ioc[.]one - OSINT Cyber Threat Intelligence Database

Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods

Tags

cmtmf-attack-pattern:	Native Code
country:	Brazil Vietnam
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	5f57b384-5566-48d1-a5b0-117f957d9e8e
Fingerprint	a6901609883526d0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 23, 2024, 10 a.m.
Added to db	Sept. 23, 2024, 12:33 p.m.
Last updated	Oct. 28, 2024, 8:46 p.m.
Headline	How the Necro Trojan infiltrated Google Play, again
Title	Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods
Detected Hints/Tags/Attributes	73/4/54

Source URLs

	Redirection	Url
Details	Source	https://securelist.com/necro-trojan-is-back-on-google-play/113881/

URL Provider

Details	Provider	Source level domain
Details	securelist.com	securelist.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	223	✔	Securelist	https://securelist.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	3	spotiplus.xyz
Details	Domain	3	com.spoti.plus
Details	Domain	6	adoss.spinsok.com
Details	Domain	6	libcoral.so
Details	Domain	3	com.leapzip.animatedstickers.maker.android
Details	Domain	3	bearsplay.com
Details	Domain	4	oad1.azhituo.com
Details	Domain	4	oad1.bearsplay.com
Details	Domain	4	hsa.govsred.buzz
Details	Domain	4	justbigso.com
Details	Domain	4	bear-ad.oss-us-west-1.aliyuncs.com
Details	File	3	spoti.pl
Details	File	7	adoss.spi
Details	File	4	shellp_100.png
Details	File	4	shelle_30.png
Details	md5	4	acb7a06803e6de85986ac49e9c9f69f1
Details	md5	3	F338384C5B4BC7D55681A3532273B4EB
Details	md5	4	1cab7668817f6401eb094a6c8488a90c
Details	md5	4	0898d1a6232699c7ee03dd5e58727ede
Details	md5	4	37404ff6ac229486a1de4b526dd9d9b6
Details	md5	4	fa217ca023cda4f063399107f20bd123
Details	md5	3	402b91c6621b8093d44464fc006e706a
Details	md5	4	ed6c6924201bc779d45f35ccf2e463bb
Details	md5	4	b3ba3749237793d2c06eaaf5263533f2
Details	md5	4	ccde06a19ef586e0124b120db9bf802e
Details	md5	4	36ab434c54cce25d301f2a6f55241205
Details	md5	4	874418d3d1a761875ebc0f60f9573746
Details	md5	4	522d2e2adedc3eb11eb9c4b864ca0c7f
Details	md5	4	30d69aae0bdda56d426759125a59ec23
Details	md5	4	4c2bdfcc0791080d51ca82630213444d
Details	md5	4	4e9bf3e8173a6f3301ae97a3b728f6f1
Details	md5	4	28b8d997d268588125a1be32c91e2b92
Details	md5	4	52a2841c95cfc26887c5c06a29304c84
Details	md5	4	247a0c5ca630b960d51e4524efb16051
Details	md5	4	b69a83a7857e57ba521b1499a0132336
Details	md5	4	1590d5d62a4d97f0b12b5899b9147aea
Details	md5	4	59b44645181f4f0d008c3d6520a9f6f3
Details	md5	4	cfa29649ae630a3564a20bf6fb47b928
Details	md5	4	1eaf43be379927e050126e5a7287eb98
Details	IPv4	3	18.9.40.5
Details	IPv4	8	6.3.2.148
Details	IPv4	7	6.3.6.148
Details	IPv4	11	6.3.7.138
Details	IPv4	3	6.3.5.148
Details	IPv4	3	6.3.4.148
Details	IPv4	3	2.22.63.16
Details	IPv4	4	47.88.246.111
Details	IPv4	4	174.129.61.221
Details	IPv4	4	47.88.245.162
Details	IPv4	4	47.88.190.200
Details	IPv4	4	47.88.3.73
Details	Url	4	https://adoss.spinsok.com/plugin/shellp_100.png.png
Details	Url	3	https://oad1.azhituo.com:9190
Details	Url	4	https://adoss.spinsok.com/plugin/shelle_30.png