{ "Event": { "analysis": "2", "date": "2015-09-24", "extends_uuid": "", "info": "OSINT - Guaranteed Clicks: Mobile App Company Takes Control of Android Phones", "publish_timestamp": "1443087119", "published": true, "threat_level_id": "3", "timestamp": "1443087040", "uuid": "5603c00a-e4d0-42e1-a0b7-85ab950d210b", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#ffffff", "name": "tlp:white" }, { "colour": "#004646", "name": "type:OSINT" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086369", "to_ids": false, "type": "link", "uuid": "5603c021-4ca0-4fa9-8839-85ab950d210b", "value": "https://www.fireeye.com/blog/threat-research/2015/09/guaranteed_clicksm.html" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086586", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fa-1ad4-434c-af63-960e950d210b", "value": "com.locker.maboo.tow|12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086587", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fb-5eb8-4e97-8f67-960e950d210b", "value": "com.tmdfkslakssspp111.ivityfffds1133|8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086587", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fb-d66c-440d-84c7-960e950d210b", "value": "com1.xiaoao2.FruitSingle|d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086587", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fb-7db4-4dc4-8278-960e950d210b", "value": "com.mobilefish.pig.enpais|3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086588", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fc-8798-4437-a81f-960e950d210b", "value": "com.adad.flashlight|b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086588", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fc-5294-45ec-a43f-960e950d210b", "value": "com.liuximnb.videokl2|396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086589", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fd-dfc4-4c7d-b420-960e950d210b", "value": "com.4puBX.Bu1q0|98bdad683b0ae189ed0fa56fb1e147c93e96e085dff90565ee246a4f6c4e2850" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086589", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fd-08a8-47b6-be19-960e950d210b", "value": "com.sQ1z7.JXhkN|f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086590", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fe-0004-4fb9-ad04-960e950d210b", "value": "com.cg.wifienhancer|b3c3d131200369d1c28285010b99d591f9a9c0629b0ba9fedd1b4ffe0170cf4c" }, { "category": "Payload installation", "comment": "Package name - samples", "deleted": false, "disable_correlation": false, "timestamp": "1443086590", "to_ids": true, "type": "filename|sha256", "uuid": "5603c0fe-726c-47b5-83a7-960e950d210b", "value": "com.BmiZX.p6l9v|0a63ca301d97930eb8352c0772fb39015e4b89cd82e72391213ee82414e60cf8" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07", "deleted": false, "disable_correlation": false, "timestamp": "1443086613", "to_ids": true, "type": "sha1", "uuid": "5603c115-6914-4c2c-9b78-937a950d210b", "value": "d07f56b2f51dfbe8638f927dbf18edc4b9c74f3b" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07", "deleted": false, "disable_correlation": false, "timestamp": "1443086613", "to_ids": true, "type": "md5", "uuid": "5603c115-cad4-48b9-8da4-937a950d210b", "value": "d407f8fd7369bb73fe87c99ee4b86f18" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086613", "to_ids": false, "type": "link", "uuid": "5603c115-5d84-4823-a75f-937a950d210b", "value": "https://www.virustotal.com/file/f46c21a2976af7ba23e0af54943eacdaad2fd0b3108fde6d1502879fe9c83d07/analysis/1443012182/" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713", "deleted": false, "disable_correlation": false, "timestamp": "1443086614", "to_ids": true, "type": "sha1", "uuid": "5603c116-4ec8-4426-b62f-937a950d210b", "value": "7f29a5012107aebf89cb00b792540791df32fd75" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713", "deleted": false, "disable_correlation": false, "timestamp": "1443086614", "to_ids": true, "type": "md5", "uuid": "5603c116-e0a0-474c-bfbd-937a950d210b", "value": "a4431ef1d9a275a39831fac2d255fb9c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086614", "to_ids": false, "type": "link", "uuid": "5603c116-3ea4-4cdd-b173-937a950d210b", "value": "https://www.virustotal.com/file/396324dc3f34785aca1ece255a6f142f52e831b22bf96906c2a10b61b1da4713/analysis/1443012179/" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58", "deleted": false, "disable_correlation": false, "timestamp": "1443086615", "to_ids": true, "type": "sha1", "uuid": "5603c117-ef18-4a50-9f3c-937a950d210b", "value": "ada4466924a7fb08dbe2a7650f2d0e789b984284" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58", "deleted": false, "disable_correlation": false, "timestamp": "1443086615", "to_ids": true, "type": "md5", "uuid": "5603c117-ec1c-45cb-946e-937a950d210b", "value