{ "Event": { "analysis": "0", "date": "2019-06-12", "extends_uuid": "", "info": "OSINT - Trojan downloader found on Google Play by @Maler360", "publish_timestamp": "1566554388", "published": true, "threat_level_id": "3", "timestamp": "1566554377", "uuid": "5d01fda4-353c-4011-854f-459c950d210f", "Orgc": { "name": "CIRCL", "uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f" }, "Tag": [ { "colour": "#500064", "local": false, "name": "ms-caro-malware:malware-type=\"Trojan\"", "relationship_type": "" }, { "colour": "#00183c", "local": false, "name": "ms-caro-malware-full:malware-type=\"Trojan\"", "relationship_type": "" }, { "colour": "#004f4f", "local": false, "name": "ecsirt:malicious-code=\"trojan\"", "relationship_type": "" }, { "colour": "#5a0041", "local": false, "name": "CERT-XLM:malicious-code=\"trojan-malware\"", "relationship_type": "" }, { "colour": "#284800", "local": false, "name": "malware_classification:malware-category=\"Trojan\"", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0071c3", "local": false, "name": "osint:lifetime=\"perpetual\"", "relationship_type": "" }, { "colour": "#0087e8", "local": false, "name": "osint:certainty=\"50\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:white", "relationship_type": "" } ], "Object": [ { "comment": "", "deleted": false, "description": "Microblog post like a Twitter tweet or a post on a Facebook wall.", "meta-category": "misc", "name": "microblog", "template_uuid": "8ec8c911-ddbe-4f5b-895b-fbff70c42a60", "template_version": "6", "timestamp": "1560416338", "uuid": "5d021052-19e0-4c1a-9f4e-4beb950d210f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "post", "timestamp": "1560416338", "to_ids": false, "type": "text", "uuid": "5d021052-eaa4-46aa-834d-47e0950d210f", "value": "Trojan downloader found on Google Play by @Maler360\r\n\r\n\r\n-once launched, hides itself icon\r\n-downloads additional app over HTTP\r\n-makes user install it\r\n-second app can then download additional apps & make user install them as \"Update Alert\" + display ads\r\n-100,000+ installs\r\n-reported" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "type", "timestamp": "1560416339", "to_ids": false, "type": "text", "uuid": "5d021053-7740-497d-b628-4080950d210f", "value": "Twitter" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "url", "timestamp": "1560416339", "to_ids": true, "type": "url", "uuid": "5d021053-c424-4754-a928-4d60950d210f", "value": "https://mobile.twitter.com/LukasStefanko/status/1138764352411131905" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username-quoted", "timestamp": "1560416339", "to_ids": false, "type": "text", "uuid": "5d021053-5310-4d89-9100-4cc4950d210f", "value": "@Maler360" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1560416339", "to_ids": false, "type": "text", "uuid": "5d021053-f308-4168-8167-4f9a950d210f", "value": "LukasStefanko" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "creation-date", "timestamp": "1560416339", "to_ids": false, "type": "datetime", "uuid": "5d021053-5a70-46c7-938e-47dc950d210f", "value": "2019-06-12T13:05:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1560416558", "uuid": "5d02112e-2e34-48ce-9cc6-42aa950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1560416558", "to_ids": true, "type": "filename", "uuid": "5d02112e-20ac-452a-903b-43f1950d210f", "value": "com.pippa.amazingmonstercar" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1560416568", "to_ids": true, "type": "md5", "uuid": "5d021138-4ab8-49a2-b718-4513950d210f", "value": "6d48cf90e0af21da5e516f0009efcc7f" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1560416709", "uuid": "5d0211c5-e644-494f-9fb6-4475950d210f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1560416710", "to_ids": true, "type": "filename", "uuid": "5d0211c6-7fb4-451f-ac91-4cb8950d210f", "value": "nightdescent.apk" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1560416713", "to_ids": true, "type": "md5", "uuid": "5d0211c9-beec-436e-98b8-4be8950d210f", "value": "f64cbd33651a99b08a9168607a2374d1" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566554363", "uuid": "1aff6893-393f-4b72-ac4d-9e083901d021", "ObjectReference": [ { "comment": "", "object_uuid": "1aff6893-393f-4b72-ac4d-9e083901d021", "referenced_uuid": "97e74bae-c5ce-4338-8ccc-42d85a523d67", "relationship_type": "analysed-with", "timestamp": "1566554365", "uuid": "5d5fb8fd-f340-4de1-9dc9-4168950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1560416713", "to_ids": true, "type": "md5", "uuid": "b32c0591-6c4a-4ed8-a915-35eba5cb1fac", "value": "f64cbd33651a99b08a9168607a2374d1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1560416713", "to_ids": true, "type": "sha1", "uuid": "a5d88c4e-b23b-4185-9c52-3e15f613d37a", "value": "a16bb93ee35e7636e4f824010ddbba975a7db5ed" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1560416713", "to_ids": true, "type": "sha256", "uuid": "6373314d-4122-4da7-9e1f-1207fef3b124", "value": "3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566554363", "uuid": "97e74bae-c5ce-4338-8ccc-42d85a523d67", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1560416713", "to_ids": false, "type": "datetime", "uuid": "230977f5-f6de-4656-b687-80da6fea7b01", "value": "2019-06-30T19:04:50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1560416713", "to_ids": false, "type": "link", "uuid": "cace9e83-b407-4f5f-8650-67b59112656b", "value": "https://www.virustotal.com/file/3055fc207f21d4140249a3eb3efcdea047dfe005a4c23388ab917ffe3a8515d7/analysis/1561921490/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1560416713", "to_ids": false, "type": "text", "uuid": "7f114609-9d79-47f5-a3f9-1ab3d9abd96f", "value": "24/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "17", "timestamp": "1566554364", "uuid": "43258e1d-e7f7-4d86-81e2-be8ea5699a06", "ObjectReference": [ { "comment": "", "object_uuid": "43258e1d-e7f7-4d86-81e2-be8ea5699a06", "referenced_uuid": "e77b5597-90c3-4499-8562-25ffbea00286", "relationship_type": "analysed-with", "timestamp": "1566554365", "uuid": "5d5fb8fd-e214-4ed1-ab14-4dca950d210f" } ], "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1560416568", "to_ids": true, "type": "md5", "uuid": "878fd93b-27bf-49e3-a7db-04083ed645d8", "value": "6d48cf90e0af21da5e516f0009efcc7f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1560416568", "to_ids": true, "type": "sha1", "uuid": "f6772f0b-7182-4768-b096-109a2d023768", "value": "83dbf7f9097aa314c64d1ed50a7a112ca87ed38d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1560416568", "to_ids": true, "type": "sha256", "uuid": "c95bcce1-789d-4e80-a880-d839f1b2d3d4", "value": "32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c" } ] }, { "comment": "", "deleted": false, "description": "VirusTotal report", "meta-category": "misc", "name": "virustotal-report", "template_uuid": "d7dd0154-e04f-4c34-a2fb-79f3a3a52aa4", "template_version": "2", "timestamp": "1566554364", "uuid": "e77b5597-90c3-4499-8562-25ffbea00286", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "last-submission", "timestamp": "1560416568", "to_ids": false, "type": "datetime", "uuid": "bd891f80-8e4c-4dc6-801a-dc838de32a1a", "value": "2019-06-30T19:04:34" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "permalink", "timestamp": "1560416568", "to_ids": false, "type": "link", "uuid": "24a845de-e030-41f1-893e-d0b69cdfb811", "value": "https://www.virustotal.com/file/32c3c1732d8a5b299045ef44f9165d2710d098fc402358aa09ad07fcfd05db1c/analysis/1561921474/" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "detection-ratio", "timestamp": "1560416568", "to_ids": false, "type": "text", "uuid": "55169594-dc67-4c52-8b57-5b134a3fdd8e", "value": "16/60" } ] } ] } }