth3.i4.cn"
},
{
"category": "Network activity",
"comment": "C2 Domains",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156191",
"to_ids": true,
"type": "hostname",
"uuid": "56e9b29f-1674-48f9-8f1e-45e0950d210f",
"value": "buy.app.i4.cn"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156301",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b30d-5d94-46b3-a850-4d2a950d210f",
"value": "0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156302",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b30e-0360-4c96-bd7a-4b71950d210f",
"value": "1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156302",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b30e-7498-4799-99e2-4a41950d210f",
"value": "352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156302",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b30e-63f4-4e36-aa21-4ca2950d210f",
"value": "5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156303",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b30f-9c50-44c7-ae2b-4f19950d210f",
"value": "5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156303",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b30f-e5f0-4e6d-955f-45ac950d210f",
"value": "63e3cc1d00abef8ad6c2029e7f9a4831ec4c48682979a7385a940fb73cfc03a6"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156303",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b30f-ff78-461f-96c2-47fc950d210f",
"value": "821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156304",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b310-28f8-4a9d-9d54-45bf950d210f",
"value": "86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156304",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b310-0d74-4679-9d06-4682950d210f",
"value": "9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156304",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b310-c480-4783-8a3d-4298950d210f",
"value": "a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156305",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b311-39c8-4c61-b645-4801950d210f",
"value": "baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156305",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b311-8d54-4c07-af17-47cf950d210f",
"value": "bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156305",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b311-efb0-4da9-8671-438b950d210f",
"value": "c41e3abd97e16b3d9514583eef613105006d69dffb2231badfd500d29eb113bc"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156305",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b311-c030-4206-8ab4-4d42950d210f",
"value": "d879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156306",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b312-5cdc-41cf-bffc-4450950d210f",
"value": "f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM stripped)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156350",
"to_ids": true,
"type": "filename|sha256",
"uuid": "56e9b33e-182c-4cd2-9bb0-5ef5950d210f",
"value": "com.i4.picture.ipa|bc82efce99f149441a2fd730a961a0f7da58dd6c9c3b45597f5571f227a52309"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM stripped)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156351",
"to_ids": true,
"type": "filename|sha256",
"uuid": "56e9b33f-c1f4-4de4-86ae-5ef5950d210f",
"value": "aisiweb|ad7cfc29b0a9b6ade878d01084c68d0bbcde699e142652b00132317c04bcf730"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156394",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b36a-195c-434c-ab05-5ef7950d210f",
"value": "5894742146c02ba8af5390c91e4f0d2e5ad6cfaa2b916945ebb4fad633b054e3"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156395",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b36b-9118-420c-97a9-5ef7950d210f",
"value": "ba07f252801120b081c45a173fb1a205fea763ed827f05fb9beb5150ae297ccb"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156395",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b36b-a204-43cb-afe8-5ef7950d210f",
"value": "f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156395",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b36b-2e90-4b0f-8fcf-5ef7950d210f",
"value": "ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156395",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b36b-aa08-41eb-ad42-5ef7950d210f",
"value": "3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156396",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b36c-5d88-47c6-be01-5ef7950d210f",
"value": "006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected)",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156396",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b36c-195c-4267-8a9d-5ef7950d210f",
"value": "fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d"
},
{
"category": "Payload delivery",
"comment": "Trojan.Win32.AceDeceiver",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156434",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b392-dda8-45c5-962f-4d6c950d210f",
