ioc[.]one - OSINT Cyber Threat Intelligence Database

Advanced Mobile Malware Campaign in India uses Malicious MDM

Tags

country:	Croatia India Russia
attack-pattern:	Data Direct Models Chat Messages - T1552.008 Contact List - T1636.003 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004

Show in Graph

Common Information

Type	Value
UUID	0c008914-365a-4e9a-9e67-bc1146b46067
Fingerprint	ce051899dc33b6c1
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 12, 2018, 3 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 15, 2024, 5:40 p.m.
Headline	Vulnerability Information
Title	Advanced Mobile Malware Campaign in India uses Malicious MDM
Detected Hints/Tags/Attributes	76/2/30

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	ios-certificate-update.com
Details	Domain	2	www.wpitcher.com
Details	Domain	246	mail.ru
Details	Domain	2	techwach.com
Details	Domain	2	voguextra.com
Details	Domain	904	snort.org
Details	Email	1	cn=ios-certificate-update.com/emailaddress=nicholas.vukoja@mail.ru
Details	Email	1	cn=ios-certificate-update.com/emailaddress=nicholas.vukoja@mail.ruthe
Details	Email	1	cn=ios-certificate-update.com/emailaddress=aleksi.dushku@mail.ru
Details	Email	1	cn=ios-certificate-update.com/emailaddress=aleksi.dushku@mail.ruthis
Details	File	32	ca.crt
Details	File	1	identity.p12
Details	File	1	server.cs
Details	File	1	'tgdata.db
Details	File	1	'chatstorage.sql
Details	File	3	all.php
Details	File	1	dyrkztorkwvwogo.php
Details	File	67	get.php
Details	File	1	hh.php
Details	File	49	info.php
Details	File	1	jdrucchwsowqgpu.php
Details	File	1	ufmcrxydavvbrbl.php
Details	sha256	1	329e025866bc6e88184af0b633eb3334b2e8b1c0817437c03fcd922987c5cf04
Details	sha256	1	aef046b67871076d507019cd87afdaeef602d1d2924b434ec1c165097b781242
Details	sha256	1	4be31095e5f010cc71cf8961f8fe3fc3ed27f8d8788124888a1e90cb90b2bef1
Details	sha256	1	624689a1fd67891be1399811d6008524a506e7e0b262f549f5aa16a119369aef
Details	sha256	1	e3872bb33d8a4629846539eb859340940d14fdcf5b1c002b57c7dfe2adf52f08
Details	Url	1	http://ios-certificate-update.com
Details	Url	1	http://www.wpitcher.com
Details	Url	1	http://techwach.com