号称植入了2000万设备的欺诈后门拓展分析
Tags
attack-pattern: | Data Whois - T1596.002 |
Common Information
Type | Value |
---|---|
UUID | 6d295352-3a8f-46ac-9ca5-86754c242c66 |
Fingerprint | d279a6a97186ea47 |
Analysis status | DONE |
Considered CTI value | 0 |
Text language | |
Published | Oct. 17, 2023, midnight |
Added to db | Dec. 20, 2024, 7:05 a.m. |
Last updated | Dec. 21, 2024, 3:05 a.m. |
Headline | 号称植入了2000万设备的欺诈后门拓展分析 |
Title | 号称植入了2000万设备的欺诈后门拓展分析 |
Detected Hints/Tags/Attributes | 8/1/27 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/59711 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 2 | adc.flyermobi.com |
|
Details | Domain | 4 | cbphe.com |
|
Details | Domain | 3 | flyermobi.com |
|
Details | Domain | 4 | cbpheback.com |
|
Details | Domain | 5 | ycxrl.com |
|
Details | Domain | 2 | dcylog.com |
|
Details | Domain | 2 | apkcar.com |
|
Details | Domain | 2 | ymsdk.apkcar.com |
|
Details | Domain | 2 | humansecurity.com |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 11 | b.dat |
|
Details | File | 3 | v0.ini |
|
Details | File | 2 | 并且其子域名ymex.apk |
|
Details | File | 2 | ymlog.apk |
|
Details | File | 2 | 可以看到ymsdk.apk |
|
Details | File | 4 | human_report_badbox-and-peachpit.pdf |
|
Details | md5 | 2 | e6027f962eaaf7dede8a271166409fe6 |
|
Details | md5 | 2 | f33401aaf64a2dd3ed14e6f441ac83ab |
|
Details | IPv4 | 2 | 128.199.193.15 |
|
Details | IPv4 | 2 | 128.199.97.77 |
|
Details | Url | 2 | http://adc.flyermobi.com/update/update.conf?bdr=xx&rv=x&v=xxx&pk=xxx&tp=generic |
|
Details | Url | 2 | http://adc.flyermobi.com/config/config.conf、http://adc.flyermobi.com/config/config.conf.default来获取广告相关url |
|
Details | Url | 2 | http://128.199.97.77/logs/log.active |
|
Details | Url | 2 | http://adc.flyermobi.com/update/update.conf |
|
Details | Url | 2 | http://ymsdk.apkcar.com/adbu |
|
Details | Url | 1 | https://humansecurity.com/hubfs/human_report_badbox-and-peachpit.pdf |
|
Details | Url | 2 | https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled |