{
  "Event": {
    "analysis": "2",
    "date": "2022-09-15",
    "extends_uuid": "",
    "info": "[Threat Intel] Scam Android app steals Bank Credentials and SMS: MyPetronas APK",
    "protected": false,
    "publish_timestamp": "1780040008",
    "published": true,
    "threat_level_id": "2",
    "timestamp": "1772902013",
    "uuid": "1593737f-2ea7-4979-9ae0-0cf117af1c26",
    "Orgc": {
      "name": "Rectifyq",
      "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"
    },
    "Tag": [
      {
        "colour": "#ffffff",
        "local": false,
        "name": "tlp:clear",
        "relationship_type": ""
      },
      {
        "colour": "#004646",
        "local": false,
        "name": "type:OSINT",
        "relationship_type": ""
      },
      {
        "colour": "#49a260",
        "local": false,
        "name": "rectifyq:category=\"threat\"",
        "relationship_type": ""
      },
      {
        "colour": "#130049",
        "local": false,
        "name": "rectifyq:sub-category=\"campaign-analysis\"",
        "relationship_type": ""
      },
      {
        "colour": "#d92121",
        "local": false,
        "name": "rectifyq:target=\"targeted\"",
        "relationship_type": ""
      },
      {
        "colour": "#dd2e44",
        "local": false,
        "name": "rectifyq:MY-relevancy=\"relevant\"",
        "relationship_type": ""
      },
      {
        "colour": "#b94b1d",
        "local": false,
        "name": "rectifyq:mitre-att&ck=\"none-from-src\"",
        "relationship_type": ""
      },
      {
        "colour": "#915448",
        "local": false,
        "name": "misp-galaxy:target-information=\"Malaysia\"",
        "relationship_type": ""
      },
      {
        "colour": "#0088cc",
        "local": false,
        "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"f8334ef2-9d35-48de-aa5e-bcdcd4c4d714\"",
        "relationship_type": ""
      },
      {
        "colour": "#626567",
        "local": false,
        "name": "rectifyq:no-samples-in=\"MalwareBazaar\"",
        "relationship_type": ""
      },
      {
        "colour": "#170059",
        "local": false,
        "name": "rectifyq:topic=\"mobile-attack\"",
        "relationship_type": ""
      }
    ],
    "Attribute": [
      {
        "category": "External analysis",
        "comment": "",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759099",
        "to_ids": false,
        "type": "link",
        "uuid": "3f7a3b65-21a2-43c1-ac64-9ae4a8e46455",
        "value": "https://notes.netbytesec.com/2022/09/scam-android-app-steals-bank.html"
      },
      {
        "category": "Payload delivery",
        "comment": "No sample in VT\r\nLast check:29/04/2025",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1745908765",
        "to_ids": true,
        "type": "md5",
        "uuid": "81a12b1c-6363-46f6-9dbd-51bc3d1903d8",
        "value": "f7d4a2b5fdb45c258fccd3059d12fee9",
        "Tag": [
          {
            "colour": "#260091",
            "local": false,
            "name": "rectifyq:ioc=\"enriched\"",
            "relationship_type": ""
          },
          {
            "colour": "#626567",
            "local": false,
            "name": "rectifyq:no-samples-in=\"VirusTotal\"",
            "relationship_type": ""
          },
          {
            "colour": "#626567",
            "local": false,
            "name": "rectifyq:no-samples-in=\"MalwareBazaar\"",
            "relationship_type": ""
          }
        ]
      },
      {
        "category": "Network activity",
        "comment": "Landing page",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759823",
        "to_ids": true,
        "type": "domain",
        "uuid": "dccbfc42-8da9-45a0-89fa-8893a1f66cc1",
        "value": "pt-gift.store"
      },
      {
        "category": "Network activity",
        "comment": "retrieve banking information",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759823",
        "to_ids": true,
        "type": "domain",
        "uuid": "2168703a-5cf8-4a0f-ac87-3c341f296085",
        "value": "gpost996.online"
      },
      {
        "category": "Network activity",
        "comment": "retrieve user information",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759823",
        "to_ids": true,
        "type": "domain",
        "uuid": "e16e667b-620b-422e-afd3-1ce95a277257",
        "value": "lapks.online"
      },
      {
        "category": "Network activity",
        "comment": "retrieve SMS",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759823",
        "to_ids": true,
        "type": "domain",
        "uuid": "0de94918-8384-4221-9f4b-109bd7bc7a8f",
        "value": "sgbx.online"
      },
      {
        "category": "Network activity",
        "comment": "Post user information to C&C server",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759823",
        "to_ids": true,
        "type": "url",
        "uuid": "08df058e-4c73-4f69-ab77-b9f512ae6458",
        "value": "https://lapks.online/skyblue_888a/api/api.php?post_order"
      },
      {
        "category": "Network activity",
        "comment": "Post online banking credential to C&C server",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759823",
        "to_ids": true,
        "type": "url",
        "uuid": "c03e4015-2e37-4010-94cc-135cf1a72b0a",
        "value": "https://gpost996.online/post.php"
      },
      {
        "category": "Network activity",
        "comment": "Post SMS data to C&C server",
        "deleted": false,
        "disable_correlation": false,
        "timestamp": "1740759823",
        "to_ids": true,
        "type": "url",
        "uuid": "dadf388c-3a82-4599-ba9f-3f18300e0c52",
        "value": "https://sgbx.online?pass=app168&cmd=sms&sid=%1$s&sms=%2$s"
      }
    ]
  }
}