adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/593e542e-e080-464e-af5a-4c2a950d210f.json

176 lines
No EOL
6.5 KiB
JSON
Raw Blame History

{
"Event": {
"analysis": "2",
"date": "2017-06-12",
"extends_uuid": "",
"info": "OSINT - Dvmap: the first Android malware with code injection",
"publish_timestamp": "1497257401",
"published": true,
"threat_level_id": "3",
"timestamp": "1497257362",
"uuid": "593e542e-e080-464e-af5a-4c2a950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#5f0077",
"local": false,
"name": "ms-caro-malware:malware-platform=\"AndroidOS\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": false,
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257312",
"to_ids": false,
"type": "link",
"uuid": "593e543b-8b70-4cdd-9377-4c91950d210f",
"value": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257312",
"to_ids": false,
"type": "text",
"uuid": "593e544d-3dcc-48b1-bca2-4bd7950d210f",
"value": "In April 2017 we started observing new rooting malware being distributed through the Google Play Store. Unlike other rooting malware, this Trojan not only installs its modules into the system, it also injects malicious code into the system runtime libraries. Kaspersky Lab products detect it as Trojan.AndroidOS.Dvmap.a.\r\n\r\nThe distribution of rooting malware through Google Play is not a new thing. For example, the Ztorg Trojan has been uploaded to Google Play almost 100 times since September 2016. But Dvmap is very special rooting malware. It uses a variety of new techniques, but the most interesting thing is that it injects malicious code into the system libraries \u00e2\u20ac\u201c libdmv.so or libandroid_runtime.so.\r\n\r\nThis makes Dvmap the first Android malware that injects malicious code into the system libraries in runtime, and it has been downloaded from the Google Play Store more than 50,000 times. Kaspersky Lab reported the Trojan to Google, and it has now been removed from the store.",
"Tag": [
{
"colour": "#00223b",
"local": false,
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257312",
"to_ids": true,
"type": "md5",
"uuid": "593e54a9-dc78-4bf1-abc2-4c92950d210f",
"value": "43680d1914f28e14c90436e1d42984e2"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257312",
"to_ids": true,
"type": "md5",
"uuid": "593e54a9-61d8-4713-86e2-4c65950d210f",
"value": "20d4b9eb9377c499917c4d69bf4ccebe"
},
{
"category": "Antivirus detection",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257312",
"to_ids": false,
"type": "text",
"uuid": "593e553d-878c-4be0-b8ec-46b1950d210f",
"value": "Trojan.AndroidOS.Dvmap.a"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 43680d1914f28e14c90436e1d42984e2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257314",
"to_ids": true,
"type": "sha256",
"uuid": "593e5562-43ec-4dee-a683-409402de0b81",
"value": "92f8bcd9e62047b380c76afe772ab0fe12ced53b9702d08c37e98424dbb590ae"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 43680d1914f28e14c90436e1d42984e2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257315",
"to_ids": true,
"type": "sha1",
"uuid": "593e5563-8e00-4990-84d5-4e3602de0b81",
"value": "05b0513cb53b0c5ee4ed55ce68cd694e676d4d2b"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 43680d1914f28e14c90436e1d42984e2",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257315",
"to_ids": false,
"type": "link",
"uuid": "593e5563-6840-482e-bb70-4e0b02de0b81",
"value": "https://www.virustotal.com/file/92f8bcd9e62047b380c76afe772ab0fe12ced53b9702d08c37e98424dbb590ae/analysis/1497023362/"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 20d4b9eb9377c499917c4d69bf4ccebe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257316",
"to_ids": true,
"type": "sha256",
"uuid": "593e5564-04a0-4cfe-9dbe-46ff02de0b81",
"value": "183e069c563bd16219c205f7aa1d64fc7cb93c8205adf8de77c50367d56dfc2b"
},
{
"category": "Payload delivery",
"comment": "- Xchecked via VT: 20d4b9eb9377c499917c4d69bf4ccebe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257316",
"to_ids": true,
"type": "sha1",
"uuid": "593e5564-15a8-4d4a-9578-4e0702de0b81",
"value": "7eaed59d6a166bc3ec8ce19a27eeb3d5e9c5802c"
},
{
"category": "External analysis",
"comment": "- Xchecked via VT: 20d4b9eb9377c499917c4d69bf4ccebe",
"deleted": false,
"disable_correlation": false,
"timestamp": "1497257316",
"to_ids": false,
"type": "link",
"uuid": "593e5564-1bd0-41ef-bdc4-4b0802de0b81",
"value": "https://www.virustotal.com/file/183e069c563bd16219c205f7aa1d64fc7cb93c8205adf8de77c50367d56dfc2b/analysis/1497040044/"
}
]
}
}
Reference in a new issue View git blame Copy permalink