{ "Event": { "analysis": "1", "date": "2022-04-06", "extends_uuid": "", "info": "[Threat Intel] Fake E-shops on the prowl for banking credentials using Android malware", "protected": false, "publish_timestamp": "1772901945", "published": true, "threat_level_id": "2", "timestamp": "1772901944", "uuid": "1fde6563-28ae-40bc-b7cc-4909f1aaf1aa", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#8c387c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Prompt - T1411\"", "relationship_type": "" }, { "colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": "" }, { "colour": "#85feae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1437\"", "relationship_type": "" }, { "colour": "#586753", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade as Legitimate Application - T1444\"", "relationship_type": "" }, { "colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736667626", "to_ids": false, "type": "link", "uuid": "f270a842-273e-440b-91a3-ceb1a59dfec8", "value": "https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736667626", "to_ids": false, "type": "text", "uuid": "1f40c991-5d07-4852-8747-8f5fbfbf2a7c", "value": "Cybercriminals are exploiting the growing popularity of online shopping by tricking potential victims into downloading malware, according to research by ESET security researchers in May 2022 and published in the International Security Journal." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736667626", "to_ids": false, "type": "text", "uuid": "5d03c407-ce21-434a-a74b-1753c548b514", "value": "Name: Fake E-shops on the prowl for banking credentials using Android malware\nAuthor: AlienVault\nAdversary: \nTags: [\"Fake e-shop\", \"copycat\", \"Google Play\", \"Banking credentials\"]\nTgtd countries: [\"Malaysia\"]\nMlwr families: []\nAttack_ids: [\"T1411\", \"T1412\", \"T1437\", \"T1444\", \"T1476\"]\nIndustries: [\"Banking\"]" }, { "category": "Network activity", "comment": "Malicious app impersonating Grabmaid service C2", "deleted": false, "disable_correlation": false, "timestamp": "1740275148", "to_ids": true, "type": "domain", "uuid": "1417f5ad-05b0-43c9-88bb-98f273f18db3", "value": "muapks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious app impersonated Maria\u2019s Cleaning service C2", "deleted": false, "disable_correlation": false, "timestamp": "1740275169", "to_ids": true, "type": "domain", "uuid": "04adf771-dfdc-428f-9b43-91eceb942051", "value": "m4apks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious app impersonating Maid4u service C2", "deleted": false, "disable_correlation": false, "timestamp": "1740275190", "to_ids": true, "type": "domain", "uuid": "caf2eeb2-fc05-44e8-b707-0b3671e98fbc", "value": "maid4uapks90.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious app impersonating MaidACall service C2", "deleted": false, "disable_correlation": false, "timestamp": "1740275211", "to_ids": true, "type": "domain", "uuid": "1ab96189-6961-4316-a312-4d5847e48165", "value": "grabsapks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious app impersonating MaidACall service C2", "deleted": false, "disable_correlation": false, "timestamp": "1740275232", "to_ids": true, "type": "domain", "uuid": "37d438d6-222d-4324-be50-4f0df7884a9e", "value": "grabmyapks90.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious app impersonating YourMaid service C2", "deleted": false, "disable_correlation": false, "timestamp": "1740275253", "to_ids": true, "type": "domain", "uuid": "d99cc790-41d1-49e5-bbcd-41a5ac7dea5a", "value": "grabmaidsapks80.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malicious app impersonating Maid4u service C2", "deleted": false, "disable_correlation": false, "timestamp": "1740272518", "to_ids": true, "type": "ip-dst|port", "uuid": "48cdd036-2a32-43bf-b358-af646a000459", "value": "124.217.246.203|8099" }, { "category": "Network activity", "comment": "token2[.]club Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275275", "to_ids": true, "type": "ip-dst", "uuid": "ad897e26-f8e6-45f4-8e5b-e01d24c68049", "value": "185.244.150.159", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "token2[.]club Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275296", "to_ids": true, "type": "domain", "uuid": "25dace41-c895-498a-a966-706b4f04bf3d", "value": "token2.