Arid Viper poisons Android apps with AridSpy
Tags
cmtmf-attack-pattern: Event Triggered Execution Location Tracking Masquerading Obfuscated Files Or Information
country: Egypt Argentina Qatar
maec-delivery-vectors: Watering Hole
attack-pattern: Data Model Access Notifications - T1517 Broadcast Receivers - T1402 Software Discovery - T1418 Archive Collected Data - T1560 Archive Collected Data - T1532 Audio Capture - T1429 Boot Or Logon Initialization Scripts - T1398 Broadcast Receivers - T1624.001 Clipboard Data - T1414 Contact List - T1636.003 Data From Local System - T1533 Download New Code At Runtime - T1407 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 Input Capture - T1417 Javascript - T1059.007 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 Location Tracking - T1430 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Obfuscated Files Or Information - T1406 System Information Discovery - T1426 One-Way Communication - T1102.003 One-Way Communication - T1481.003 Phishing - T1660 Phishing - T1566 Protected User Data - T1636 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Software - T1592.002 Software Discovery - T1518 Web Service - T1481 Video Capture - T1512 Tool - T1588.002 Audio Capture - T1123 Logon Scripts - T1037 Clipboard Data - T1115 Data From Local System - T1005 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Input Capture - T1056 Masquerading - T1036 Obfuscated Files Or Information - T1027 Security Software Discovery - T1063 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Web Service - T1102 Video Capture - T1125 Masquerading
Show in Graph
Common Information
Type Value
UUID 5d3d51b1-a1b3-4082-8718-c4ebd7178fd5
Fingerprint ac8cac71c93007eb
Analysis status DONE
Considered CTI value 1
Text language
Published June 13, 2024, midnight
Added to db Aug. 30, 2024, 11:42 p.m.
Last updated Nov. 17, 2024, 6:30 p.m.
Headline Arid Viper poisons Android apps with AridSpy
Title Arid Viper poisons Android apps with AridSpy
Detected Hints/Tags/Attributes 124/4/89
Source URLs
Redirection Url
Details Source https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/
URL Provider
Details Provider Source level domain
Details welivesecurity.com www.welivesecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 33 WeLiveSecurity https://blog.eset.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
lapizachat.com
Details Domain 1 
reblychat.com
Details Domain 1 
nortirchats.com
Details Domain 1 
pariberychat.com
Details Domain 1 
renatchat.com
Details Domain 1 
clemochat.com
Details Domain 1 
voevanil.com
Details Domain 1 
palcivilreg.com
Details Domain 1 
zezsoft.wuaze.com
Details Domain 1 
almoshell.website
Details Domain 1 
com.bitdefender.security
Details Domain 4 
com.avast.android
Details Domain 2 
com.avira.android
Details Domain 4 
com.kms.free
Details Domain 2 
com.eset.ems2.gp
Details Domain 2 
com.drweb.pro
Details Domain 1 
com.quickheal.platform.advance.blue.market
Details Domain 1 
com.maxdevlab.cleaner.security
Details Domain 1 
com.guardian.security
Details Domain 2 
com.qihoo.security
Details Domain 1 
com.jb.security
Details Domain 27 
com.microsoft
Details Domain 1 
com.lacoon.security.fox
Details Domain 1 
com.sophos.mobilecontrol.client.android
Details Domain 1 
com.wandera.android
Details Domain 21 
data.zip
Details Domain 1 
androidd.com
Details Domain 14 
com.sec.android
Details Domain 1 
com.weather.services
Details Domain 1 
com.studio.manager.app
Details Domain 19 
com.app
Details Domain 1 
com.services.android
Details Domain 114 
eset.com
Details Domain 3 
com.chat
Details Domain 1 
gameservicesplay.com
Details Domain 1 
crashstoreplayer.website
Details Domain 1 
proj3-1e67a.firebaseio.com
Details Domain 1 
proj-95dae.firebaseio.com
Details Domain 1 
proj-2bedf.firebaseio.com
Details Domain 1 
proj-54ca0.firebaseio.com
Details Domain 1 
project44-5ebbd.firebaseio.com
Details Domain 1 
www.palcivilreg.com
Details Domain 1 
analyticsandroid.com
Details Domain 1 
orientflags.com
Details Domain 1 
elsilvercloud.com
Details Domain 1 
www.lapizachat.com
Details Domain 1 
alwaysgoodidea.com
Details Domain 1 
ultraversion.com
Details Email 69 
threatintel@eset.com
Details File 2 
myscript.js
Details File 47 
api.php
Details File 1 
lapizachat.apk
Details File 1 
lapizachat_old.apk
Details File 1 
nortirchat_old.apk
Details File 1 
nortirchat.apk
Details File 1 
reblychat.apk
Details File 1 
reblychat-old.apk
Details File 5 
com.avi
Details File 1 
quickheal.pl
Details File 11 
com.max
Details File 16 
com.ps
Details File 1 
zimperium.zip
Details File 18 
data.zip
Details File 2 
androidmanifext.xml
Details File 5 
wa.db
Details File 9 
msgstore.db
Details File 1 
_father.zip
Details File 6 
update.sys
Details File 1 
rebly.apk
Details File 11 
app.apk
Details File 1 
lapiza.apk
Details File 1 
workapp.apk
Details File 1 
ring.apk
Details File 1 
civilpal.apk
Details File 5 
update.apk
Details IPv4 1 
23.106.223.54
Details IPv4 2 
23.106.223.135
Details IPv4 1 
23.254.130.97
Details IPv4 1 
35.190.39.113
Details IPv4 1 
45.87.81.169
Details IPv4 2 
64.44.102.198
Details IPv4 2 
66.29.141.173
Details IPv4 1 
68.65.121.90
Details IPv4 2 
68.65.121.120
Details IPv4 2 
68.65.122.94
Details IPv4 2 
162.0.224.52
Details IPv4 2 
198.187.31.161
Details IPv4 2 
199.192.25.241
Details Threat Actor Identifier - APT-C 79 
APT-C-23