{ "Event": { "analysis": "2", "date": "2023-06-23", "extends_uuid": "", "info": "[Threat Intel] SMS Stealer APK use \"Kahwin\" theme targeting Malaysian: Kad Kahwin Digital APK", "protected": false, "publish_timestamp": "1780040151", "published": true, "threat_level_id": "2", "timestamp": "1772902029", "uuid": "2c2e2c6d-e317-41c1-a232-b49d647b84d0", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": "" }, { "colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740787403", "to_ids": false, "type": "link", "uuid": "e2d0f149-c86d-4246-aa6d-b475195ade78", "value": "https://notes.netbytesec.com/2023/06/kahwin-sms-stealer-target-Malaysia.html" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740787479", "to_ids": false, "type": "link", "uuid": "a3c66556-97b8-4918-8581-78a03bea007a", "value": "https://www.nst.com.my/news/nst-viral/2023/06/921637/nstviral-watch-out-wedding-invitation-scam" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740787585", "to_ids": false, "type": "link", "uuid": "20bdbf22-2e92-4cd1-8a60-09aa601e401b", "value": "https://www.buletintv3.my/nasional/kad-kahwin-digital-taktik-baru-scammer-kebas-duit-warga-emas1111/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740787604", "to_ids": false, "type": "link", "uuid": "9c07958b-8cf6-40ac-86cf-8a3ee0d215a6", "value": "https://www.mycert.org.my/portal/advisory?id=MA-950.062023" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747025898", "uuid": "52bae71b-f830-40b8-a441-1dc21b6a9306", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747025898", "to_ids": true, "type": "md5", "uuid": "050aaa5c-09fc-4ae7-aad4-909a194d02f5", "value": "a21bc85e2275c90305d9a2a14d7a6664", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025171", "to_ids": true, "type": "sha1", "uuid": "d74a7b06-f17e-4750-b656-89042d6926c9", "value": "a5e22c9a97ebd7ca3f14d11341b0fbc093221ccb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025171", "to_ids": true, "type": "sha256", "uuid": "9519c56c-35d5-40b3-ba70-8cb56d18bb19", "value": "982b360b0cf8fcd0dec00f233cdeeb191876d4301dd8e62e75ff2909a5b03cfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025171", "to_ids": true, "type": "ssdeep", "uuid": "4fbd8848-91ec-459d-8563-454a8b27b78e", "value": "98304:drLjxGCRjYQVo5Q354mtJXixGctins9T+IjKEvBTI7T8Y:VjQejYQV0wtJSVcns9NjKEVIHp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025171", "to_ids": false, "type": "size-in-bytes", "uuid": "9671824d-4aaa-4da1-949c-cc86e8dda048", "value": "5160777" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025171", "to_ids": true, "type": "vhash", "uuid": "86303456-67fa-474f-a891-4087464a613c", "value": "289cf546b2a9a1a6a284218017edb5d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025171", "to_ids": true, "type": "filename", "uuid": "14e3a4e6-5f41-42c3-938f-13acc0e08d5c", "value": "KAD KAHWIN DIGITAL.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 09/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025171", "to_ids": false, "type": "text", "uuid": "59e47d8f-a62d-4418-9a79-126c91b7cff2", "value": "Type Description: Android\nMicrosoft: Trojan:AndroidOS/SmsSpy.M\nVT Total Detection:25/64\nFirst Submission:2023-06-22T01:48:55.000000+00:00\nLast Submission:2025-05-11T06:53:27.000000+00:00" } ] } ] } }