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "grabamaid-my[.]online Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275317", "to_ids": true, "type": "ip-dst", "uuid": "81e4c137-2bb9-4bad-8f9a-6c449bfe5d41", "value": "194.195.211.26", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "grabamaid-my[.]online Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275338", "to_ids": true, "type": "domain", "uuid": "fb78877c-a7c6-4293-854f-74de82e18c0f", "value": "grabamaid-my.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "maidacalls[.]online Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275360", "to_ids": true, "type": "ip-dst", "uuid": "14e8a025-9ad3-4970-8f5a-1782380b5c46", "value": "172.67.177.79", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "maidacalls[.]online Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275381", "to_ids": true, "type": "domain", "uuid": "a909ac66-95a8-4f09-8fe3-5b2d6b7e4d8d", "value": "maidacalls.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "petsmore[.]online & grabsapks[.]online & muapks[.]online Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275402", "to_ids": true, "type": "ip-dst", "uuid": "829bb7f3-bf80-45de-8c0a-0bfe4a9207e0", "value": "172.67.205.26", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "petsmore[.]online Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275423", "to_ids": true, "type": "domain", "uuid": "ee22ea3d-7513-49bc-9999-2467c826d974", "value": "petsmore.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleangmy[.]site Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275445", "to_ids": true, "type": "ip-dst", "uuid": "7810bde9-17b8-464e-9fc6-0d71c85f8357", "value": "172.67.174.195", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleangmy[.]site Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275467", "to_ids": true, "type": "domain", "uuid": "9929dcb3-7af6-4a40-ae9e-afc252308e50", "value": "cleangmy.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "my-maid4us[.]site Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275488", "to_ids": true, "type": "domain", "uuid": "193d2372-56bc-4140-89e4-db7634788884", "value": "my-maid4us.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "yourmaid[.]online Distribution website", "deleted": false, "disable_correlation": false, "timestamp": "1740275509", "to_ids": true, "type": "domain", "uuid": "7696c6d8-7884-48cf-800d-1d4eb23cbf43", "value": "yourmaid.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "grabmyapks90[.]online C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275530", "to_ids": true, "type": "ip-dst", "uuid": "e7ba008e-a780-4ab4-8ea2-92a942765293", "value": "104.21.19.184", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "m4apks[.]online C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275551", "to_ids": true, "type": "ip-dst", "uuid": "304052d7-1bb7-47f0-902d-418f0637c86b", "value": "104.21.29.168", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "maid4uapks90[.]online C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275573", "to_ids": true, "type": "ip-dst", "uuid": "3293eb8d-61b4-4e4e-a04e-b60b79e996d1", "value": "172.67.208.54", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "grabmaidsapks80[.]online C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275594", "to_ids": true, "type": "ip-dst", "uuid": "c420029b-3fb7-46a6-a217-5d3a850f62cf", "value": "172.67.161.142", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "puapks[.]online C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275615", "to_ids": true, "type": "ip-dst", "uuid": "43f0337e-718e-4f9e-9874-21aa1e6b8a4c", "value": "2.57.90.16", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "puapks[.]online C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275636", "to_ids": true, "type": "domain", "uuid": "8e12eb75-0355-40d2-80a5-4bbd4026030f", "value": "puapks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "124.217.246[.]203:8099 C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275657", "to_ids": true, "type": "ip-dst", "uuid": "18ce0488-6779-4763-86ac-b7620a409331", "value": "124.217.246.203", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "meapks[.]xyz C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275678", "to_ids": true, "type": "ip-dst", "uuid": "5a6c08df-0746-4d9c-b769-9e446332b9a8", "value": "172.67.166.180", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "meapks[.]xyz C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1740275699", "to_ids": true, "type": "domain", "uuid": "86f91197-8651-4e6d-9d23-f5cfd4923d4f", "value": "meapks.