Dark Caracal
Common Information
| Type | Value |
|---|---|
| UUID | 945ee81e-695c-4bd7-b44b-48990c525923 |
| Fingerprint | 3d203cfa9362a3de5653a098f785d0d4c5992bf032cd428d45658b6276e88a1b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Jan. 17, 2018, 10:12 a.m. |
| Added to db | March 10, 2024, 1:39 a.m. |
| Last updated | Aug. 31, 2024, 4:16 a.m. |
| Headline | Dark Caracal |
| Title | Dark Caracal |
| Detected Hints/Tags/Attributes | 221/4/185 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 67 | www.checkpoint.com |
|
| Details | Domain | 1 | arablivenews.com |
|
| Details | Domain | 136 | mail.com |
|
| Details | Domain | 1 | arabpublisherslb.com |
|
| Details | Domain | 1 | secureandroid.info |
|
| Details | Domain | 1 | gmailservices.org |
|
| Details | Domain | 1 | twiterservices.org |
|
| Details | Domain | 7 | www.threatconnect.com |
|
| Details | Domain | 4 | adobeair.net |
|
| Details | Domain | 1 | secureanroid.info |
|
| Details | Domain | 45 | www.eff.org |
|
| Details | Domain | 67 | citizenlab.ca |
|
| Details | Domain | 28 | wigle.net |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 1 | fbarticles.com |
|
| Details | Domain | 1 | facebookservices.org |
|
| Details | Domain | 1 | planethdx.com |
|
| Details | Domain | 1 | tweetsfb.com |
|
| Details | Domain | 3 | ch.threema.app |
|
| Details | Domain | 1 | com.primo.mobile.android.app |
|
| Details | Domain | 4 | org.telegram.plus |
|
| Details | Domain | 1 | org.torproject.android |
|
| Details | Domain | 1 | www.cmcm.com |
|
| Details | Domain | 15 | blog.lookout.com |
|
| Details | Domain | 62 | stackoverflow.com |
|
| Details | Domain | 53 | developer.android.com |
|
| Details | Domain | 28 | docs.oracle.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 4 | axroot.com |
|
| Details | Domain | 3 | flexberry.com |
|
| Details | Domain | 1 | ne.abc |
|
| Details | Domain | 1 | cma-cgrm.com |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 1 | nancyrazzouk.com |
|
| Details | Domain | 1 | globalmic.net |
|
| Details | Domain | 2 | megadeb.com |
|
| Details | Domain | 2 | opwalls.com |
|
| Details | Domain | 1 | mecodata.com |
|
| Details | Domain | 1 | sabisint.com |
|
| Details | Domain | 1 | roxsoft.net |
|
| Details | Domain | 1 | skypeupdate.com |
|
| Details | Domain | 1 | playermea.com |
|
| Details | Domain | 4 | kaliex.net |
|
| Details | Domain | 1 | tenoclock.net |
|
| Details | Domain | 1 | ancmax.com |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 1 | www.shinjiru.com |
|
| Details | Domain | 2 | www.apachefriends.org |
|
| Details | Domain | 1 | adodeair.net |
|
| Details | Domain | 317 | bit.ly |
|
| Details | Domain | 1 | www.tweetsfb.com |
|
| Details | Domain | 1 | fbtweets.net |
|
| Details | Domain | 1 | gsec.in |
|
| Details | Domain | 1 | ecowatchasia.com |
|
| Details | Domain | 1 | etn9.com |
|
| Details | Domain | 3 | mangoco.net |
|
| Details | Domain | 3 | jaysonj.no-ip.biz |
|
| Details | Domain | 3 | orange2015.net |
|
| Details | Domain | 1 | skypeservice.no-ip.org |
|
| Details | Domain | 3 | accountslogin.services |
|
| Details | Domain | 3 | adobeinstall.com |
|
| Details | Domain | 3 | adobe-flashviewer.accountslogin.services |
|
| Details | Domain | 3 | dropboxonline.com |
|
| Details | Domain | 1 | iceteapeach.com |
|
| Details | Domain | 1 | nvidiaupdate.com |
|
| Details | Domain | 1 | paktest.ddns.net |
|
| Details | Domain | 1 | watermelon2017.com |
|
| Details | Domain | 6 | lookout.com |
|
| Details | Domain | 12 | www.lookout.com |
|
| Details | Domain | 17 | eff.org |
|
| Details | 1 | op13@mail.com |
||
| Details | 1 | alecouperus@mail.com |
||
| Details | 1 | nancyrazzouk@mail.com |
||
| Details | 1 | hicham.dika@mail.com |
||
