ioc[.]one - OSINT Cyber Threat Intelligence Database

Deep Analysis of SecretCalls, A formidable app for notorious Korean financial fraudsters (Part 2)

Tags

cmtmf-attack-pattern:	Data Manipulation
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Model Archive Collected Data - T1560 Archive Collected Data - T1532 Audio Capture - T1429 Call Control - T1616 Call Log - T1636.002 Contact List - T1636.003 Data Manipulation - T1641 Data Manipulation - T1565 Dead Drop Resolver - T1102.001 Dead Drop Resolver - T1481.001 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Hardware - T1592.001 Input Injection - T1516 System Network Configuration Discovery - T1422 System Information Discovery - T1426 Native Api - T1575 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Checks - T1633.001 System Checks - T1497.001 Web Protocols - T1071.001 Web Protocols - T1437.001 Video Capture - T1512 Audio Capture - T1123 Execution Through Api - T1106 File And Directory Discovery - T1083 File Deletion - T1107 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Video Capture - T1125

Show in Graph

Common Information

Type	Value
UUID	3dbad01b-18e1-43d3-b45a-e24051144208
Fingerprint	fcfcacd18842af83
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 30, 2024, 12:59 p.m.
Added to db	Aug. 31, 2024, 8:07 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Deep Analysis of SecretCalls, A formidable app for notorious Korean financial fraudsters (Part 2)
Title	Deep Analysis of SecretCalls, A formidable app for notorious Korean financial fraudsters (Part 2)
Detected Hints/Tags/Attributes	93/3/64

Source URLs

	Redirection	Url
Details	Source	https://medium.com/s2wblog/deep-analysis-of-secretcalls-a-formidable-app-for-notorious-korean-financial-fraudsters-part-2-ec0aeb33db5c?source=rss-b408bb1e7c46------2

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	220	✔	Stories by S2W on Medium	https://s2w.medium.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	52	socket.io
Details	File	816	index.html
Details	File	2	cfuvdw.apk
Details	File	16	com.ps
Details	md5	1	245f0704e508798f3a8ebd22439ae109
Details	md5	1	a7140192e82152cbe061a772af68c792
Details	md5	1	b3f07117bf70fceaadbf5188392459b3
Details	md5	1	19ac36eb407243e6363dff21ea786cd1
Details	md5	1	97e186a374dcfe963ddc5e4dbdc5168b
Details	md5	1	1239cfabdf85a8645c0505583ea2f935
Details	md5	1	b9eb29d572032a36cf4f7818a08a6245
Details	md5	1	c95f7d05fac5cbe9de4e720b980af678
Details	md5	1	d749bcdcad3d9de6d0745b5017fda655
Details	md5	1	3758b3aca94f26634ee9280d8048d87b
Details	md5	1	228c35d9010e8566cb1cd4335c68189f
Details	md5	1	071e116186b0534a200857838e7c8ff7
Details	md5	1	1c382e85d013f43b313ffc175a74c812
Details	md5	1	e93b0bfd7adcc9caa83a65dbf96bb358
Details	md5	1	119fc51520b1a4c2b56b79a74e722242
Details	md5	1	2e2ac47e32bcfae36d462def52f2dc7b
Details	md5	1	1095f3ef59b9ea77fc227fd4b6cf1791
Details	sha1	1	5e061999554c0d9a9c63acc41e7d5c5c17381dc1
Details	sha1	2	e24292b5d840671519b87cb076f9ced4f39191c5
Details	sha256	1	20dacca08ce674d94e865079b3e1906a992d394d6d99ec284ffb69d449a5d946
Details	sha256	1	19c91abe816a478318966de18f73a9f32674406f036d6fe263c56ff6ab38d1e1
Details	sha256	1	317490df1812e009b6b025248ebb549d18f3adedc5e561074964855c4a968afb
Details	sha256	1	7803842c706db82cffbc1a7ff0ba092bf85c85a5c4e975c84c093dab4f617440
Details	sha256	1	7531a3cec5bf3f957b7dcdbbd17095418c54cd490a08c6d524428b3be3c31076
Details	sha256	1	2a650fe765b2aef1f4d2c085b6cd0c8d889811b43bab5d0ce5a29152c1c2bf5b
Details	sha256	1	addee9520b41971a16a75eb5db43f1743e23b9b1aa87ddd683a5a62d97273df1
Details	sha256	1	9a5e2a4bb1b0433d3c45dc257d98f42476b235c56a212d67aaeae167a8b18d0a
Details	sha256	1	fc4321a2a25678515c77b2f461774af681b68eb6d2ec45c5b07399dda40217c3
Details	sha256	1	baa5e0d0397dc44c417937d08a21fb12dd570606bf7b01840a967600dff9520a
Details	sha256	1	c97037b48760e802c9969d15c729c822aeeaf9a2c6367bcf0045a0747fbaa632
Details	sha256	1	6b57881574ebdbe7bc31134b8939bdc3c4d443bc110f6652a566e08deb55e7a2
Details	sha256	1	bbca69e2ae69ae051008ca4c21f0d4ba7ec28dd4682aba984e1e42dca052b468
Details	sha256	1	134dcf8274e3ba2d185493e2b03afa9ed87b8fa39f3ecb044e4ad0acec402373
Details	sha256	1	2b269a26faeed131775eeb80a00a9a96a8e6edfbf8dc033ee8110ddf757843a7
Details	sha256	1	ed34f8b694e181472d32df4231aa3db6f5462e146005f122ec20175eaec60819
Details	sha256	1	5e9f365ba339aa1a7c0435c7e03065fc9c002d6f904c5f8bda5edce268a99a7d
Details	IPv4	1441	127.0.0.1
Details	IPv4	1	154.19.69.75
Details	IPv4	1	149.104.49.49
Details	IPv4	1	183.111.122.124
Details	MITRE ATT&CK Techniques	17	T1660
Details	MITRE ATT&CK Techniques	6	T1633.001
Details	MITRE ATT&CK Techniques	7	T1630.002
Details	MITRE ATT&CK Techniques	14	T1575
Details	MITRE ATT&CK Techniques	25	T1426
Details	MITRE ATT&CK Techniques	13	T1422
Details	MITRE ATT&CK Techniques	16	T1420
Details	MITRE ATT&CK Techniques	10	T1532
Details	MITRE ATT&CK Techniques	22	T1429
Details	MITRE ATT&CK Techniques	12	T1636.002
Details	MITRE ATT&CK Techniques	17	T1636.003
Details	MITRE ATT&CK Techniques	17	T1636.004
Details	MITRE ATT&CK Techniques	10	T1512
Details	MITRE ATT&CK Techniques	17	T1437.001
Details	MITRE ATT&CK Techniques	3	T1521.001
Details	MITRE ATT&CK Techniques	2	T1481.001
Details	MITRE ATT&CK Techniques	10	T1616
Details	MITRE ATT&CK Techniques	15	T1516
Details	Url	2	https://www.blackhat.com/asia-24/briefings/schedule/index.html#voice
Details	Url	1	http://127.0.0.1/a3bh3/vdc5