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275720", "uuid": "177fb295-eb56-47ca-80a3-6d7b3ee5d6dd", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Grabmaid service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275720", "to_ids": true, "type": "md5", "uuid": "5b887944-183a-4ca3-bbc1-84689f5820a7", "value": "cb66d916831de128ccb2fcd458067a7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Grabmaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274747", "to_ids": true, "type": "sha1", "uuid": "6482ca66-82ec-4284-84b8-6b8589c4b736", "value": "abc7f3031bec7cadd4384d49750665a1899fa3d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Grabmaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274747", "to_ids": true, "type": "sha256", "uuid": "f5e9467e-2d6d-4008-a52d-4b794dcca58b", "value": "9b4a0019e7743a46b49a4d8704ffd6e064db2e5d8db6da4056f7eae5369e16f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274055", "to_ids": true, "type": "ssdeep", "uuid": "30c736b1-2789-438b-ab46-6c9b7bc71f0b", "value": "98304:BLZP3IE1zfrThqoYG10JPoM4a80tlIAyf2yQd/kxLKW7e:BLR4PgWVenyl7cpiSnC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274055", "to_ids": false, "type": "size-in-bytes", "uuid": "73ed907f-a750-4767-b178-dcfa04bc8663", "value": "3992079" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274055", "to_ids": true, "type": "vhash", "uuid": "556d9f93-9005-47df-9200-204a03294674", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274055", "to_ids": true, "type": "filename", "uuid": "c188f8b9-16ec-4cb5-91dd-30525972634e", "value": "grabmaid.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 03/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274055", "to_ids": false, "type": "text", "uuid": "7f36acb5-b454-4c83-9220-bd17446acb7f", "value": "Malicious app impersonating Grabmaid service.\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275741", "uuid": "c7a9729f-8256-4f39-a4bf-b04cae6b7c84", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonated Maria\u2019s Cleaning service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275741", "to_ids": true, "type": "md5", "uuid": "150edf7c-89de-494b-bea3-13920c27fb5f", "value": "8183862465529f6a46aed60e1b2eae52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonated Maria\u2019s Cleaning service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274748", "to_ids": true, "type": "sha1", "uuid": "d709d0d2-3497-4dc5-8445-a3d9c537fa7a", "value": "beddfe5a26811dccca7938d00686f8f745424f57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonated Maria\u2019s Cleaning service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274748", "to_ids": true, "type": "sha256", "uuid": "08a0f3e2-7336-4fa4-b55a-aa85fabe8dba", "value": "e949bac52d39b6e207a7943ec778d96d8811fb63d4a037f70e5b6e6706a12986", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274077", "to_ids": true, "type": "ssdeep", "uuid": "68b89984-5db2-4a73-b09e-a951a5f55d78", "value": "98304:ELjoqoYG10JPoM4a80tlIAyf2yQd/kxLKW7x51zfrTR:ELjngWVenyl7cpiSnH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274077", "to_ids": false, "type": "size-in-bytes", "uuid": "d0baac2d-8eec-4a38-9ce8-7ee96cc21c59", "value": "4549135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274077", "to_ids": true, "type": "vhash", "uuid": "93a29c73-c39e-44d7-8d26-bcfe59cab4fe", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274077", "to_ids": true, "type": "filename", "uuid": "1a38216a-96ae-4969-b3c6-dcd84c354d05", "value": "mycleaningservice.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 04/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274077", "to_ids": false, "type": "text", "uuid": "e70a9947-8424-4ce0-8836-8c17523f7313", "value": "Malicious app impersonated Maria\u2019s Cleaning service.\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275762", "uuid": "5bd30977-113b-4b79-807c-ba3f8a5cd764", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275762", "to_ids": true, "type": "md5", "uuid": "2c4e8202-072f-4ef6-a321-e3873b141119", "value": "b6845141ec0f4665a90fb16598f56fac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274750", "to_ids": true, "type": "sha1", "uuid": "098f03cb-eac0-473c-946e-a2c62a33bbe4", "value": "1c984fb282253a64f11ee4576355c1d5efbee772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274750", "to_ids": true, "type": "sha256", "uuid": "7bc9d1a4-d70f-440b-82f3-c5a6264936ac", "value": "d1017952d1ef0ceec6c2c766d2c794e8cc4fb61b2ffa10ed6b6228e8