{ "Event": { "analysis": "2", "date": "2023-07-28", "extends_uuid": "", "info": "[Threat Intel] Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns", "protected": false, "publish_timestamp": "1780040155", "published": true, "threat_level_id": "3", "timestamp": "1772902030", "uuid": "594728ee-92ad-4f92-9f47-358cce216ba9", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#d6740b", "local": false, "name": "misp-galaxy:target-information=\"Uganda\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740787916", "to_ids": false, "type": "link", "uuid": "90560996-b11f-47f6-bb36-b3e500bb5e4f", "value": "https://www.trendmicro.com/en_us/research/23/g/cherryblos-and-faketrade-android-malware-involved-in-scam-campai.html" }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1747026051", "to_ids": true, "type": "hostname", "uuid": "9d51cd11-a73b-4c41-87cc-6646f9f2f7d3", "value": "008c.hugeversapi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing", "deleted": false, "disable_correlation": false, "timestamp": "1747026072", "to_ids": true, "type": "domain", "uuid": "7e525a3c-f026-4cd3-b6e2-ab98e062af8f", "value": "chatgptc.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1747026093", "to_ids": true, "type": "hostname", "uuid": "6babda4f-5d0e-459d-bde6-6a5c93fa278d", "value": "gptc.m1m1mapi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing", "deleted": false, "disable_correlation": false, "timestamp": "1747026114", "to_ids": true, "type": "domain", "uuid": "67f694ef-516d-403b-a635-adaa5f94ce80", "value": "happyminder.buzz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malware download URL", "deleted": false, "disable_correlation": false, "timestamp": "1747026135", "to_ids": true, "type": "url", "uuid": "1d5e84ba-48cc-4484-b5bd-826efe60b12d", "value": "https://dl.chatgptc.io/gptalkwallet.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malware download URL", "deleted": false, "disable_correlation": false, "timestamp": "1747026157", "to_ids": true, "type": "url", "uuid": "ed2a34a0-a6e6-4aa4-a58d-d126699dceaf", "value": "https://dl.synthnet.ai/synthnet.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malware download URL", "deleted": false, "disable_correlation": false, "timestamp": "1747026178", "to_ids": true, "type": "url", "uuid": "02f9373a-a2c7-4272-9b49-cff2c05d749f", "value": "https://happyminder.buzz/happyminer.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Malware download URL", "deleted": false, "disable_correlation": false, "timestamp": "1747026199", "to_ids": true, "type": "url", "uuid": "52aa4e6e-47dc-49f5-a102-b53d3c63e082", "value": "https://www.robot999.net/robot999.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing", "deleted": false, "disable_correlation": false, "timestamp": "1747026220", "to_ids": true, "type": "domain", "uuid": "f817e244-dada-452a-bb39-1ea4be17e565", "value": "robot999.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing", "deleted": false, "disable_correlation": false, "timestamp": "1747026241", "to_ids": true, "type": "domain", "uuid": "d1bff449-0242-45da-aa42-c1000a0ee50a", "value": "synthnet.ai", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1747026263", "to_ids": true, "type": "hostname", "uuid": "638435ee-1102-4aa4-8472-b842dd75a761", "value": "synthnet.m1m1mapi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C server", "deleted": false, "disable_correlation": false, "timestamp": "1747026284", "to_ids": true, "type": "hostname", "uuid": "3b036501-eed4-4d0a-bcce-17109213df33", "value": "wapi.hugeversapi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SynthNet No sample in VT\r\nLast check:12/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1747025870", "to_ids": true, "type": "sha256", "uuid": "73909fbb-1204-4d72-a976-4ebe9694d054", "value": "8a01025d4ee1c9649d86ff74864c580a1773deb77b469dc1439e410ecff595e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Financial fraud", "comment": "Attacker-controlled cryptocurrency