447 lines
16 KiB
JSON
447 lines
16 KiB
JSON
|
{
|
||
|
"Event": {
|
||
|
"analysis": "2",
|
||
|
"date": "2015-09-24",
|
||
|
"extends_uuid": "",
|
||
|
"info": "OSINT - Guaranteed Clicks: Mobile App Company Takes Control of Android Phones",
|
||
|
"publish_timestamp": "1443087119",
|
||
|
"published": true,
|
||
|
"threat_level_id": "3",
|
||
|
"timestamp": "1443087040",
|
||
|
"uuid": "5603c00a-e4d0-42e1-a0b7-85ab950d210b",
|
||
|
"Orgc": {
|
||
|
"name": "CIRCL",
|
||
|
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
|
||
|
},
|
||
|
"Tag": [
|
||
|
{
|
||
|
"colour": "#ffffff",
|
||
|
"name": "tlp:white"
|
||
|
},
|
||
|
{
|
||
|
"colour": "#004646",
|
||
|
"name": "type:OSINT"
|
||
|
}
|
||
|
],
|
||
|
"Attribute": [
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086369",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c021-4ca0-4fa9-8839-85ab950d210b",
|
||
|
"value": "https://www.fireeye.com/blog/threat-research/2015/09/guaranteed_clicksm.html"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086586",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fa-1ad4-434c-af63-960e950d210b",
|
||
|
"value": "com.locker.maboo.tow|12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086587",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fb-5eb8-4e97-8f67-960e950d210b",
|
||
|
"value": "com.tmdfkslakssspp111.ivityfffds1133|8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086587",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fb-d66c-440d-84c7-960e950d210b",
|
||
|
"value": "com1.xiaoao2.FruitSingle|d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086587",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fb-7db4-4dc4-8278-960e950d210b",
|
||
|
"value": "com.mobilefish.pig.enpais|3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086588",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fc-8798-4437-a81f-960e950d210b",
|
||
|
"value": "com.adad.flashlight|b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086588",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fc-5294-45ec-a43f-960e950d210b",
|
||
|
"value": "com.liuximnb.videokl2|396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086589",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fd-dfc4-4c7d-b420-960e950d210b",
|
||
|
"value": "com.4puBX.Bu1q0|98bdad683b0ae189ed0fa56fb1e147c93e96e085dff90565ee246a4f6c4e2850"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086589",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fd-08a8-47b6-be19-960e950d210b",
|
||
|
"value": "com.sQ1z7.JXhkN|f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086590",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fe-0004-4fb9-ad04-960e950d210b",
|
||
|
"value": "com.cg.wifienhancer|b3c3d131200369d1c28285010b99d591f9a9c0629b0ba9fedd1b4ffe0170cf4c"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086590",
|
||
|
"to_ids": true,
|
||
|
"type": "filename|sha256",
|
||
|
"uuid": "5603c0fe-726c-47b5-83a7-960e950d210b",
|
||
|
"value": "com.BmiZX.p6l9v|0a63ca301d97930eb8352c0772fb39015e4b89cd82e72391213ee82414e60cf8"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086613",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5603c115-6914-4c2c-9b78-937a950d210b",
|
||
|
"value": "d07f56b2f51dfbe8638f927dbf18edc4b9c74f3b"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086613",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5603c115-cad4-48b9-8da4-937a950d210b",
|
||
|
"value": "d407f8fd7369bb73fe87c99ee4b86f18"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086613",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c115-5d84-4823-a75f-937a950d210b",
|
||
|
"value": "https://www.virustotal.com/file/f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07/analysis/1443012182/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086614",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5603c116-4ec8-4426-b62f-937a950d210b",
|
||
|
"value": "7f29a5012107aebf89cb00b792540791df32fd75"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086614",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5603c116-e0a0-474c-bfbd-937a950d210b",
|
||
|
"value": "a4431ef1d9a275a39831fac2d255fb9c"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086614",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c116-3ea4-4cdd-b173-937a950d210b",
|
||
|
"value": "https://www.virustotal.com/file/396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713/analysis/1443012179/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086615",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5603c117-ef18-4a50-9f3c-937a950d210b",
|
||
|
"value": "ada4466924a7fb08dbe2a7650f2d0e789b984284"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086615",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5603c117-ec1c-45cb-946e-937a950d210b",
