ioc[.]one - OSINT Cyber Threat Intelligence Database

Fake AV Investigation Unearths KevDroid, New Android Malware

Tags

country:	China
attack-pattern:	Data Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	828a7c53-59be-4bfa-972e-3db4616d6ae5
Fingerprint	bd343b998f330787
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 2, 2018, 11:48 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 5:55 p.m.
Headline	Vulnerability Information
Title	Fake AV Investigation Unearths KevDroid, New Android Malware
Detected Hints/Tags/Attributes	66/2/34

Source URLs

	Redirection	Url
Details	Source	https://blog.talosintelligence.com/2018/04/fake-av-investigation-unearths-kevdroid.html

URL Provider

Details	Provider	Source level domain
Details	talosintelligence.com	blog.talosintelligence.com

Attributes

Details	Type	#Events	Value
Details	CVE	4	cve-2015-3636
Details	CVE	375	cve-2017-11882
Details	Domain	3	cgalim.com
Details	Domain	3	ebsmpi.com
Details	Domain	4	ps.pndsn.com
Details	Domain	904	snort.org
Details	File	18	1.apk
Details	File	3	hr.doc
Details	File	29	5.exe
Details	File	2	desktops.ini
Details	File	2	tmp0120.ini
Details	File	2	bitcoin-trans.doc
Details	File	2	pu.php
Details	File	2	servlet.exe
Details	File	4	360ts_setup_mini.exe
Details	sha256	2	f33aedfe5ebc918f5489e1f8a9fe19b160f112726e7ac2687e429695723bca6a
Details	sha256	2	c015292aab1d41acd0674c98cd8e91379c1a645c31da24f8d017722d9b942235
Details	sha256	2	dd3f5ad44a80e7872e826869d270cbd5c0dc4efafff6c958bd1350ce1db973eb
Details	sha256	2	7a82cc0330e8974545d5a8cdca95b8d87250224aabc6a4f75a08dddaebb79670
Details	sha256	2	90abfe3e4f21b5a16cd1ff3c485f079f73f5e7bbaca816917204858bb08007fc
Details	sha256	2	d24d1b667829db9871080b97516dbe2e93ffaa3ac6fb0a4050a7616016c10d32
Details	sha256	2	86887ce368d9a3e7fdf9aa62418cd68daeea62269d17afb059ab64201047e378
Details	sha256	2	9ff7240c77fca939cde0eb1ffe7f6425c4dcfde2cdd1027dde6d07386c17f878
Details	sha256	2	4cb16189f52a428a49916a8b533fdebf0fe95970b4066ce235777d3e95bff95b
Details	sha256	2	6b1f2dfe805fa0e27139c5a4840042599262dbbf4511a118d3fba3d4ec35f2d7
Details	Url	3	http://cgalim.com/admin/hr/1.apk
Details	Url	3	http://cgalim.com/admin/hr/hr.doc
Details	Url	3	http://ebsmpi.com/ipin/360/ant_4.5.exe
Details	Url	3	http://ebsmpi.com/ipin/360/ant_3.5.exe
Details	Url	3	http://ebsmpi.com/ipin/360/desktops.ini
Details	Url	2	http://cgalim.com/admin/1211me/ant_4.5.exe
Details	Url	2	http://cgalim.com/admin/1211me/ant_3.5.exe
Details	Url	2	http://cgalim.com/admin/1211me/desktops.ini
Details	Url	2	http://cgalim.com/admin/hr/pu/pu.php