cadf0b39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274099", "to_ids": true, "type": "ssdeep", "uuid": "e5b8cdf1-0061-4c18-b807-8fe2e2e04151", "value": "98304:xIZl1zfrT3qoYG10JPoM4a80tlIAyf2yQd/kxLKW7U:xIkgWVenyl7cpiSnI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274099", "to_ids": false, "type": "size-in-bytes", "uuid": "84fb0879-f12f-469f-a004-8032497691a3", "value": "3877391" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274099", "to_ids": true, "type": "vhash", "uuid": "5378bcda-4e0a-46eb-9724-6e79c734f650", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274099", "to_ids": true, "type": "filename", "uuid": "66f00ea8-ab14-4b17-8d93-c10d312099ca", "value": "maids4u.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 10/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274099", "to_ids": false, "type": "text", "uuid": "0b9fe606-a710-4277-90f4-8ebfc8d509e3", "value": "Malicious app impersonating Maid4u service.\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275783", "uuid": "bedd640f-830e-4b64-ba2b-5ddd8654f549", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275783", "to_ids": true, "type": "md5", "uuid": "d5171594-e2ae-4aea-be39-9b414fc1dc53", "value": "43727320e8bf756fe18db37483dad0a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274751", "to_ids": true, "type": "sha1", "uuid": "29c80cf3-4f6f-483a-ba2d-4ab38b61006f", "value": "e39c485f24d239867287dcd468fc813fdb5b7db6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274751", "to_ids": true, "type": "sha256", "uuid": "b134be3b-4d5c-4ba0-98ef-15a1b5c82e49", "value": "5f8a54d54e25400f52ce317bfdbbc866e11ea784ab2d5e3bd0a082a53c6b2d7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274122", "to_ids": true, "type": "ssdeep", "uuid": "1ceea5f0-b3c7-456b-a24f-75063d706eea", "value": "98304:YwKoGCBUBIyTyuqQ+ZVa89g4iAlcRNQiHfrmYt:YwKwBUBTTaHa4g4iAlcRa8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274122", "to_ids": false, "type": "size-in-bytes", "uuid": "c32bd30f-cc9b-4d86-a7de-80c9e626e847", "value": "4186776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274122", "to_ids": true, "type": "vhash", "uuid": "0a8327fb-95ec-4110-a89f-ec48a5267c98", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274122", "to_ids": true, "type": "filename", "uuid": "efa65017-ff6e-4335-8540-490f5edbf4bf", "value": "maidacall.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 06/04/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274122", "to_ids": false, "type": "text", "uuid": "5b944e37-1cb7-465d-b925-02569a8f43ec", "value": "Malicious app impersonating MaidACall service.\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/SMSSpy.F!MTB\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275804", "uuid": "0b30e7dd-d1dc-46a3-8fb5-40b93d185bf2", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275804", "to_ids": true, "type": "md5", "uuid": "20862a03-dcee-4d29-bd8f-bb48005f88bb", "value": "c51bc547a40034f4828c72f37f2f1f39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274753", "to_ids": true, "type": "sha1", "uuid": "36d28b03-ccbb-43da-8bc1-de6a39d9e079", "value": "1d33f53e2e9268874944c2f52e31ccaf2bf46a93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274753", "to_ids": true, "type": "sha256", "uuid": "fbd8fce9-6dc3-49ea-bcd6-eade6c49090d", "value": "d8be8f7b8b224fca2bb3e7632f6b97b67a74202dc4456f8a79a8856b478c0c6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274144", "to_ids": true, "type": "ssdeep", "uuid": "8c71a279-97b6-45a3-94f8-530ce292c4e3", "value": "98304:dR/1zfrT9qoYG10JPoM4a80tlIAyf2yQd/kxLKW7o:dRegWVenyl7cpiSnc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274144", "to_ids": false, "type": "size-in-bytes", "uuid": "81b5483e-d4ff-4267-b739-a1551dd10270", "value": "3742223" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274144", "to_ids": true, "type": "vhash", "uuid": "87d341d3-3986-438a-ae34-803951867a4a", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274144", "to_ids": true, "type": "filename", "uuid": "650b433b-5f51-4dbf-a2f4-cb595476bdd6", "value": "tmphzC3yc.tmp" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 03/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274144", "to_ids": false, "type": "text", "uuid": "ebdaa7b7-b619-4af6-9fbd-893912a030d7", "value": "Malicious app impersonating MaidACall service.