"value": "ad313d8e65e72a790332280701bc2c2d68a12efbeba1b97ce3dde62abbb81c97"
},
{
"category": "Payload delivery",
"comment": "Trojan.Win32.AceDeceiver",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156434",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b392-3c78-47aa-8a65-4cfd950d210f",
"value": "9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e"
},
{
"category": "Payload delivery",
"comment": "Trojan.Win32.AceDeceiver",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156435",
"to_ids": true,
"type": "sha256",
"uuid": "56e9b393-81f8-41c0-8810-4c11950d210f",
"value": "78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e"
},
{
"category": "Payload delivery",
"comment": "Trojan.Win32.AceDeceiver - Xchecked via VT: 78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156513",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e1-0134-47b2-9d20-539002de0b81",
"value": "4e176ae83e49bf9f3b5040063fec290d676af144"
},
{
"category": "Payload delivery",
"comment": "Trojan.Win32.AceDeceiver - Xchecked via VT: 78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156514",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e2-ce6c-43d0-902a-539002de0b81",
"value": "3c1406453dbec9284caa1a10b4a83fd7"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156514",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e2-3be0-4939-86f9-539002de0b81",
"value": "https://www.virustotal.com/file/78a2cdade1b0715e4f3f372e86724ee10e241ad8821c6b8caa3e84fd7e78ba7e/analysis/1457925852/"
},
{
"category": "Payload delivery",
"comment": "Trojan.Win32.AceDeceiver - Xchecked via VT: 9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156514",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e2-9b9c-44a2-abdf-539002de0b81",
"value": "3496e1ad3f3e37b55a6db62a37ab8873067ac13d"
},
{
"category": "Payload delivery",
"comment": "Trojan.Win32.AceDeceiver - Xchecked via VT: 9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156515",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e3-7ba0-4ecd-9ff2-539002de0b81",
"value": "c1c335b98209ffa9336db47bfc0eea36"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156515",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e3-67f0-47a5-9734-539002de0b81",
"value": "https://www.virustotal.com/file/9231166a2114f6b1c2d6cd6a57b5836e919ee5739d8868f07425d3c22697894e/analysis/1458119899/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156515",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e3-7db8-417f-a573-539002de0b81",
"value": "1aef2326a58d0977fc304ace15d89df291644315"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156515",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e3-1dd4-4993-af5c-539002de0b81",
"value": "c79492a303547697453438d321af4c50"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156516",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e4-13bc-47cf-8be4-539002de0b81",
"value": "https://www.virustotal.com/file/fbc26c14a3ff609332644f5d9702f07ace024961b7aa2c531df2715911b1c57d/analysis/1458143418/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156516",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e4-eedc-4dac-8ddb-539002de0b81",
"value": "93da7b5307964190095ec16f8389246a58503530"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156516",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e4-8904-4bb6-bb24-539002de0b81",
"value": "e777707b967cd2c4a312064397a5ef5c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156517",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e5-bed0-4c2b-9ac2-539002de0b81",
"value": "https://www.virustotal.com/file/006c539fa6251e1d2142631c52d7c112bf5027335696eacd64794b8cf357d6d5/analysis/1458153149/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156517",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e5-1f30-4e40-b43a-539002de0b81",
"value": "5e076abc86444d931d58b5d2f6ebfa04ec31a06e"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: 3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156517",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e5-8f30-4bbe-845b-539002de0b81",
"value": "ebfcecf97992fe3e707786462abb4fce"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156518",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e6-27b8-4ddc-a0e2-539002de0b81",
"value": "https://www.virustotal.com/file/3e02b30a6a920a5bdc139270b1e731a4a8d7ab313e9c8d9af9fec611710b4d09/analysis/1456021437/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156518",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e6-7228-4456-9bfc-539002de0b81",
"value": "aba46ac2c816530e96cf9bddeade627b8b17dcb2"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156518",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e6-c170-4338-8e5b-539002de0b81",
"value": "a3b156f679a915c0c7a255151d73965b"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156518",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e6-7c80-4d07-b399-539002de0b81",