address", "deleted": false, "disable_correlation": false, "timestamp": "1740788069", "to_ids": true, "type": "btc", "uuid": "56cebe5e-e284-4ff7-a056-9ee58d000760", "value": "1MstmvhmcRbMvcknmXwW81fmoenTozTWVF" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747026305", "uuid": "e6b8b7bb-a9c9-4971-a4ac-a178ec20e1d1", "Attribute": [ { "category": "Payload delivery", "comment": "CherryBlos - Robot 999", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747026305", "to_ids": true, "type": "md5", "uuid": "60ca2d38-b1c5-40e6-bcf9-616457727648", "value": "e355f01472bc880619bf9fe930cd5743", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - Robot 999", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025261", "to_ids": true, "type": "sha1", "uuid": "2c8f9fb2-bcf6-4cd7-8efe-7e4d3ed5da46", "value": "9d4cff1eed8955706f28215c7ad4b820b754d170", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - Robot 999", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025261", "to_ids": true, "type": "sha256", "uuid": "c6fc731b-abe6-41e3-8b32-0a4f0f0fd892", "value": "63e0404b709945058b4ec8dde7b9d58d08754fd3d7db040acdf35a5f9989de03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025260", "to_ids": true, "type": "ssdeep", "uuid": "7540a634-48e9-4e5a-8cdd-0c9d55b40b2f", "value": "786432:QtnnZ6q0PXWnwz2gsjwjSm/QP+pGQKrtldtA:QtnZyun821jgH/jCld+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025260", "to_ids": false, "type": "size-in-bytes", "uuid": "85d85a17-384e-42c0-b8ec-ee9750a14a5b", "value": "36029272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025260", "to_ids": true, "type": "vhash", "uuid": "5dc7eb65-b571-4e13-9930-4d77e32f6e10", "value": "1ed49aaca9a54f848fe0723e0e7855e4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025260", "to_ids": true, "type": "filename", "uuid": "bb203af7-3732-4257-a3d7-fa2eac3ea1e9", "value": "robot999.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 30/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025260", "to_ids": false, "type": "text", "uuid": "e13b186e-8f4f-44c2-8d6b-79232beb9b28", "value": "CherryBlos - Robot 999\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/CherryBlos!MTB\nVT Total Detection:17/69\nFirst Submission:2023-04-03T17:18:12.000000+00:00\nLast Submission:2023-04-04T06:06:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747026326", "uuid": "16b5a217-1e65-4b61-9931-5806c3af857f", "Attribute": [ { "category": "Payload delivery", "comment": "CherryBlos - GPTalk", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747026326", "to_ids": true, "type": "md5", "uuid": "b5c1032a-579c-438f-8ed7-d240e9e3ddee", "value": "3ca466e4a248c2a96fee018237024b41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - GPTalk", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025282", "to_ids": true, "type": "sha1", "uuid": "5489716d-48bf-4cf6-b39f-3373ec720786", "value": "d6dee8c3ad563ed5283aa0426ea3f43c6211175c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - GPTalk", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025282", "to_ids": true, "type": "sha256", "uuid": "9053728e-9783-4848-84d0-5650aa61ab18", "value": "8271e9310ba83ae81f78fc7d614e6e80439faebaefa156cda41a7d92b03d6f57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025282", "to_ids": true, "type": "ssdeep", "uuid": "90ef3c70-ca29-486b-a62b-be161ad7cb9a", "value": "786432:FbiwvPmX5jaY9WnwzJgsjwOzSZw7qN/QCw+GYGBqtIn:pWXpdYn8J1j/R7qhxVGtqIn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025282", "to_ids": false, "type": "size-in-bytes", "uuid": "79398c59-aebe-4e17-a2c9-8595d2f5ecb1", "value": "33648067" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025282", "to_ids": true, "type": "vhash", "uuid": "a077ea6f-1259-4352-8556-4fe6884464ab", "value": "53ce7f0123cdc8d27ab35c869524d016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025282", "to_ids": true, "type": "filename", "uuid": "08fa6e31-ee1d-411a-99a5-38b4f9d7bc7f", "value": "gptalkwallet.