misp-circl-feed/feeds/circl/misp/599e9484-8cc4-4fe3-aa60-b71d950d210f.json

1 line
75 KiB
JSON
Raw Normal View History

2023-12-14 14:30:15 +00:00
{"Event": {"info": "OSINT - Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More", "Tag": [{"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}, {"colour": "#001534", "exportable": true, "name": "ms-caro-malware-full:malware-type=\"Backdoor\""}], "publish_timestamp": "0", "timestamp": "1503566009", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "599e949c-d55c-4e54-adec-4655950d210f", "timestamp": "1503565169", "to_ids": false, "value": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-backdoor-ghostctrl-can-silently-record-your-audio-video-and-more/", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "599e949c-8180-4774-aa40-4841950d210f", "timestamp": "1503565105", "to_ids": false, "value": "https://documents.trendmicro.com/assets/Appendix-Android-Backdoor-GhostCtrl-can-Silently-Record-Your-Audio-Video-and-More.pdf", "Tag": [{"colour": "#002b4a", "exportable": true, "name": "osint:source-type=\"technical-report\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "599e95b3-8300-44d2-b0fa-4436950d210f", "timestamp": "1503565235", "to_ids": false, "value": "The information-stealing RETADUP worm that affected Israeli hospitals is actually just part of an attack that turned out to be bigger than we first thought\u2014at least in terms of impact. It was accompanied by an even more dangerous threat: an Android malware that can take over the device.\r\n\r\nDetected by Trend Micro as ANDROIDOS_GHOSTCTRL.OPS / ANDROIDOS_GHOSTCTRL.OPSA, we\u2019ve named this Android backdoor GhostCtrl as it can stealthily control many of the infected device\u2019s functionalities.", "disable_correlation": false, "object_relation": null, "type": "comment"}, {"comment": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS", "category": "Payload delivery", "uuid": "599e979a-1d14-4556-8794-d47e950d210f", "timestamp": "1503565722", "to_ids": true, "value": "ef761f4819aa5ff14e14e05c49a49c9cd4f18df76bd51f1b8d33dc312213f6e1", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS", "category": "Payload delivery", "uuid": "599e979a-ccc8-4b44-808d-d47e950d210f", "timestamp": "1503565722", "to_ids": true, "value": "18bde9201d7470372b6e04db866c2ce1183c3ead0eb8c05ca6e93709655fcd9b", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS", "category": "Payload delivery", "uuid": "599e979a-568c-4779-9b69-d47e950d210f", "timestamp": "1503565722", "to_ids": true, "value": "d463c96c24839b763fb9def1dc33be1b217ea6ef77d84a7092a7cc0b4c8cea51", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS", "category": "Payload delivery", "uuid": "599e979a-efb0-4b3b-bf12-d47e950d210f", "timestamp": "1503565722", "to_ids": true, "value": "82a2bb72c1e3385fcc731ecbe1525fb1a5fbdf0abfa156cbae1606b0e597543e", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS", "category": "Payload delivery", "uuid": "599e979a-1b74-413c-8656-d47e950d210f", "timestamp": "1503565722", "to_ids": true, "value": "6dc7d5ca86b2c5794ab6c899fc17f3778a54d7de222ee9d6a50b90bb04921068", "disable_correlation": false, "object_relation": null, "type": "sha256"}, {"comment": "Related Hashes Detected as ANDROIDOS_GHOSTCTRL.OPS/ANDROIDOS_GHOSTCTRL.OPS", "category": "Payload deliver