| Details | 1 | hetemramadani5@gmail.com |
||
| Details | 1 | info@secureandroid.info |
||
| Details | 3 | threatintel@lookout.com |
||
| Details | 1 | press@eff.org |
||
| Details | File | 3 | volatile-cedar-technical-report.pdf |
|
| Details | File | 1 | i-got-a-letter-from-the-government.pdf |
|
| Details | File | 4 | telegram.pl |
|
| Details | File | 16 | com.ps |
|
| Details | File | 1 | 1101.html |
|
| Details | File | 1 | flashplayer.pl |
|
| Details | File | 14 | add.php |
|
| Details | File | 97 | upload.php |
|
| Details | File | 1 | content-provider-basics.html |
|
| Details | File | 1 | phone.html |
|
| Details | File | 1 | calls.html |
|
| Details | File | 2 | date.html |
|
| Details | File | 1 | scanresult.html |
|
| Details | File | 263 | iexplore.exe |
|
| Details | File | 1 | %appname%.exe |
|
| Details | File | 1 | %appdata%\local\ temp\mediamgrs.jar |
|
| Details | File | 4 | mediamgrs.jar |
|
| Details | File | 3 | mediamgrs.pl |
|
| Details | File | 18 | this.dat |
|
| Details | File | 1 | bl920123.doc |
|
| Details | File | 1 | fixed.doc |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1208 | powershell.exe |
|
| Details | File | 1 | %temp%\chmplg.exe |
|
| Details | File | 76 | download.html |
|
| Details | md5 | 1 | d965c3736e530bfdbfde2cc6a264f2aa |
|
| Details | sha1 | 1 | ed4754effda466b8babf87bcba2717760f112455 |
|
| Details | sha1 | 1 | 835befd9376f90a12892876b482c1dcc39643a09 |
|
| Details | sha1 | 1 | b0151434815f8b3796ab83848bf6969a2b2ad721 |
|
| Details | sha1 | 1 | bfbe5218a1b4f8c55eadf2583a2655a49bf6a884 |
|
| Details | sha1 | 1 | 47243997992d253f7c4ea20f846191697999cd57 |
|
| Details | sha1 | 1 | 309038fceb9a5eb6af83bd9c3ed28bf4487dc27d |
|
| Details | sha1 | 1 | eaed6ce848e68d5ec42837640eb21d3bfd9ae692 |
|
| Details | sha1 | 1 | edf037efc400ccb9f843500103a208fe1f254453 |
|
| Details | sha1 | 1 | 35b70d89af691ac244a547842b7c8dfd9a7233fe |
|
| Details | sha1 | 1 | 7d47da505f8d3ee153629b373f6792c8858f76e8 |
|
| Details | sha1 | 1 | 4896b0c957b6a985b2b6efe2ffe517dceaa6ce01 |
|
| Details | sha1 | 1 | 6a2d5c0a4cc5b5053f5c8f15c447316fae66b57b |
|
| Details | sha256 | 1 | d57701321f2f13585a02fc8ba6cbf1f2f094764bfa067eb73c0101060289b0ba |
|
| Details | sha256 | 1 | ed25b0c20b1c1b271a511a1266fe3967ab851aaa9f793bdf4f3d19de1dcf6532 |
|
| Details | sha256 | 1 | e5eeb0a46dac58b171ebcefec60e9ff351fc7279d95892c6f48f799a1a364215 |
|
| Details | sha256 | 1 | ce583821191345274cd954b2db7da9742c239fe413fc17dcb97ffdd7b51cb072 |
|
| Details | sha256 | 1 | ba4e063472a2559b4baa82d5272304a1cdae6968145c5ef221295c90e88458e2 |
|
| Details | sha256 | 1 | 26419a0b6e033cdcb7bf4ca6b0b24fda35490cc6f2796682fb9403620f63d428 |
|
| Details | sha256 | 1 | 15af5bbf3c8d5e5db41fd7c3d722e8b247b40f2da747d5c334f7fd80b715a649 |
|
| Details | sha256 | 1 | 22eee43887e94997f9f9786092ffd3a9b51f059924cba678cf7b62cfafa65b28 |
|
| Details | sha256 | 1 | fcf8f9566868d65d901fd6db9a8d6decacb860f5595f84a6a878193eda11549d |
|
| Details | sha256 | 1 | f2178146741f91923c7d3e2442bd08605ed5a0927736e8cfdea00c055b2c6284 |
|
| Details | sha256 | 1 | 6b6d363d653785f420dcc1a23c9d9b8b76b8647209b52562b774c793dc0e3f6b |
|
| Details | sha256 | 1 | a3ae05a134b30b8c8869d0acd65ed5bca160988b404c146a325f2399b9c1a243 |
|
| Details | sha256 | 1 | 400bca713ba1def9cdbc0e84fc97447db2fa3d12b1c5ef352ef985b7787b6ca4 |
|
| Details | sha256 | 1 | 5e0d061531071e53b3b993e06ce20dae6389a7e9eba5d7887399de48e2f2d278 |
|
| Details | sha256 | 1 | f9f2e632535b214a0fab376b32cbee1cab6507490c22ba9e12cfa417ed8d72bb |
|
| Details | sha256 | 1 | bf600e7b27bdd9e396e5c396aba7f079c244bfb92ee45c721c2294aa36586206 |
|
| Details | sha256 | 1 | da81aec00b563123d2fbd14fb6a76619c90f81e83c5bd8aa0676922cae96b9ad |
|
