misp-circl-feed/feeds/circl/misp/58b7da09-466c-4c5e-bb8d-4dd2950d210f.json

524 lines
No EOL
20 KiB
JSON

{
"Event": {
"analysis": "2",
"date": "2017-03-02",
"extends_uuid": "",
"info": "OSINT - Google Play Apps Infected with Malicious IFrames",
"publish_timestamp": "1488444419",
"published": true,
"threat_level_id": "3",
"timestamp": "1488444322",
"uuid": "58b7da09-466c-4c5e-bb8d-4dd2950d210f",
"Orgc": {
"name": "CIRCL",
"uuid": "55f6ea5e-2c60-40e5-964f-47a8950d210f"
},
"Tag": [
{
"colour": "#075200",
"local": "0",
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
},
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
}
],
"Attribute": [
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": false,
"type": "text",
"uuid": "58b7da24-68e0-4673-88cf-45a0950d210f",
"value": "Recently, we have discovered 132 Android apps on Google Play infected with tiny hidden IFrames that link to malicious domains in their local HTML pages, with the most popular one having more than 10,000 installs alone. Our investigation indicates that the developers of these infected apps are not to blame, but are more likely victims themselves. We believe it is most likely that the app developers\u00e2\u20ac\u2122 development platforms were infected with malware that searches for HTML pages and injects malicious content at the end of the HTML pages it finds. If this is this case, this is another situation where mobile malware originated from infected development platforms without developers\u00e2\u20ac\u2122 awareness. We have reported our findings to Google Security Team and all infected apps have been removed from Google Play.",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": "0",
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
}
]
},
{
"category": "External analysis",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": false,
"type": "link",
"uuid": "58b7da36-c774-40af-9de8-495e950d210f",
"value": "http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/",
"Tag": [
{
"colour": "#ffffff",
"local": "0",
"name": "tlp:white",
"relationship_type": ""
},
{
"colour": "#00223b",
"local": "0",
"name": "osint:source-type=\"blog-post\"",
"relationship_type": ""
},
{
"colour": "#075200",
"local": "0",
"name": "admiralty-scale:source-reliability=\"b\"",
"relationship_type": ""
}
]
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.awesome3dstreetart",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "sha256",
"uuid": "58b7dae4-c460-4021-8950-4872950d210f",
"value": "c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.awesomecheesecakeideas",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "sha256",
"uuid": "58b7dae5-0178-4517-b1f4-4381950d210f",
"value": "a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.babyroomdesignideas",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "sha256",
"uuid": "58b7dae6-99f4-49ac-8742-4572950d210f",
"value": "1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.backyardwoodprojects",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "sha256",
"uuid": "58b7dae7-d934-491e-bdcd-436e950d210f",
"value": "db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.bathroominteriordesigns",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "sha256",
"uuid": "58b7dae8-acdc-4414-976a-4b81950d210f",
"value": "28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.beautifulbotanicalgardens",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "sha256",
"uuid": "58b7dae9-a714-4d6e-962e-4d5d950d210f",
"value": "b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.bedroomdesign5d",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "sha256",
"uuid": "58b7dae9-6f88-40a3-a749-4c1f950d210f",
"value": "d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678"
},
{
"category": "Network activity",
"comment": "Malicious urls",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "url",
"uuid": "58b7dafd-a9e4-46df-a212-4b07950d210f",
"value": "www.Brenz.pl/rc/"
},
{
"category": "Network activity",
"comment": "Malicious urls",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "url",
"uuid": "58b7dafe-791c-46cc-b4f8-479b950d210f",
"value": "jL.chura.pl/rc/"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "domain",