\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:33/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275826", "uuid": "70f414d2-3ca2-4ba2-b1ab-1b6fbe24a6f7", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275826", "to_ids": true, "type": "md5", "uuid": "916fb3f3-5602-4675-991a-8b282e99abf2", "value": "4bec6a07e881db1a950367beb1702ada", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274754", "to_ids": true, "type": "sha1", "uuid": "82ad1734-8a14-49b6-8591-1d594672be2c", "value": "9a5a57bf49dbbef2e66fee98e5c97b0276d03d28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274754", "to_ids": true, "type": "sha256", "uuid": "f2156549-d401-42b1-878c-2b10fd9a7bfe", "value": "a5c7373be95571418c41af0de6a03ce78e82bc1f432e662c0dc42b988640e678", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274166", "to_ids": true, "type": "ssdeep", "uuid": "42927de4-97bf-4a41-855b-20d648742cc6", "value": "98304:B4ISKjzfrTqqoYG10JPoM4a80tlIAyf2yQd/kxLKW7B:yISqgWVenyl7cpiSnd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274166", "to_ids": false, "type": "size-in-bytes", "uuid": "00682807-07f0-40c1-982b-2a625742d44f", "value": "3758607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274166", "to_ids": true, "type": "vhash", "uuid": "bb08cbd4-f083-4d4b-b7d9-97f899e09681", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274166", "to_ids": true, "type": "filename", "uuid": "729b0769-10f4-48ba-a33b-2070514a7a43", "value": "tmpljxilP.tmp" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 03/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274166", "to_ids": false, "type": "text", "uuid": "f0b34680-e636-499c-8473-1d4e3cb7b5c7", "value": "Malicious app impersonating PetsMore service.\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275848", "uuid": "5c922b2a-832d-419b-a15f-acf2f99c7941", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275848", "to_ids": true, "type": "md5", "uuid": "ab79033d-ba76-4d3c-84d6-6a748bd38ddc", "value": "4fd6255562b2a29c974235fd21b8d110", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274756", "to_ids": true, "type": "sha1", "uuid": "5dff426f-9005-4bec-9af0-0677ddb9ba71", "value": "ba78b1177c3e2a569a665611e7684bceeaf2168f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274756", "to_ids": true, "type": "sha256", "uuid": "6738e95d-3abe-43c4-977a-05f68948b92c", "value": "dff93fd8f3bc26944962a56cb6b31246d2121ae703298a86f20ea9e8967f6510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274188", "to_ids": true, "type": "ssdeep", "uuid": "279c60d3-3577-4658-8c0a-64be60c0997c", "value": "98304:qRSE1zfrT3qoYG10JPoM4a80tlIAyf2yQd/kxLKW7+fY:qRSVgWVenyl7cpiSnd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274188", "to_ids": false, "type": "size-in-bytes", "uuid": "1c6534a2-143e-4600-89a3-85c67fe4be4b", "value": "3762605" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274188", "to_ids": true, "type": "vhash", "uuid": "2f30cbe6-5449-41ec-a125-7c12f8f5cdd8", "value": "cb1ce0cec73f026f3444dfde160eccab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274188", "to_ids": true, "type": "filename", "uuid": "1dcde69f-49f6-486c-a007-6cc6bc6d903e", "value": "4fd6255562b2a29c974235fd21b8d110.virus" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 11/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274188", "to_ids": false, "type": "text", "uuid": "3d224f5b-857e-44b9-b726-7840c9a948f2", "value": "Malicious app impersonating PetsMore service.\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275869", "uuid": "4a6515f4-52c7-4c41-bc32-34f3f16cd202", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating YourMaid service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275869", "to_ids": true, "type": "md5", "uuid": "0a28f09a-be02-47eb-90ed-01abc477e24e", "value": "c7dcbd2b7f147a6450c62a8d67207465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating YourMaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274757", "to_ids": true, "type": "sha1", "uuid": "16ad341e-9ab8-4a1a-86e7-aa1e962144b1", "value": "0e910ad1c33bef86c9fdbbe4654421398e694329", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating YourMaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274758", "to_ids": true, "type": "sha256", "uuid": "1aa1ce6f-8d5f-4d07-a354-fdae5a03bb7f", "value": "a091b15f008b117167a17a8db4c19e60bd9c99f1047bc82d60e3fd42157333ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274210", "to_ids": true, "type": "ssdeep", "uuid": "77bd412d-20de-4432-ad63-2ccb16c800e4", "value": "98304:GRam1zfrTPqoYG10JPoM4a80tlIAyf2yQd/kxLKW7Fki:GRavgWVenyl7cpiSnai" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274210", "to_ids": false, "type": "size-in-bytes", "uuid": "0192e335-1cd2-4dc4-b37e-87f493a477a5", "value": "3824143" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274210", "to_ids": true, "type": "vhash", "uuid": "802a388e-e185-43ec-bca0-06b4c77ea802", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274210", "to_ids": true, "type": "filename", "uuid": "925ca95f-1e7e-445f-b1b9-3219cb347abd", "value": "yourmaid.