| Details | sha256 | 1 | 9cf3d3c0b790cebeacb8cb577cd346a6513b1b74fa120aff8984aa022301562e |
|
| Details | sha256 | 1 | 091ae8d5649c4e040d25550f2cdf7f1ddfc9c698e672318eb1ab6303aa1cf85b |
|
| Details | sha256 | 3 | a91c2cad20935a85d6eed72ef663254396914811f043018732d29276424a9578 |
|
| Details | sha256 | 1 | b6ac374f79860ae99736aaa190cce5922a969ab060d7ae367dbfa094bfe4777d |
|
| Details | sha256 | 1 | ed97719c008422925ae21ff34448a8c35ee270a428b0478e24669396761d0790 |
|
| Details | sha256 | 1 | 5c1622cabf21672a8a5379ce8d0ee0ba6d5bc137657f3779faa694fcc4bb3988 |
|
| Details | sha256 | 1 | 86f1bbda3ebf03a0f0a79d7bd1db68598ace9465f5cebb7f66773f8a818b4e8b |
|
| Details | sha256 | 1 | 675c3d96070dc9a0e437f3e1b653b90dbc6700b0ec57379d4139e65f7d2799cd |
|
| Details | sha256 | 1 | f581a75a0f8f8eb200a283437bed48f30ae9d5616e94f64acfd93c12fcef987a |
|
| Details | IPv4 | 1 | 180.235.133.57 |
|
| Details | IPv4 | 1 | 192.168.1.82 |
|
| Details | IPv4 | 8 | 192.168.1.16 |
|
| Details | IPv4 | 1 | 94.229.70.7 |
|
| Details | IPv4 | 1 | 172.94.17.147 |
|
| Details | IPv4 | 1 | 111.90.141.70 |
|
| Details | IPv4 | 1 | 111.90.145.64 |
|
| Details | IPv4 | 1 | 111.90.141.38 |
|
| Details | IPv4 | 1 | 111.90.158.121 |
|
| Details | IPv4 | 1 | 111.90.141.169 |
|
| Details | IPv4 | 1 | 111.90.150.221 |
|
| Details | IPv4 | 1 | 172.111.250.156 |
|
| Details | IPv4 | 1 | 77.78.103.41 |
|
| Details | IPv4 | 1 | 74.208.167.252 |
|
| Details | IPv4 | 1 | 111.90.140.11 |
|
| Details | MITRE ATT&CK Techniques | 11 | T1093 |
|
| Details | Threat Actor Identifier - APT | 783 | APT28 |
|
| Details | Url | 3 | https://www.checkpoint.com/downloads/volatile-cedar-technical-report.pdf |
|
| Details | Url | 1 | https://www.threatconnect.com/blog/how-to-investigate-incidents-in-threatconnect |
|
| Details | Url | 1 | https://www.eff.org/files/2016/08/03/i-got-a-letter-from-the-government.pdf |
|
| Details | Url | 1 | https://citizenlab.ca/2015/10/mapping-finfishers-continuing-proliferation |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/telecommunications_in_lebanon |
|
| Details | Url | 1 | http://www.cmcm.com/blog/en/security/2017-08-16/1101.html |
|
| Details | Url | 1 | https://blog.lookout.com/pegasus-android |
|
| Details | Url | 1 | https://blog.lookout.com/trident-pegasus |
|
| Details | Url | 1 | https://adobeair.net/wp9/add.php |
|
| Details | Url | 1 | https://adobeair.net/wp9/upload.php |
|
| Details | Url | 1 | https://adobeair.net/<campaign_identifier>/<add.php |
|
| Details | Url | 1 | https://stackoverflow.com/questions/15554296/simple-java-aes-encrypt-decrypt-example |
|
| Details | Url | 1 | https://developer.android.com/guide/topics/providers/content-provider-basics.html |
|
| Details | Url | 1 | https://developer.android.com/reference/android/provider/contactscontract.commondatakinds.phone.html |
|
| Details | Url | 1 | https://developer.android.com/reference/android/provider/calllog.calls.html |
|
| Details | Url | 1 | https://docs.oracle.com/javase/7/docs/api/java/sql/date.html |
|
| Details | Url | 1 | https://developer.android.com/reference/android/net/wifi/scanresult.html |
|
| Details | Url | 1 | https://en.wikipedia.org/wiki/finfisher |
|
| Details | Url | 1 | https://attack.mitre.org/wiki/technique/t1093 |
|
| Details | Url | 1 | https://www.shinjiru.com/company/about-us |
|
| Details | Url | 1 | https://www.apachefriends.org/download.html |
|
| Details | Url | 1 | http://bit.ly/2j3r285 |
|
| Details | Url | 1 | http://www.tweetsfb.com/services/100001472583690/twitter/articles/100001 |
|
| Details | Url | 1 | http://bit.ly/2ibyhcu |
|
| Details | Url | 1 | http://tweetsfb.com/services/100001472583690/facebook/groups/100002 |
|
| Details | Windows Registry Key | 7 | HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run |