"uuid": "58b7db1a-f024-417f-b30b-4a28950d210f",
"value": "brenz.pl"
},
{
"category": "Network activity",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "hostname",
"uuid": "58b7db1b-81a0-4fad-ac39-411d950d210f",
"value": "jl.chura.pl"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "mobile-application-id",
"uuid": "58b7db5c-24d0-4982-893b-4733950d210f",
"value": "com.aaronbalderapps.awesome3dstreetart"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "mobile-application-id",
"uuid": "58b7db5d-9bb0-4bc2-abf6-4927950d210f",
"value": "com.aaronbalderapps.awesomecheesecakeideas"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "mobile-application-id",
"uuid": "58b7db5e-2ee0-4683-a6e4-4556950d210f",
"value": "com.aaronbalderapps.babyroomdesignideas"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "mobile-application-id",
"uuid": "58b7db5f-3a44-4066-9df2-4fd5950d210f",
"value": "com.aaronbalderapps.backyardwoodprojects"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "mobile-application-id",
"uuid": "58b7db60-1c68-4da8-b68e-492d950d210f",
"value": "com.aaronbalderapps.bathroominteriordesigns"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "mobile-application-id",
"uuid": "58b7db61-a4a4-4f69-8012-4104950d210f",
"value": "com.aaronbalderapps.beautifulbotanicalgardens"
},
{
"category": "Payload delivery",
"comment": "",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444322",
"to_ids": true,
"type": "mobile-application-id",
"uuid": "58b7db62-58ec-47a1-8311-41b1950d210f",
"value": "com.aaronbalderapps.bedroomdesign5d"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.bedroomdesign5d - Xchecked via VT: d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444341",
"to_ids": true,
"type": "sha1",
"uuid": "58b7dbb5-6390-4bf1-9e09-476b02de0b81",
"value": "4e61c0e8c198ea73207462376b392c493adad5ce"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.bedroomdesign5d - Xchecked via VT: d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444342",
"to_ids": true,
"type": "md5",
"uuid": "58b7dbb6-ff50-44bb-9039-4da902de0b81",
"value": "9e6fa2164bc6af43451c2128e676d08f"
},
{
"category": "External analysis",
"comment": "com.aaronbalderapps.bedroomdesign5d - Xchecked via VT: d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444343",
"to_ids": false,
"type": "link",
"uuid": "58b7dbb7-d870-4686-8a2e-4ed102de0b81",
"value": "https://www.virustotal.com/file/d6289fa1384fab121e730b1dce671f404950e4f930d636ae66ded0d8eb751678/analysis/1482024647/"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.beautifulbotanicalgardens - Xchecked via VT: b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444344",
"to_ids": true,
"type": "sha1",
"uuid": "58b7dbb8-6ca8-49f6-9165-408802de0b81",
"value": "23423929bf8e7d1a28e6d019ab374076bb613185"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.beautifulbotanicalgardens - Xchecked via VT: b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444344",
"to_ids": true,
"type": "md5",
"uuid": "58b7dbb8-d2f0-4856-ba60-409b02de0b81",
"value": "db2f580568af363b091088b4b3a8b427"
},
{
"category": "External analysis",
"comment": "com.aaronbalderapps.beautifulbotanicalgardens - Xchecked via VT: b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444345",
"to_ids": false,
"type": "link",
"uuid": "58b7dbb9-fee4-4d23-901c-47bb02de0b81",
"value": "https://www.virustotal.com/file/b330de625777726fc1d70bbd5667e4ce6eae124bde00b50577d6539bca9d4ae5/analysis/1482024641/"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.bathroominteriordesigns - Xchecked via VT: 28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444346",
"to_ids": true,
"type": "sha1",
"uuid": "58b7dbba-5fe8-4b30-be42-467802de0b81",
"value": "6a024c7de79a5fa0af6acdf88f5f665a75e9e176"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.bathroominteriordesigns - Xchecked via VT: 28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444347",
"to_ids": true,
"type": "md5",
"uuid": "58b7dbbb-16d0-46a2-92b2-447f02de0b81",
"value": "10a97ac50e8965b6a666aa4304c93581"
},
{
"category": "External analysis",