|
||
|
"value": "3788d40651151f0fcf441b7fceaf7f2a"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086616",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c118-d910-4a0f-80ef-937a950d210b",
|
||
|
"value": "https://www.virustotal.com/file/b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58/analysis/1442581837/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086616",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5603c118-0cf0-44a1-83eb-937a950d210b",
|
||
|
"value": "c97cbc54f0a0f313092f1a2a33dd2850974cd3cd"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086616",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5603c118-5814-449d-a196-937a950d210b",
|
||
|
"value": "8c5ff2b37657fe28bcbc6b6eac0165fd"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086617",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c119-0e04-41f2-9bbd-937a950d210b",
|
||
|
"value": "https://www.virustotal.com/file/3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e/analysis/1443012180/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086617",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5603c119-c3cc-443f-a009-937a950d210b",
|
||
|
"value": "5bd07c5b8c8e1b8c7d62b525b1d98ef7efaa3ac7"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086617",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5603c119-4bd0-4ff5-87b4-937a950d210b",
|
||
|
"value": "396ca4c3594c705d3289ad8e59a995d7"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086618",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c11a-fcec-4fc2-a04e-937a950d210b",
|
||
|
"value": "https://www.virustotal.com/file/d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7/analysis/1443012179/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086618",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5603c11a-6914-4589-adaa-937a950d210b",
|
||
|
"value": "7be4297d98b41a5974af610351b58c677f364125"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086618",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5603c11a-5c88-4d87-b3b6-937a950d210b",
|
||
|
"value": "138d642a9c793ff54959812c376a0835"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086619",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c11b-67e0-4c7a-ab1c-937a950d210b",
|
||
|
"value": "https://www.virustotal.com/file/8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553/analysis/1443012180/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086619",
|
||
|
"to_ids": true,
|
||
|
"type": "sha1",
|
||
|
"uuid": "5603c11b-1080-4a87-8599-937a950d210b",
|
||
|
"value": "ddce1aee88946f2312d5fbc56f4dd866a44fd6e2"
|
||
|
},
|
||
|
{
|
||
|
"category": "Payload installation",
|
||
|
"comment": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086619",
|
||
|
"to_ids": true,
|
||
|
"type": "md5",
|
||
|
"uuid": "5603c11b-ed78-442e-b2ab-937a950d210b",
|
||
|
"value": "c9d2b9e3f7dd7e01612679f44b65462d"
|
||
|
},
|
||
|
{
|
||
|
"category": "External analysis",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086620",
|
||
|
"to_ids": false,
|
||
|
"type": "link",
|
||
|
"uuid": "5603c11c-2364-4b72-b9fd-937a950d210b",
|
||
|
"value": "https://www.virustotal.com/file/12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d/analysis/1443012180/"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "it downloads an APK from the following URL and dynamically loads logic to execute",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443086927",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5603c24f-ea00-471f-b2de-9393950d210b",
|
||
|
"value": "http://down.onowcdn.com/onekeysdk/tr_new/rt_0907_129.apk"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443087017",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5603c2a9-8690-4bc7-8ad1-963b950d210b",
|
||
|
"value": "aedxdrcb.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443087017",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5603c2a9-fe84-4073-8397-963b950d210b",
|
||
|
"value": "hdyfhpoi.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443087018",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5603c2aa-ad04-4e0f-80ad-963b950d210b",
|
||
|
"value": "syllyq1n.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443087018",
|
||
|
"to_ids": true,
|
||
|
"type": "domain",
|
||
|
"uuid": "5603c2aa-d9a4-40ab-80ea-963b950d210b",
|
||
|
"value": "wksnkys7.com"
|
||
|
},
|
||
|
{
|
||
|
"category": "Network activity",
|
||
|
"comment": "",
|
||
|
"deleted": false,
|
||
|
"disable_correlation": false,
|
||
|
"timestamp": "1443087040",
|
||
|
"to_ids": true,
|
||
|
"type": "url",
|
||
|
"uuid": "5603c2c0-8d0c-4158-81a1-85a9950d210b",
|
||
|
"value": "http://down.agacdn.com/onlyapk/coolbroser_2.2_release_yeahmobi_self_1.apk"
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
}
|