2023-04-21 13:25:09 +00:00
{
"Event" : {
"analysis" : "0" ,
"date" : "2019-06-12" ,
"extends_uuid" : "" ,
"info" : "OSINT - Trojan downloader found on Google Play by @Maler360" ,
"publish_timestamp" : "1566554388" ,
"published" : true ,
"threat_level_id" : "3" ,
"timestamp" : "1566554377" ,
"uuid" : "5d01fda4-353c-4011-854f-459c950d210f" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#500064" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ms-caro-malware:malware-type=\"Trojan\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#00183c" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ms-caro-malware-full:malware-type=\"Trojan\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004f4f" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "ecsirt:malicious-code=\"trojan\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#5a0041" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "CERT-XLM:malicious-code=\"trojan-malware\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#284800" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "malware_classification:malware-category=\"Trojan\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#004646" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0071c3" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#0087e8" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
} ,
{
"colour" : "#ffffff" ,
2023-05-19 09:05:37 +00:00
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
2023-04-21 13:25:09 +00:00
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Microblog post like a Twitter tweet or a post on a Facebook wall." ,
"meta-category" : "misc" ,
"name" : "microblog" ,
"template_uuid" : "8ec8c911-ddbe-4f5b-895b-fbff70c42a60" ,
"template_version" : "6" ,
"timestamp" : "1560416338" ,
"uuid" : "5d021052-19e0-4c1a-9f4e-4beb950d210f" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "post" ,
"timestamp" : "1560416338" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5d021052-eaa4-46aa-834d-47e0950d210f" ,
"value" : "Trojan downloader found on Google Play by @Maler360\r\n\r\n\r\n-once launched, hides itself icon\r\n-downloads additional app over HTTP\r\n-makes user install it\r\n-second app can then download additional apps & make user install them as \"Update Alert\" + display ads\r\n-100,000+ installs\r\n-reported"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1560416339" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5d021053-7740-497d-b628-4080950d210f" ,
"value" : "Twitter"
} ,
{
"category" : "Network activity" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "url" ,
"timestamp" : "1560416339" ,
"to_ids" : true ,
"type" : "url" ,
"uuid" : "5d021053-c424-4754-a928-4d60950d210f" ,
"value" : "https://mobile.twitter.com/LukasStefanko/status/1138764352411131905"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "username-quoted" ,
"timestamp" : "1560416339" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5d021053-5310-4d89-9100-4cc4950d210f" ,
"value" : "@Maler360"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "username" ,
"timestamp" : "1560416339" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "5d021053-f308-4168-8167-4f9a950d210f" ,
"value" : "LukasStefanko"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "creation-date" ,
"timestamp" : "1560416339" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "5d021053-5a70-46c7-938e-47dc950d210f" ,
"value" : "2019-06-12T13:05:00"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "17" ,
"timestamp" : "1560416558" ,
"uuid" : "5d02112e-2e34-48ce-9cc6-42aa950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1560416558" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5d02112e-20ac-452a-903b-43f1950d210f" ,
"value" : "com.pippa.amazingmonstercar"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1560416568" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5d021138-4ab8-49a2-b718-4513950d210f" ,
"value" : "6d48cf90e0af21da5e516f0009efcc7f"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "17" ,
"timestamp" : "1560416709" ,
"uuid" : "5d0211c5-e644-494f-9fb6-4475950d210f" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "filename" ,
"timestamp" : "1560416710" ,
"to_ids" : true ,
"type" : "filename" ,
"uuid" : "5d0211c6-7fb4-451f-ac91-4cb8950d210f" ,
"value" : "nightdescent.apk"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1560416713" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5d0211c9-beec-436e-98b8-4be8950d210f" ,
"value" : "f64cbd33651a99b08a9168607a2374d1"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "17" ,
"timestamp" : "1566554363" ,
"uuid" : "1aff6893-393f-4b72-ac4d-9e083901d021" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "1aff6893-393f-4b72-ac4d-9e083901d021" ,
"referenced_uuid" : "97e74bae-c5ce-4338-8ccc-42d85a523d67" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1566554365" ,
"uuid" : "5d5fb8fd-f340-4de1-9dc9-4168950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1560416713" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b32c0591-6c4a-4ed8-a915-35eba5cb1fac" ,
"value" : "f64cbd33651a99b08a9168607a2374d1"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1560416713" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a5d88c4e-b23b-4185-9c52-3e15f613d37a" ,
"value" : "a16bb93ee35e7636e4f824010ddbba975a7db5ed"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1560416713" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6373314d-4122-4da7-9e1f-1207fef3b124" ,
"value" : "3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1566554363" ,
"uuid" : "97e74bae-c5ce-4338-8ccc-42d85a523d67" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1560416713" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "230977f5-f6de-4656-b687-80da6fea7b01" ,
"value" : "2019-06-30T19:04:50"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1560416713" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "cace9e83-b407-4f5f-8650-67b59112656b" ,
"value" : "https://www.virustotal.com/file/3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7/analysis/1561921490/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1560416713" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "7f114609-9d79-47f5-a3f9-1ab3d9abd96f" ,
"value" : "24/61"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "17" ,
"timestamp" : "1566554364" ,
"uuid" : "43258e1d-e7f7-4d86-81e2-be8ea5699a06" ,
"ObjectReference" : [
{
"comment" : "" ,
"object_uuid" : "43258e1d-e7f7-4d86-81e2-be8ea5699a06" ,
"referenced_uuid" : "e77b5597-90c3-4499-8562-25ffbea00286" ,
"relationship_type" : "analysed-with" ,
"timestamp" : "1566554365" ,
"uuid" : "5d5fb8fd-e214-4ed1-ab14-4dca950d210f"
}
] ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1560416568" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "878fd93b-27bf-49e3-a7db-04083ed645d8" ,
"value" : "6d48cf90e0af21da5e516f0009efcc7f"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1560416568" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f6772f0b-7182-4768-b096-109a2d023768" ,
"value" : "83dbf7f9097aa314c64d1ed50a7a112ca87ed38d"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1560416568" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c95bcce1-789d-4e80-a880-d839f1b2d3d4" ,
"value" : "32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c"
}
]
} ,
{
"comment" : "" ,
"deleted" : false ,
"description" : "VirusTotal report" ,
"meta-category" : "misc" ,
"name" : "virustotal-report" ,
"template_uuid" : "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4" ,
"template_version" : "2" ,
"timestamp" : "1566554364" ,
"uuid" : "e77b5597-90c3-4499-8562-25ffbea00286" ,
"Attribute" : [
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "last-submission" ,
"timestamp" : "1560416568" ,
"to_ids" : false ,
"type" : "datetime" ,
"uuid" : "bd891f80-8e4c-4dc6-801a-dc838de32a1a" ,
"value" : "2019-06-30T19:04:34"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "permalink" ,
"timestamp" : "1560416568" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "24a845de-e030-41f1-893e-d0b69cdfb811" ,
"value" : "https://www.virustotal.com/file/32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c/analysis/1561921474/"
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "detection-ratio" ,
"timestamp" : "1560416568" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "55169594-dc67-4c52-8b57-5b134a3fdd8e" ,
"value" : "16/60"
}
]
}
]
}
}