2023-04-21 13:25:09 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "2" ,
"date" : "2017-04-04" ,
"extends_uuid" : "" ,
"info" : "OSINT - An Investigation of Chrysaor Malware on Android" ,
"publish_timestamp" : "1491332060" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1491332046" ,
"uuid" : "58e3e7e5-90d8-43f1-a070-4520950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#ffffff" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "misp-galaxy:tool=\"Chrysaor\"" ,
"relationship_type" : ""
}
] ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58e3e80a-1250-40c3-8ab6-4e18950d210f" ,
"value" : "https://security.googleblog.com/2017/04/an-investigation-of-chrysaor-malware-on.html" ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "58e3e82c-6c88-446e-9a88-4d98950d210f" ,
"value" : "In this blog post, we describe Chrysaor, a newly discovered family of spyware that was used in a targeted attack on a small number of Android devices, and how investigations like this help Google protect Android users from a variety of threats." ,
"Tag" : [
{
"colour" : "#00223b" ,
2024-04-05 12:15:17 +00:00
"local" : false ,
2023-12-14 14:30:15 +00:00
"name" : "osint:source-type=\"blog-post\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58e3e9c9-4b54-4ce9-8237-47fe950d210f" ,
"value" : "ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "mobile-application-id" ,
"uuid" : "58e3e9da-6394-4d85-ac57-4029950d210f" ,
"value" : "com.network.android"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Pegasus for Android Samples" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58e3ea29-86c0-4bb3-ab7b-40fb950d210f" ,
"value" : "3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.network.android" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58e3ea87-fe34-448b-9b9e-4895950d210f" ,
"value" : "98ca5f94638768e7b58889bb5df4584bf5b6af56b188da48c10a02648791b30c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.binary.sms.receiver" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58e3ea88-e9dc-47c8-a4cc-4c6f950d210f" ,
"value" : "9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.android.copy" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58e3ea89-1f78-412f-9941-4ac9950d210f" ,
"value" : "e384694d3d17cd88ec3a66c740c6398e07b8ee401320ca61e26bdf96c20485b4"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.android.copy" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58e3ea8a-2ca8-4972-8749-454e950d210f" ,
"value" : "12e085ab85db887438655feebd249127d813e31df766f8c7b009f9519916e389"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.android.copy" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "58e3ea8b-f844-4e71-a327-4547950d210f" ,
"value" : "6348104f8ef22eba5ac8ee737b192887629de987badbb1642e347d0dd01420f8"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.network.android" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331871" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58e3eae1-8228-455b-b542-4227950d210f" ,
"value" : "44f6d1caa257799e57f0ecaf4e2e216178f4cb3d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.binary.sms.receiver - Xchecked via VT: 9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331882" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58e3eb2a-60ec-4774-ba81-4ccf02de0b81" ,
"value" : "28f570754274db96bffa7ac4a53a5ede3508d82c"
} ,
{
"category" : "Payload delivery" ,
"comment" : "com.binary.sms.receiver - Xchecked via VT: 9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331883" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58e3eb2b-fec4-4fbb-9136-449b02de0b81" ,
"value" : "cc9517aafb58279091ac17533293edc1"
} ,
{
"category" : "External analysis" ,
"comment" : "com.binary.sms.receiver - Xchecked via VT: 9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331884" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58e3eb2c-c470-4d5b-9b5a-4e2f02de0b81" ,
"value" : "https://www.virustotal.com/file/9fae5d148b89001555132c896879652fe1ca633d35271db34622248e048c78ae/analysis/1491317706/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Pegasus for Android Samples - Xchecked via VT: 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331885" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58e3eb2d-75e0-4eb4-a396-483c02de0b81" ,
"value" : "b6850881561265d89597d0d245b33dba3d7d3f47"
} ,
{
"category" : "Payload delivery" ,
"comment" : "Pegasus for Android Samples - Xchecked via VT: 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331886" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58e3eb2e-9fc8-41a4-b604-4d7802de0b81" ,
"value" : "3a69bfbe5bc83c4df938177e05cd7c7c"
} ,
{
"category" : "External analysis" ,
"comment" : "Pegasus for Android Samples - Xchecked via VT: 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331887" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58e3eb2f-b968-413f-82c3-41f102de0b81" ,
"value" : "https://www.virustotal.com/file/3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86/analysis/1491309077/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target - Xchecked via VT: ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331888" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "58e3eb30-c914-457f-8fbd-4d7602de0b81" ,
"value" : "e5920f3723e62e1850157f09baf556006bf80f74"
} ,
{
"category" : "Payload delivery" ,
"comment" : "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target - Xchecked via VT: ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331889" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "58e3eb31-3b7c-4aff-bf5b-494602de0b81" ,
"value" : "7c3ad8fec33465fed6563bbfabb5b13d"
} ,
{
"category" : "External analysis" ,
"comment" : "The following is a review of scope and impact of the Chrysaor app named com.network.android tailored for a Samsung device target - Xchecked via VT: ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5" ,
"deleted" : false ,
"disable_correlation" : false ,
"timestamp" : "1491331890" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "58e3eb32-eef4-4ed4-b8a4-42b802de0b81" ,
"value" : "https://www.virustotal.com/file/ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5/analysis/1491313777/"
}
2023-04-21 13:25:09 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-04-21 13:25:09 +00:00
}