{ "Event": { "analysis": "2", "date": "2020-07-10", "extends_uuid": "", "info": "[Threat Intel] MA-790.072020: MyCERT Alert - SMSSpy using Malaysian Law Enforecement as theme", "protected": false, "publish_timestamp": "1772901995", "published": true, "threat_level_id": "2", "timestamp": "1772901995", "uuid": "67ecc7f8-bc10-4329-b975-097c929fd5f9", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Police - Law enforcement\"", "relationship_type": "" }, { "colour": "#d5270f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Call Log - T1433\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Contact List - T1432\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Sensitive Data in Device Logs - T1413\"", "relationship_type": "" }, { "colour": "#85feae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1437\"", "relationship_type": "" }, { "colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Broadcast Receivers - T1402\"", "relationship_type": "" }, { "colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": "" }, { "colour": "#566f91", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Carrier Billing Fraud - T1448\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1414\"", "relationship_type": "" }, { "colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Device Administrator Permissions - T1401\"", "relationship_type": "" }, { "colour": "#90e419", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": "" }, { "colour": "#b2ee2e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Download New Code at Runtime - T1407\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Evade Analysis Environment - T1523\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Other Network Medium - T1438\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Redirect Phone Calls/SMS - T1449\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Track Device Location - T1450\"", "relationship_type": "" }, { "colour": "#9c4b3a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"", "relationship_type": "" }, { "colour": "#8c387c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Prompt - T1411\"", "relationship_type": "" }, { "colour": "#775b18", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Information Discovery - T1507\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remotely Track Device Without Authorization - T1468\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stored Application Data - T1409\"", "relationship_type": "" }, { "colour": "#bbb53d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": "" }, { "colour": "#b418fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\"", "relationship_type": "" }, { "colour": "#24a1e3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1421\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"00afde8d-6de3-46b1-9f35-e98fc8c1ee07\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740502530", "to_ids": false, "type": "link", "uuid": "ffe3da83-ef89-4bbd-8e7f-b40b966f6ce9", "value": "https://mycert.org.my/portal/advisory?id=MA-790.072020" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500831", "to_ids": true, "type": "url", "uuid": "2d557e0c-0ffe-4d6d-948d-2e6e0c62fff8", "value": "http://app.0189110.com/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500855", "to_ids": true, "type": "url", "uuid": "a3c2abf0-c5f1-432b-adcb-543d8ef61420", "value": "http://vip.0109101.com:2052/WebMobileD1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500877", "to_ids": true, "type": "url", "uuid": "8daee7d7-4242-4b3e-ae86-950e780b1d96", "value": "http://vip.0109101.com:2052/webmobiled1/phoneajax/index.do", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500899", "to_ids": true, "type": "url", "uuid": "8d1973a1-6acc-47cc-8c3a-b6fa7be4a814", "value": "http://vip.0109101.com/d2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500924", "to_ids": true, "type": "url", "uuid": "d07bbdb8-3d0e-4cfe-8b5e-7cdcb82e7570", "value": "http://vip.0109101.com/d2/BANK.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500946", "to_ids": true, "type": "hostname", "uuid": "47de9d47-72e6-4f4d-a6e9-d04a7bbe393a", "value": "app.0189110.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500968", "to_ids": true, "type": "hostname", "uuid": "50e1545c-90d2-47f1-a828-3506e7f87c5b", "value": "vip.0109101.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746500989", "to_ids": true, "type": "ip-dst", "uuid": "a50cdcfa-b860-4f9e-b5a9-97817e79a3e9", "value": "104.31.92.196", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746501010", "to_ids": true, "type": "ip-dst", "uuid": "07253b0d-1261-4720-9ae5-71f10c9b6bf0", "value": "104.18.37.4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746501031", "uuid": "19e222db-4915-48a2-8cc8-9daaeaa3fa24", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746501031", "to_ids": true, "type": "md5", "uuid": "a8d8970b-d21a-48e8-9e35-7fd88ca03076", "value": "5a7dce8fd26a263ca25644fe7058c284", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746500773", "to_ids": true, "type": "sha1", "uuid": "60ae9226-620e-4c95-ab27-54c72ab8ad02", "value": "d97ec00b3c619fe3ef0b82b852a8b3b6bf33b5fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746500773", "to_ids": true, "type": "sha256", "uuid": "e02aac4e-e071-457b-9145-c853561ea7f5", "value": "13432a5c1dc52bc3692700e1f7874426ff34f31e5a76c5b24a81f531358aed21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746500773", "to_ids": true, "type": "ssdeep", "uuid": "37a3754c-04ab-4b6d-aa2b-c609273e88c9", "value": "12288:3VvqozVGQrkeKvqozVGQrAe7l2leRvqozVGQreeyvqozVGQrseJJeFJ+vmkQIpBZ:3OQgCQEAlCHQ6KQ4uJe/ImJ8j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746500773", "to_ids": false, "type": "size-in-bytes", "uuid": "a45b2a79-46fc-4c29-96ec-9023895f76f5", "value": "739659" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746500773", "to_ids": true, "type": "vhash", "uuid": "cceb21e5-b519-4da6-95f5-b07a96bbb0f4", "value": "9fe36e98d1b53068b46fb8c49f249127" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746500773", "to_ids": true, "type": "filename", "uuid": "aec0db79-e471-4528-8477-23dad9b149f6", "value": "PDRM-MY.apk" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 21/09/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746500773", "to_ids": false, "type": "text", "uuid": "63baa7cd-1065-448a-8246-da820c78aa76", "value": "Type Description: Android\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:37/63\nFirst Submission:2020-08-24T03:13:09.000000+00:00\nLast Submission:2020-08-24T03:13:09.000000+00:00" } ] } ] } }