"value": "https://www.virustotal.com/file/ca115f8a3751e4c0fc36b001e3c74d3ac167360a4a44fd1b373b25487de05820/analysis/1458143429/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156519",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e7-c034-436b-8f5d-539002de0b81",
"value": "b1b5d7e235d039457365f3e988b212838b84536d"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (App Store version, FairPlay DRM protected) - Xchecked via VT: f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156519",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e7-0b9c-4e9e-bed4-539002de0b81",
"value": "d2aff7f47c586aecb23b3d53b091c54c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156519",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e7-970c-43e0-a3a7-539002de0b81",
"value": "https://www.virustotal.com/file/f7e50fdc4f20f0d25771a694eb3f3643c1842e3b14f06aaa5e8d9dab1c1851e9/analysis/1455284003/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156519",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e7-4974-4ada-aa27-539002de0b81",
"value": "44247c68ed8faf16a758f330ccdde0e66f4a9f75"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156520",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e8-f0f4-4174-af9d-539002de0b81",
"value": "5d9b59db4b8cc84bd2e14f9e1768fb87"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156520",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e8-75ec-4a33-8129-539002de0b81",
"value": "https://www.virustotal.com/file/f6cabdc408e12912c07097c9956ceda2f7033e88c2ca59d7618b9256d3724f5c/analysis/1455283844/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: d879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156520",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e8-27f0-4156-94ff-539002de0b81",
"value": "98d6d7caa432ecea278fa33845eedad67189e042"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: d879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156521",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e9-c564-4c77-b1f9-539002de0b81",
"value": "e2f05253fd536c7e01f6e0a4ce2b2b34"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156521",
"to_ids": false,
"type": "link",
"uuid": "56e9b3e9-f938-480c-821e-539002de0b81",
"value": "https://www.virustotal.com/file/d879c6d96463b81e4f2085a565418c99b559a8803ca449442464a2b6cd728d97/analysis/1455283793/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156521",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3e9-a930-436c-baa8-539002de0b81",
"value": "66a3758be788353d97ff04711fa2f4d8cb25c6b9"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156521",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3e9-5648-442a-98fc-539002de0b81",
"value": "3652db89ace912e15628b45b80cf389a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156522",
"to_ids": false,
"type": "link",
"uuid": "56e9b3ea-3c44-4c6d-9b5d-539002de0b81",
"value": "https://www.virustotal.com/file/bc5e3be07e65f25479cee7de8615b386c489c1253659ed7ca5526f86f5116374/analysis/1455283796/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156522",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3ea-a06c-4039-b71e-539002de0b81",
"value": "e07702303f91cbf35e4deac600974cf94d5d27ce"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156522",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3ea-39bc-4d31-a57e-539002de0b81",
"value": "1dc2584cd2c167907ae547bd4b040710"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156523",
"to_ids": false,
"type": "link",
"uuid": "56e9b3eb-e118-470e-839d-539002de0b81",
"value": "https://www.virustotal.com/file/baa255dd7a0e52edf6e4f3082a6840800898969a3d17f2bcb6a88d0a94c5b795/analysis/1455283796/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156523",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3eb-e7ec-4948-aeae-539002de0b81",
"value": "620d3adc7717ded26643a63b86044151fdbb6f92"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156523",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3eb-93a4-484b-b932-539002de0b81",
"value": "5e74324567ab4ebe47044337beec6f99"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156523",
"to_ids": false,
"type": "link",
"uuid": "56e9b3eb-2ca8-4f08-91af-539002de0b81",
"value": "https://www.virustotal.com/file/a504d47fdfa630bc1c474cdbdaf0dd82a46a08e5d662ecc1bffc57f3c409690e/analysis/1455283794/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156524",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3ec-f208-4010-a835-539002de0b81",
"value": "e807e8a8a8ba51b8b347f004ba6e549797bd21f3"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156524",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3ec-6ce4-4e54-9f0d-539002de0b81",
"value": "6a6d7ee4d87d824340e8e08c34ed7891"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156524",
"to_ids": false,
"type": "link",
"uuid": "56e9b3ec-390c-423c-aba8-539002de0b81",
