Hiding in plain sight: PhantomLance walks into a market
Tags
| country: | Algeria Bangladesh Malaysia China Nepal India Indonesia Myanmar Vietnam U.S. Virgin Islands |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Model Domains - T1583.001 Domains - T1584.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 886eb093-287b-4f65-8d4f-07d8886cb0cd |
| Fingerprint | ac2d118b88be2651 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 28, 2020, 3 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 8, 2024, 12:42 a.m. |
| Headline | Hiding in plain sight: PhantomLance walks into a market |
| Title | Hiding in plain sight: PhantomLance walks into a market |
| Detected Hints/Tags/Attributes | 83/3/123 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://securelist.com/apt-phantomlance/96772/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 338 | kaspersky.com |
|
| Details | Domain | 1 | com.android.play.games |
|
| Details | Domain | 3 | com.google.android.play.games |
|
| Details | Domain | 1 | cloud.anofrio.com |
|
| Details | Domain | 1 | video.viodger.com |
|
| Details | Domain | 1 | api.anaehler.com |
|
| Details | Domain | 188 | com.android |
|
| Details | Domain | 1 | com.luxury |
|
| Details | Domain | 1 | apkcombo.com |
|
| Details | Domain | 1 | apk.support |
|
| Details | Domain | 4 | apkpure.com |
|
| Details | Domain | 1 | apkpourandroid.com |
|
| Details | Domain | 1 | androidappsapk.co |
|
| Details | Domain | 1 | apkpure.ai |
|
| Details | Domain | 1 | osloger.biz |
|
| Details | Domain | 1 | log4jv.info |
|
| Details | Domain | 1 | sqllitlever.info |
|
| Details | Domain | 1 | anofrio.com |
|
| Details | Domain | 1 | anaehler.com |
|
| Details | Domain | 1 | viodger.com |
|
| Details | Domain | 2 | browsersyn.com |
|
| Details | Domain | 1 | cerisecaird.com |
|
| Details | Domain | 1 | bulknewsexpress.news |
|
| Details | Domain | 1 | www.tin247.com |
|
| Details | Domain | 7 | www.antiy.net |
|
| Details | Domain | 1 | download.com.vn |
|
| Details | Domain | 1 | nhaccuatui.android.zyngacdn.com |
|
| Details | Domain | 30 | www.mediafire.com |
|
| Details | Domain | 1 | download1825.mediafire.com |
|
| Details | Domain | 1 | mine.remaariegarcia.com |
|
| Details | Domain | 1 | egg.stralisemariegar.com |
|
| Details | Domain | 1 | sadma.knrowz.com |
|
| Details | Domain | 1 | ckoen.dmkatti.com |
|
| Details | Domain | 1 | itpk.mostmkru.com |
|
| Details | Domain | 3 | ssl.arkouthrie.com |
|
| Details | Domain | 3 | s3.hiahornber.com |
|
| Details | Domain | 3 | widget.shoreoa.com |
|
| Details | Domain | 1 | ps.andreagahuvrauvin.com |
|
| Details | Domain | 1 | paste.christienollmache.xyz |
|
| Details | Domain | 1 | att.illagedrivestralia.xyz |
|
| Details | Domain | 1 | trojan.androidos.agent.eu |
|
| Details | Domain | 1 | trojan.androidos.agent.vg |
|
| Details | Domain | 1 | term.ursulapaulet.com |
|
| Details | Domain | 1 | inc.graceneufville.com |
|
| Details | Domain | 1 | log.osloger.biz |
|
| Details | Domain | 1 | file.log4jv.info |
|
| Details | Domain | 1 | news.sqllitlever.info |
|
| Details | Domain | 1 | us.jaxonsorensen.club |
|
| Details | Domain | 1 | staff.kristianfiedler.club |
|
| Details | Domain | 1 | bit.catalinabonami.com |
|
| Details | Domain | 1 | hr.halettebiermann.com |
|
| Details | Domain | 1 | cyn.ettebiermahalet.com |
|
| Details | Domain | 1 | mtk.baimind.com |
|
| Details | Domain | 2 | ming.chujong.com |
|
| Details | Domain | 2 | mokkha.goongnam.com |
|
| Details | Domain | 1 | aki.viperse.com |
|
| Details | Domain | 1 | game2015.net |
|
| Details | Domain | 1 | taiphanmemfacebookmoi.info |
|
| Details | Domain | 1 | quam.viperse.com |
|
| Details | Domain | 1 | jang.goongnam.com |
|
| Details | 147 | intelreports@kaspersky.com |
