misp-circl-feed/feeds/circl/misp/5a26afc4-90d8-407c-b637-4bf9950d210f.json

1 line
692 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{"Event": {"info": "OSINT - Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers", "Tag": [{"colour": "#e7007d", "exportable": true, "name": "workflow:state=\"incomplete\""}, {"colour": "#004646", "exportable": true, "name": "type:OSINT"}, {"colour": "#ffffff", "exportable": true, "name": "tlp:white"}, {"colour": "#211c1c", "exportable": true, "name": "Android Malware"}, {"colour": "#5f0077", "exportable": true, "name": "ms-caro-malware:malware-platform=\"AndroidOS\""}, {"colour": "#001a40", "exportable": true, "name": "ms-caro-malware-full:malware-platform=\"AndroidOS\""}, {"colour": "#3b0020", "exportable": true, "name": "workflow:todo=\"expansion\""}], "publish_timestamp": "0", "timestamp": "1512990858", "analysis": "2", "Attribute": [{"comment": "", "category": "External analysis", "uuid": "5a26afd6-8e90-4d3b-8279-4a5c950d210f", "timestamp": "1512484828", "to_ids": false, "value": "https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "link"}, {"comment": "", "category": "External analysis", "uuid": "5a2e4e9c-bab4-4c9b-aaa4-d653950d210f", "timestamp": "1512984227", "to_ids": false, "value": "The new version of BankBot has been hiding in apps that pose as supposedly trustworthy flashlight apps, tricking users into downloading them, in a first campaign. In a second campaign, the solitaire games and a cleaner app have been dropping additional kinds of malware besides BankBot, called Mazar and Red Alert (Mazar was recently described by ESET and we won\u2019t dive into the details here). However, instead of bringing light, joy and convenience into their users\u2019 lives, the dark intention of these apps has been to spy on users, collect their bank login details and steal their money.", "Tag": [{"colour": "#00223b", "exportable": true, "name": "osint:source-type=\"blog-post\""}], "disable_correlation": false, "object_relation": null, "type": "comment"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5acf-8040-428f-a08a-4780950d210f", "timestamp": "1512987343", "to_ids": true, "value": "ar.nbad.emobile.android.mobilebank", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5ad0-d85c-4167-bbbc-4dc9950d210f", "timestamp": "1512987344", "to_ids": true, "value": "at.bawag.mbanking", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5ad1-ccb8-4352-963b-4fc8950d210f", "timestamp": "1512987345", "to_ids": true, "value": "at.spardat.bcrmobile", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5ad1-d998-4e3a-8db6-4f3f950d210f", "timestamp": "1512987345", "to_ids": true, "value": "at.spardat.netbanking", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5ad2-b834-4e13-9524-42e0950d210f", "timestamp": "1512987346", "to_ids": true, "value": "au.com.bankwest.mobile", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5ad3-3310-432e-a3c5-4105950d210f", "timestamp": "1512987347", "to_ids": true, "value": "au.com.cua.mb", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5ad4-d540-4761-b6b9-4d38950d210f", "timestamp": "1512987348", "to_ids": true, "value": "au.com.nab.mobile", "disable_correlation": false, "object_relation": null, "type": "filename"}, {"comment": "Targeted Apps", "category": "Payload delivery", "uuid": "5a2e5ad4-8450-49af-8464-4f6f950d210f"