"value": "https://www.virustotal.com/file/9a4a40625efcc6f4de419db0bec9fbdfdc379918a95fba572ee56cffc13cd074/analysis/1455283799/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156525",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3ed-f774-41a9-a3fe-539002de0b81",
"value": "e57b6ba70f03241330b11135db6fafc82c1ad436"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156525",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3ed-bb24-451f-9f8e-539002de0b81",
"value": "41e820885d1cc951a848fd586be3e894"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156525",
"to_ids": false,
"type": "link",
"uuid": "56e9b3ed-cabc-417f-be44-539002de0b81",
"value": "https://www.virustotal.com/file/86b8065d40c24e3702ed848ec28650b074a577f677375c094ed61a2efffce11b/analysis/1455283831/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156525",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3ed-7924-4041-b2ca-539002de0b81",
"value": "3d09e43f6a089d93037f198b6344cdc5e9683285"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156526",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3ee-f938-4289-b4d2-539002de0b81",
"value": "d6f664197eadfd8e080ccc0bbeee6e1e"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156526",
"to_ids": false,
"type": "link",
"uuid": "56e9b3ee-69dc-46a7-9742-539002de0b81",
"value": "https://www.virustotal.com/file/821f93bae8c067af71626ca84cdc20226df61c4c371e5eb6423d9439c8b8c25d/analysis/1455283780/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156526",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3ee-5440-4e68-b64d-539002de0b81",
"value": "28a618de925cd017f2fd9a94f3de41b2d04fdccf"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156527",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3ef-f41c-468b-a86e-539002de0b81",
"value": "99910c48e7fc3bae3393013c8c797f43"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156527",
"to_ids": false,
"type": "link",
"uuid": "56e9b3ef-8398-4967-a74a-539002de0b81",
"value": "https://www.virustotal.com/file/5bebcacfb5c541bd6ba7530aeb2971c20adb1beddb244e4367d40cd87bfc826d/analysis/1455283977/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156527",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3ef-e360-4ef3-ba4d-539002de0b81",
"value": "c8119fbd7b0cbddd0be957a44708b6a9b920f16a"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156527",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3ef-da7c-4896-9ec2-539002de0b81",
"value": "96724f179c3afd44ddcc60bed4a4089d"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156528",
"to_ids": false,
"type": "link",
"uuid": "56e9b3f0-4efc-41e2-b727-539002de0b81",
"value": "https://www.virustotal.com/file/5bc7ceb48ca4951997d50425d5b34484505e4444a3e172ab846b2595104b7138/analysis/1455283785/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156528",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3f0-ce04-4ef3-b3b6-539002de0b81",
"value": "ff33b12b8d51b6b863bc61777eef6c324e2db371"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156528",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3f0-7e84-4d3d-9acf-539002de0b81",
"value": "c6523b9cbce3dacd966ee7fac64e851a"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156528",
"to_ids": false,
"type": "link",
"uuid": "56e9b3f0-6120-4139-9553-539002de0b81",
"value": "https://www.virustotal.com/file/352d1af3a5cef417dda688be2dd35c3f59841ea56c393a07f95a0bc5ab576448/analysis/1455283777/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156529",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3f1-ec94-4b84-af15-539002de0b81",
"value": "be9f56d1b5f20dae5fe354b63cf84a13bf15d1f4"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156529",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3f1-e0f4-4400-8f2a-539002de0b81",
"value": "6614bd786cd5e7d0c7fd419cf7cd79ac"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156529",
"to_ids": false,
"type": "link",
"uuid": "56e9b3f1-8568-4416-8869-539002de0b81",
"value": "https://www.virustotal.com/file/1b6cf5abe2bd3d5bb84da8debd5ec563393d30995ce4afc6142dc3381ac69902/analysis/1455283786/"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156530",
"to_ids": true,
"type": "sha1",
"uuid": "56e9b3f2-c6c8-4f37-b17b-539002de0b81",
"value": "f39d5ef8059196e38f0ef89bbe96f4cb8a58d2a5"
},
{
"category": "Payload delivery",
"comment": "Trojan.iOS.AceDeceiver (enterprise certificate signed versions) - Xchecked via VT: 0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156530",
"to_ids": true,
"type": "md5",
"uuid": "56e9b3f2-1954-474d-9234-539002de0b81",
"value": "a63124c34c6d5b4b33113af4288e248c"
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1458156530",
"to_ids": false,
"type": "link",
"uuid": "56e9b3f2-dfd8-44ff-a678-539002de0b81",
"value": "https://www.virustotal.com/file/0a8e29bd8fe0f5d4d6a8677454b1d01e97478dc4bc3666eaab6bbbf2f2e759bc/analysis/1455283814/"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}