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 03/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274210", "to_ids": false, "type": "text", "uuid": "abb5e0b8-10a1-4e61-9c48-0514062f8f5b", "value": "Malicious app impersonating YourMaid service.\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275890", "uuid": "1b56b028-ed0c-4a82-96ce-b5edce78b2c8", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275890", "to_ids": true, "type": "md5", "uuid": "a8ae4e25-bda3-41ff-b121-bc8c988896b4", "value": "71341fc2958e65d208f2770185c61d7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274759", "to_ids": true, "type": "sha1", "uuid": "19953cc4-86ca-43f2-b7b2-9471ae204b03", "value": "5237d3fae84bb5d611c80338cf02eb3793c30f02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274759", "to_ids": true, "type": "sha256", "uuid": "151d8b63-93de-4cea-9d5d-8f61f08e427d", "value": "4904c26e90dc4d18ad6a2d291af2cd61390661b628f202abfeddf8056502f64a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274232", "to_ids": true, "type": "ssdeep", "uuid": "056f4486-0bb3-477d-90c0-b9ca1b76043c", "value": "196608:zRQywmVcRaOnRL60KsNfHSseXZ+l+FE2klYKRDER:zPwmgRLNKkSp+llYKRDER" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274232", "to_ids": false, "type": "size-in-bytes", "uuid": "a26cfd92-d631-4659-97f2-b2b8fdfe257f", "value": "6807974" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274232", "to_ids": true, "type": "vhash", "uuid": "d86bb1c1-4088-44bd-8b73-4a9e8e224602", "value": "65999a4be68dd0420f46076ea3c92b89" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274232", "to_ids": true, "type": "filename", "uuid": "1fc3ba59-d7ba-4554-8c99-eb3092fcbf1c", "value": "71341fc2958e65d208f2770185c61d7a.virus" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 12/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274232", "to_ids": false, "type": "text", "uuid": "9e672166-6dc4-4b31-ac7e-c70bdf9110e7", "value": "Malicious app impersonating Maid4u service.\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740275911", "uuid": "494e5589-0bd3-4ad0-9be6-f668b917bcca", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Maideasy service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740275911", "to_ids": true, "type": "md5", "uuid": "4e99fc7c-efbc-48d5-8c05-a845f1480752", "value": "cf3b20173330fea53e911a229a38a4bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maideasy service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740274760", "to_ids": true, "type": "sha1", "uuid": "b7719424-a691-4e53-95e4-83d421cf45b5", "value": "b42cd5ec736fcc0d51a1d05652631be50c9456a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maideasy service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740274761", "to_ids": true, "type": "sha256", "uuid": "6ab3dd4f-ed72-4814-adcd-505d15de656f", "value": "6db2d526c3310fad6c857aa1310f74dc0a5fe21402e408937330827aca2879b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740274253", "to_ids": true, "type": "ssdeep", "uuid": "ac636655-48ac-4b67-ba19-e6f706dd2a1d", "value": "98304:pAVi8Szfr/TGR6mnMy3Sz+uQvzBXzBQDyj0:yV5RVvo1uzJzBWyA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740274253", "to_ids": false, "type": "size-in-bytes", "uuid": "18acc011-14ce-47b7-9686-9c33bf6b0130", "value": "3770905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740274253", "to_ids": true, "type": "vhash", "uuid": "fe3014cb-bc98-4e7f-8cb2-531ae3d4e51e", "value": "cb1ce0cec73f026f3444dfde160eccab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740274253", "to_ids": true, "type": "filename", "uuid": "1042cada-001a-4239-8529-8a254190102b", "value": "tmpAaOnLb.tmp" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 12/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740274253", "to_ids": false, "type": "text", "uuid": "49a97fc2-80d0-426c-acf4-f2ccf05e17d0", "value": "Malicious app impersonating Maideasy service.\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Piom.K\nVT Total Detection:25/64" } ] } ] } }