118 lines
4 KiB
JSON
118 lines
4 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2017-08-11",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Fake Snapchat in Google Play Store",
|
||
|
"publish_timestamp": "1502462432",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1502462398",
|
||
|
"uuid": "598dc10d-2e10-4de5-8745-433202de0b81",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#5f0077",
|
||
|
"name": "ms-caro-malware:malware-platform=\"AndroidOS\""
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1502462398",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "598dc128-b620-491f-902c-4df402de0b81",
|
||
|
"value": "https://blog.zimperium.com/fake-snapchat-google-play-store/",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1502462398",
|
||
|
"to_ids": false,
|
||
|
"type": "text",
|
||
|
"uuid": "598dc141-218c-4086-b974-497e02de0b81",
|
||
|
"value": "Zimperium discovered and reported a fake version of the popular Snapchat app in the official Google Play Store; At the time of our discovery, it was the second result when searching for \u00e2\u20ac\u0153Snapchat\u00e2\u20ac\u009d. The fake version of Snapchat app is using \u00e2\u20ac\u0153Snap Inc .\u00e2\u20ac\u009d as Company Name, with a \u00e2\u20ac\u009d .\u00e2\u20ac\u009d appended to original name.",
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#00223b",
|
||
|
"name": "osint:source-type=\"blog-post\""
|
||
|
}
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1502462398",
|
||
|
"to_ids": false,
|
||
|
"type": "mobile-application-id",
|
||
|
"uuid": "598dc195-e494-4617-a1e4-486302de0b81",
|
||
|
"value": "com.snacha.android"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1502462398",
|
||
|
"to_ids": true,
|
||
|
"type": "sha256",
|
||
|
"uuid": "598dc1b5-d13c-4fb5-a52d-44ca02de0b81",
|
||
|
"value": "f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1502462398",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "598dc1be-1174-4856-a6e8-4dc702de0b81",
|
||
|
"value": "41859c0fe79f625ddcc0f851519a811c2d017a18"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload delivery",
|
||
|
"comment": "- Xchecked via VT: f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1502462398",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "598dc1be-80cc-4105-a841-430f02de0b81",
|
||
|
"value": "510f1c68f93ff812e07ffe8caf609a63"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "- Xchecked via VT: f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1502462398",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "598dc1be-ccb4-4eea-8924-44e802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f1049a50763fd4a8dddd45735ee97a419caac0997a0c99393af111a24afdf146/analysis/1502452010/"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|