号称植入了2000万设备的欺诈后门拓展分析
Tags
attack-pattern: Data Whois - T1596.002
Common Information
Type Value
UUID 6d295352-3a8f-46ac-9ca5-86754c242c66
Fingerprint d279a6a97186ea47
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 17, 2023, midnight
Added to db Dec. 20, 2024, 7:05 a.m.
Last updated Dec. 21, 2024, 3:05 a.m.
Headline 号称植入了2000万设备的欺诈后门拓展分析
Title 号称植入了2000万设备的欺诈后门拓展分析
Detected Hints/Tags/Attributes 8/1/27
Source URLs
Attributes
Details Type #Events CTI Value
Details Domain 2
adc.flyermobi.com
Details Domain 4
cbphe.com
Details Domain 3
flyermobi.com
Details Domain 4
cbpheback.com
Details Domain 5
ycxrl.com
Details Domain 2
dcylog.com
Details Domain 2
apkcar.com
Details Domain 2
ymsdk.apkcar.com
Details Domain 2
humansecurity.com
Details Domain 6752
163.com
Details File 11
b.dat
Details File 3
v0.ini
Details File 2
并且其子域名ymex.apk
Details File 2
ymlog.apk
Details File 2
可以看到ymsdk.apk
Details File 4
human_report_badbox-and-peachpit.pdf
Details md5 2
e6027f962eaaf7dede8a271166409fe6
Details md5 2
f33401aaf64a2dd3ed14e6f441ac83ab
Details IPv4 2
128.199.193.15
Details IPv4 2
128.199.97.77
Details Url 2
http://adc.flyermobi.com/update/update.conf?bdr=xx&rv=x&v=xxx&pk=xxx&tp=generic
Details Url 2
http://adc.flyermobi.com/config/config.conf、http://adc.flyermobi.com/config/config.conf.default来获取广告相关url
Details Url 2
http://128.199.97.77/logs/log.active
Details Url 2
http://adc.flyermobi.com/update/update.conf
Details Url 2
http://ymsdk.apkcar.com/adbu
Details Url 1
https://humansecurity.com/hubfs/human_report_badbox-and-peachpit.pdf
Details Url 2
https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled