{ "Event": { "analysis": "2", "date": "2022-05-19", "extends_uuid": "", "info": "[Threat Intel] Scam and Malicious APK targeting Malaysian: MyMaidKL Technical Analysis", "protected": false, "publish_timestamp": "1780039982", "published": true, "threat_level_id": "2", "timestamp": "1772902007", "uuid": "e85ae419-f9ec-48a0-bf9a-152a270c55f6", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": "" }, { "colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740751565", "to_ids": false, "type": "link", "uuid": "26074c36-c45b-4932-b72f-0b20935b2b8d", "value": "https://notes.netbytesec.com/2022/05/scam-and-malicious-apk-targeting.html" }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740751600", "to_ids": false, "type": "phone-number", "uuid": "820b2afd-f74d-4f6a-a7b9-c83a6ed6e243", "value": "+60172675873" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747005057", "to_ids": true, "type": "url", "uuid": "970ecd10-7114-4502-b2eb-732362477532", "value": "https://api.lapubo.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747005078", "to_ids": true, "type": "url", "uuid": "4d156963-88cf-4243-aa9f-da919ef71246", "value": "https://mymaidkl.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747005098", "to_ids": true, "type": "url", "uuid": "64380d17-3cc5-4cd9-81f6-da3cba8c8672", "value": "https://mobile666.mymaidkl.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005119", "uuid": "ea2a4dd9-6afa-45d9-942e-0e72540e97e8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005119", "to_ids": true, "type": "md5", "uuid": "ae6b9ace-d823-4b69-82e8-cf4a36096cb5", "value": "e58ffc4e23292d80916b0e19c184cdef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756654", "to_ids": true, "type": "sha1", "uuid": "2a903607-6d63-4f45-ac4f-660d612fedfc", "value": "d5d37be2ff3338c89e77c77e025de58464ef19e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756654", "to_ids": true, "type": "sha256", "uuid": "89ecc1c5-b63f-4b1c-a50a-95f39c186c12", "value": "8bc920af87fa19c3bfe76b40f85390d983b81340af690a49113f247cca957456", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756653", "to_ids": true, "type": "ssdeep", "uuid": "29895f34-5f9f-4741-8317-25d27f9af442", "value": "98304:86omzfr/Pjpaxjd2tPEpWvm9IaiLwQ2Vjy:86oNdyPvm9ViLSu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756653", "to_ids": false, "type": "size-in-bytes", "uuid": "bdec7402-d335-48f3-95df-c1250d3ff4b0", "value": "3600970" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756653", "to_ids": true, "type": "vhash", "uuid": "90f9ec9c-4bd5-4a12-9827-873beb174c62", "value": "cb1ce0cec73f026f3444dfde160eccab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756653", "to_ids": true, "type": "filename", "uuid": "a4e8231b-d83d-4670-b1c1-36509905c903", "value": "mymaid_beta_v7.0.5.2.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756653", "to_ids": false, "type": "text", "uuid": "87d7eb86-72db-40eb-b2e2-1e93cbc125ea", "value": "Type Description: Android\nMicrosoft: TrojanSpy:AndroidOS/SmsSpy.J!MTB\nVT Total Detection:26/63\nFirst Submission:2022-04-22T14:26:09.000000+00:00\nLast Submission:2022-04-24T09:20:40.000000+00:00" } ] } ] } }