||
| Details | File | 3 | android.pl |
|
| Details | File | 1 | data.raw |
|
| Details | File | 8 | file.log |
|
| Details | File | 1 | news.sql |
|
| Details | md5 | 1 | 2e06bbc26611305b28b40349a600f95c |
|
| Details | md5 | 1 | 65d399e6a77acf7e63ba771877f96f8e |
|
| Details | md5 | 1 | 6bf9b834d841b13348851f2dc033773e |
|
| Details | md5 | 1 | 8d5c64fdaae76bb74831c0543a7865c3 |
|
| Details | md5 | 1 | 3285ae59877c6241200f784b62531694 |
|
| Details | md5 | 1 | e648a2cc826707aec33208408b882e31 |
|
| Details | md5 | 1 | 83cd59e3ed1ba15f7a8cadfe9183e156 |
|
| Details | md5 | 1 | 7048d56d923e049ca7f3d97fb5ba9812 |
|
| Details | md5 | 1 | c399d93146f3d12feb32da23b75304ba |
|
| Details | md5 | 1 | 243e2c6433815f2ecc204ada4821e7d6 |
|
| Details | md5 | 1 | b1990e19efaf88206f7bffe9df0d9419 |
|
| Details | md5 | 1 | 0e7c2adda3bc65242a365ef72b91f3a8 |
|
| Details | md5 | 1 | 306d3ed0a7c899b5ef9d0e3c91f05193 |
|
| Details | md5 | 1 | 0d5c03da348dce513bf575545493f3e3 |
|
| Details | md5 | 1 | d1eb52ef6c2445c848157beaba54044f |
|
| Details | md5 | 1 | 51f9a7d4263b3a565dec7083ca00340f |
|
| Details | md5 | 1 | a795f662d10040728e916e1fd7570c1d |
|
| Details | md5 | 1 | d23472f47833049034011cad68958b46 |
|
| Details | md5 | 1 | 8b35b3956078fc28e5709c5439e4dcb0 |
|
| Details | md5 | 1 | af44bb0dd464680395230ade0d6414cd |
|
| Details | md5 | 1 | 79f06cb9281177a51278b2a33090c867 |
|
| Details | md5 | 1 | b107c35b4ca3e549bdf102de918749ba |
|
| Details | md5 | 1 | 83c423c36ecda310375e8a1f4348a35e |
|
| Details | md5 | 1 | 94a3ca93f1500b5bd7fd020569e46589 |
|
| Details | md5 | 1 | 54777021c34b0aed226145fde8424991 |
|
| Details | md5 | 1 | 872a3dd2cd5e01633b57fa5b9ac4648d |
|
| Details | md5 | 1 | a330456d7ca25c88060dc158049f3298 |
|
| Details | md5 | 1 | a097b8d49386c8aab0bb38bbfdf315b2 |
|
| Details | md5 | 1 | 7285f44fa75c3c7a27bbb4870fc0cdca |
|
| Details | md5 | 1 | b4706f171cf98742413d642b6ae728dc |
|
| Details | md5 | 1 | 8008bedaaebc1284b1b834c5fd9a7a71 |
|
| Details | md5 | 1 | 0e7b59b601a1c7ecd6f2f54b5cd8416a |
|
| Details | md5 | 1 | 50bfd62721b4f3813c2d20b59642f022 |
|
| Details | md5 | 1 | 5079cb166df41233a1017d5e0150c17a |
|
| Details | md5 | 1 | 810ef71bb52ea5c3cfe58b8e003520dc |
|
| Details | md5 | 1 | c630ab7b51f0c0fa38a4a0f45c793e24 |
|
| Details | md5 | 1 | ce5bae8714ddfca9eb3bb24ee60f042d |
|
| Details | md5 | 1 | d61c18e577cfc046a6252775da12294f |
|
| Details | md5 | 1 | fe15c0eacdbf5a46bc9b2af9c551f86a |
|
| Details | md5 | 1 | 07e01c2fa020724887fc39e5c97eccee |
|
| Details | md5 | 1 | 2e49775599942815ab84d9de13e338b3 |
|
| Details | md5 | 1 | 315f8e3da94920248676b095786e26ad |
|
| Details | md5 | 1 | 641f0cc057e2ab43f5444c5547e80976 |
|
| Details | IPv4 | 1 | 188.166.203.57 |
|
| Details | IPv4 | 1 | 113.171.224.175 |
|
| Details | Url | 1 | https://apkcombo.com |
|
| Details | Url | 1 | https://apk.support |
|
| Details | Url | 2 | https://apkpure.com |
|
| Details | Url | 1 | https://apkpourandroid.com |
|
| Details | Url | 1 | https://androidappsapk.co/detail-cham-soc-be-yeu-babycare |
|
| Details | Url | 1 | https://apkpure.ai/ads-skipper |
|
| Details | Url | 1 | https://apk.support/app-en/com.codedexon.churchaddress |
|
| Details | Url | 1 | https://www.antiy.net/p/analysis-of-the-attack-of-mobile-devices-by-oceanlotus |
|
| Details | Url | 1 | http://download.com.vn/android/download/nhaccuatui-downloader/31798 |
|
| Details | Url | 1 | http://113.171.224.175/videoplayer/nhaccuatuidownloader.apk |
|
| Details | Url | 1 | http://nhaccuatui.android.zyngacdn.com/nhaccuatuidownloader.apk |
|
| Details | Url | 1 | http://www.mediafire.com/file/1elber8zl34tag4/framaroot-xpro.apk |
|
| Details | Url | 1 | http://download1825.mediafire.com/tyxddh46orzg/1elber8zl34tag4/framaroot-xpro.apk |