"comment": "com.aaronbalderapps.bathroominteriordesigns - Xchecked via VT: 28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444347",
"to_ids": false,
"type": "link",
"uuid": "58b7dbbb-400c-40e0-9b27-431e02de0b81",
"value": "https://www.virustotal.com/file/28b16258244a23c82eff82ab0950578ebeb3a4947497b61e3b073b0f5f5e40ed/analysis/1481336217/"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.backyardwoodprojects - Xchecked via VT: db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444348",
"to_ids": true,
"type": "sha1",
"uuid": "58b7dbbc-e7a8-4edf-b5de-47b502de0b81",
"value": "e00529b31800ab2f0987ee7999f0b9dbe1a5a7a7"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.backyardwoodprojects - Xchecked via VT: db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444349",
"to_ids": true,
"type": "md5",
"uuid": "58b7dbbd-3d50-4b5c-8112-4aba02de0b81",
"value": "c92a2d02f0a610f4087c858f15955de6"
},
{
"category": "External analysis",
"comment": "com.aaronbalderapps.backyardwoodprojects - Xchecked via VT: db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444350",
"to_ids": false,
"type": "link",
"uuid": "58b7dbbe-0c1c-49db-b0bb-487102de0b81",
"value": "https://www.virustotal.com/file/db95c87da09bdedb13430f28983b98038f190bfc0cb40f4076d8ee1c2d14dae6/analysis/1481336222/"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.babyroomdesignideas - Xchecked via VT: 1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444350",
"to_ids": true,
"type": "sha1",
"uuid": "58b7dbbe-58a8-4f50-ac23-4f3102de0b81",
"value": "904ae08d33f1c01262f0ac2e4489782066c7ef26"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.babyroomdesignideas - Xchecked via VT: 1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444351",
"to_ids": true,
"type": "md5",
"uuid": "58b7dbbf-c7c0-45a6-b750-481c02de0b81",
"value": "d53a2f554d00026bd9af5d4d33764357"
},
{
"category": "External analysis",
"comment": "com.aaronbalderapps.babyroomdesignideas - Xchecked via VT: 1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444352",
"to_ids": false,
"type": "link",
"uuid": "58b7dbc0-1754-4970-bdb8-4e6402de0b81",
"value": "https://www.virustotal.com/file/1d5878dce6d39d59d36645e806278396505348bddf602a8e3b1f74b0ce2bfbe8/analysis/1488422194/"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.awesomecheesecakeideas - Xchecked via VT: a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444353",
"to_ids": true,
"type": "sha1",
"uuid": "58b7dbc1-fb38-42bb-aac3-422402de0b81",
"value": "592c497851b9604b1575413f637479a6b330819e"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.awesomecheesecakeideas - Xchecked via VT: a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444354",
"to_ids": true,
"type": "md5",
"uuid": "58b7dbc2-ddd4-44fb-867f-4a9d02de0b81",
"value": "2894e4f2f66d5f85d561dde63a6f7b33"
},
{
"category": "External analysis",
"comment": "com.aaronbalderapps.awesomecheesecakeideas - Xchecked via VT: a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444355",
"to_ids": false,
"type": "link",
"uuid": "58b7dbc3-da58-4150-91c0-499002de0b81",
"value": "https://www.virustotal.com/file/a49ac5a97a7bac7d437eed9edcf52a72212673a6c8dc7621be22c332a1a41268/analysis/1468332857/"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.awesome3dstreetart - Xchecked via VT: c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444356",
"to_ids": true,
"type": "sha1",
"uuid": "58b7dbc4-afd8-4732-839b-406802de0b81",
"value": "5ca403bf95c84f093cfb239a2e3c15bc78e94466"
},
{
"category": "Payload delivery",
"comment": "com.aaronbalderapps.awesome3dstreetart - Xchecked via VT: c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444357",
"to_ids": true,
"type": "md5",
"uuid": "58b7dbc5-c380-47b8-a7c4-41fe02de0b81",
"value": "365f63f870712a0046474c200737cff2"
},
{
"category": "External analysis",
"comment": "com.aaronbalderapps.awesome3dstreetart - Xchecked via VT: c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61",
"deleted": false,
"disable_correlation": false,
"timestamp": "1488444358",
"to_ids": false,
"type": "link",
"uuid": "58b7dbc6-fe44-4108-960f-4cb002de0b81",
"value": "https://www.virustotal.com/file/c6e27882060463c287d1a184f8bc0e3201d5d58719ef13d9ab4a22a89400cf61/analysis/1488422159/"
}
]
}
}