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 30/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025282", "to_ids": false, "type": "text", "uuid": "d1be4f9f-3242-4d57-95ad-2f466aec4392", "value": "CherryBlos - GPTalk\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/CherryBlos!MTB\nVT Total Detection:21/69\nFirst Submission:2023-05-08T03:55:45.000000+00:00\nLast Submission:2024-01-29T07:18:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747026347", "uuid": "9f3e331c-de22-42fc-8bb8-5dd0e9b566e2", "Attribute": [ { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747026347", "to_ids": true, "type": "md5", "uuid": "74a745fd-b7ff-416a-b5bd-0a0b2d31d1df", "value": "ba18d79dbec5a8f9232a998abb126124", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025304", "to_ids": true, "type": "sha1", "uuid": "3f92e64f-9859-42a9-8ed5-2b577eae88d8", "value": "4b3cabe0332e5aeaf0cadcaf1fb3b40cc5f880d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025304", "to_ids": true, "type": "sha256", "uuid": "868559b9-cc01-4ec3-8efb-769f171bc832", "value": "83e13b34b115ed432ee7b33fe215c533fcb2e0f5ec0054a577af28a262e4708e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025303", "to_ids": true, "type": "ssdeep", "uuid": "b8d0d6a7-ae36-4082-a9cc-f2c7d0deca7e", "value": "786432:9aUtXd67EUZGgNjqJZWnwz26gsjwaA+GGCePDtQ0:LdoEUVqUn8261jdFQ+Q0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025303", "to_ids": false, "type": "size-in-bytes", "uuid": "9210a8ea-3dd1-4674-9e41-45fa465cbcd6", "value": "33906825" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025303", "to_ids": true, "type": "vhash", "uuid": "d837b49d-44d5-40c5-99c4-f6e0eaaa6cbd", "value": "a6eaf81b74c89d79bdfb3db49bef43f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025303", "to_ids": true, "type": "filename", "uuid": "9f01695a-01e4-4fe3-9c7b-f9477050c247", "value": "4b3cabe0332e5aeaf0cadcaf1fb3b40cc5f880d2.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025303", "to_ids": false, "type": "text", "uuid": "7a21f367-2b8a-44cf-9b1f-8314790f4077", "value": "CherryBlos - SynthNet\r\nType Description: Android\nMicrosoft: PUA:AndroidOS/Maltiverza\nVT Total Detection:19/69\nFirst Submission:2023-06-16T02:56:45.000000+00:00\nLast Submission:2024-01-31T07:25:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747026368", "uuid": "6ff38e6c-344a-4f01-bad1-64e0c7feb48e", "Attribute": [ { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747026368", "to_ids": true, "type": "md5", "uuid": "c7d38933-bf58-43b9-b4dd-0026897f8533", "value": "6736399cb3a96b4faa8f9bbe63fc98c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025325", "to_ids": true, "type": "sha1", "uuid": "2c55f346-c6ee-473e-ae87-a11893795133", "value": "c2f5402e5db45befcd26348711271060f0fbc430", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025325", "to_ids": true, "type": "sha256", "uuid": "485dcda6-f09d-4525-a01c-b38a0e2afe97", "value": "fa22cd5be2af34cfc3ee777537fb20bf18aae393a228bdccf958785f8bdd22bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025324", "to_ids": true, "type": "ssdeep", "uuid": "1b0229e9-28b8-490c-94da-18d407b4b13a", "value": "786432:4WUtXyoO9Iv91WnwzAGegsjwaV+dBGbvePDtEO+:+HsQ9gn8M1jd0d4GEv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025324", "to_ids": false, "type": "size-in-bytes", "uuid": "17c32e6b-2401-48c3-a0b3-9baa16ba7d6e", "value": "35812980" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025324", "to_ids": true, "type": "vhash", "uuid": "3f2af67d-f20a-462e-ab4b-696624472f71", "value": "a6eaf81b74c89d79bdfb3db49bef43f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025324", "to_ids": true, "type": "filename", "uuid": "22c12f1a-a62a-470a-b492-a6512a63b5e3", "value": "synthnet.