": "3788d40651151f0fcf441b7fceaf7f2a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086616", "to_ids": false, "type": "link", "uuid": "5603c118-d910-4a0f-80ef-937a950d210b", "value": "https://www.virustotal.com/file/b05013bbabf0a24a2c8b9c7b3f3ad79b065c6daaaec51c2e61790b05932dbb58/analysis/1442581837/" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e", "deleted": false, "disable_correlation": false, "timestamp": "1443086616", "to_ids": true, "type": "sha1", "uuid": "5603c118-0cf0-44a1-83eb-937a950d210b", "value": "c97cbc54f0a0f313092f1a2a33dd2850974cd3cd" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e", "deleted": false, "disable_correlation": false, "timestamp": "1443086616", "to_ids": true, "type": "md5", "uuid": "5603c118-5814-449d-a196-937a950d210b", "value": "8c5ff2b37657fe28bcbc6b6eac0165fd" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086617", "to_ids": false, "type": "link", "uuid": "5603c119-0e04-41f2-9bbd-937a950d210b", "value": "https://www.virustotal.com/file/3a5bbe5454124ba5fbaa0dc7786fd2361dd903f84ccf65be65b0b0b77d432e6e/analysis/1443012180/" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7", "deleted": false, "disable_correlation": false, "timestamp": "1443086617", "to_ids": true, "type": "sha1", "uuid": "5603c119-c3cc-443f-a009-937a950d210b", "value": "5bd07c5b8c8e1b8c7d62b525b1d98ef7efaa3ac7" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7", "deleted": false, "disable_correlation": false, "timestamp": "1443086617", "to_ids": true, "type": "md5", "uuid": "5603c119-4bd0-4ff5-87b4-937a950d210b", "value": "396ca4c3594c705d3289ad8e59a995d7" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086618", "to_ids": false, "type": "link", "uuid": "5603c11a-fcec-4fc2-a04e-937a950d210b", "value": "https://www.virustotal.com/file/d65696c077b480bb0afab2390f1efd37d701ca2f6cbaa91977d4ac76957438c7/analysis/1443012179/" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553", "deleted": false, "disable_correlation": false, "timestamp": "1443086618", "to_ids": true, "type": "sha1", "uuid": "5603c11a-6914-4589-adaa-937a950d210b", "value": "7be4297d98b41a5974af610351b58c677f364125" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553", "deleted": false, "disable_correlation": false, "timestamp": "1443086618", "to_ids": true, "type": "md5", "uuid": "5603c11a-5c88-4d87-b3b6-937a950d210b", "value": "138d642a9c793ff54959812c376a0835" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086619", "to_ids": false, "type": "link", "uuid": "5603c11b-67e0-4c7a-ab1c-937a950d210b", "value": "https://www.virustotal.com/file/8b5b898c7ad2fc6b516800f411b7181877a89124a94ba8a9fa0e974972c67553/analysis/1443012180/" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d", "deleted": false, "disable_correlation": false, "timestamp": "1443086619", "to_ids": true, "type": "sha1", "uuid": "5603c11b-1080-4a87-8599-937a950d210b", "value": "ddce1aee88946f2312d5fbc56f4dd866a44fd6e2" }, { "category": "Payload installation", "comment": "Package name - samples - Xchecked via VT: 12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d", "deleted": false, "disable_correlation": false, "timestamp": "1443086619", "to_ids": true, "type": "md5", "uuid": "5603c11b-ed78-442e-b2ab-937a950d210b", "value": "c9d2b9e3f7dd7e01612679f44b65462d" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443086620", "to_ids": false, "type": "link", "uuid": "5603c11c-2364-4b72-b9fd-937a950d210b", "value": "https://www.virustotal.com/file/12b8da40ec9e53a83a7c4b1d490db397730123efa5e8ed39ee596d3bae42f80d/analysis/1443012180/" }, { "category": "Network activity", "comment": "it downloads an APK from the following URL and dynamically loads logic to execute", "deleted": false, "disable_correlation": false, "timestamp": "1443086927", "to_ids": true, "type": "url", "uuid": "5603c24f-ea00-471f-b2de-9393950d210b", "value": "http://down.onowcdn.com/onekeysdk/tr_new/rt_0907_129.apk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443087017", "to_ids": true, "type": "domain", "uuid": "5603c2a9-8690-4bc7-8ad1-963b950d210b", "value": "aedxdrcb.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443087017", "to_ids": true, "type": "domain", "uuid": "5603c2a9-fe84-4073-8397-963b950d210b", "value": "hdyfhpoi.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443087018", "to_ids": true, "type": "domain", "uuid": "5603c2aa-ad04-4e0f-80ad-963b950d210b", "value": "syllyq1n.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443087018", "to_ids": true, "type": "domain", "uuid": "5603c2aa-d9a4-40ab-80ea-963b950d210b", "value": "wksnkys7.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1443087040", "to_ids": true, "type": "url", "uuid": "5603c2c0-8d0c-4158-81a1-85a9950d210b", "value": "http://down.agacdn.com/onlyapk/coolbroser_2.2_release_yeahmobi_self_1.apk" } ] } }