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 08/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025324", "to_ids": false, "type": "text", "uuid": "3e95a446-7380-468f-81e0-dab6d06e64af", "value": "CherryBlos - SynthNet\r\nType Description: Android\nMicrosoft: Adware:AndroidOS/Multiverze\nVT Total Detection:20/66\nFirst Submission:2023-06-18T02:42:19.000000+00:00\nLast Submission:2024-01-31T02:10:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747026389", "uuid": "bd573a92-c625-40b0-9383-23d06b21bab9", "Attribute": [ { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747026389", "to_ids": true, "type": "md5", "uuid": "0f0029d3-ddb4-41b5-bf74-1c921648091a", "value": "73c55e38f936325fc308f73ce58da5a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025346", "to_ids": true, "type": "sha1", "uuid": "f2565d35-8395-4e7e-a4c0-01d1b4e84158", "value": "f5283be075f9e521b882042ddac34078dd2f4d04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - SynthNet", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025346", "to_ids": true, "type": "sha256", "uuid": "67071823-2cd4-4cd6-9f65-d3dd00c4945d", "value": "1366b928506c24f6f41faf69d27cff4e90ea33f4ad86b7d404144ac8f12020b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025346", "to_ids": true, "type": "ssdeep", "uuid": "9602ca57-7797-4987-bf50-b2eb8e8d7baa", "value": "786432:rjlp9P827+noIv91WnwzAGegsjwaG+BlKTfqPLtYyu:fljPn7fQ9gn8M1jdLBYiYn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025346", "to_ids": false, "type": "size-in-bytes", "uuid": "a2124ca9-1dfd-4511-8bff-4615569fe63a", "value": "35829364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025346", "to_ids": true, "type": "vhash", "uuid": "92a8c568-c393-40ce-bc47-d3b0d0b6e6ff", "value": "a6eaf81b74c89d79bdfb3db49bef43f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025346", "to_ids": true, "type": "filename", "uuid": "9fd433d5-0ab5-4f87-b006-d2b10ed8b93d", "value": "synthnet.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 24/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025346", "to_ids": false, "type": "text", "uuid": "00f25e78-06be-42fd-a236-5afc850172fb", "value": "CherryBlos - SynthNet\r\nType Description: Android\nMicrosoft: PUA:AndroidOS/Maltiverza\nVT Total Detection:25/65\nFirst Submission:2023-06-20T16:09:16.000000+00:00\nLast Submission:2024-01-31T02:55:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981591", "uuid": "caef5720-d02f-4ffb-ad98-b0899ff320d4", "Attribute": [ { "category": "Payload delivery", "comment": "CherryBlos - Happy Miner", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981591", "to_ids": true, "type": "md5", "uuid": "67637f22-b0df-40ad-9ef1-d8fa6d7ba37f", "value": "aabf9d98a82913dd8933cab118cce866", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - Happy Miner", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025368", "to_ids": true, "type": "sha1", "uuid": "edd6beb1-77ff-4fc8-b6c0-a20a8060c4f4", "value": "a2315a060d193b578c059580d005b4bd5f21f2e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CherryBlos - Happy Miner", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025368", "to_ids": true, "type": "sha256", "uuid": "ce6125ee-a066-4806-94a7-7975d035d4f0", "value": "885b24b4b170b86c5c963324a78f9525b758bdec0bd4c254d7c1083a43e0e3be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025367", "to_ids": true, "type": "ssdeep", "uuid": "53740e97-cb5c-4ee0-9a9c-f7e3a198804a", "value": "393216:ma4No5ttMngM5Vhl22cFVyoFYknwcR24of0vNujGD58+JzKjMMfTteUaPXUq:maoo5tmHVX22uMWnwzXgsjw6+JKjrtFo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025367", "to_ids": false, "type": "size-in-bytes", "uuid": "6948e393-8c8d-4b61-9184-5fe167f80527", "value": "24626618" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025367", "to_ids": true, "type": "vhash", "uuid": "590f23d3-25c8-4803-9f3b-46aa226dd01a", "value": "c38d76a90916d6431eff88a59b92d7b7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025367", "to_ids": true, "type": "filename", "uuid": "d1feac7e-1b63-4f72-bf0b-7b8d59b5a5ca", "value": "happyminer.apk" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 30/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025367", "to_ids": false, "type": "text", "uuid": "4a6fdc84-259e-4880-80b5-6e14493b4e80", "value": "CherryBlos - Happy Miner\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/CherryBlos!MTB\nVT Total Detection:26/67\nFirst Submission:2023-06-25T02:45:54.000000+00:00\nLast Submission:2024-01-31T06:57:48.000000+00:00" } ] } ] } }