ioc[.]one - OSINT Cyber Threat Intelligence Database

VajraSpy: A Patchwork of espionage apps

Tags

cmtmf-attack-pattern:	Application Layer Protocol Data Manipulation Location Tracking
country:	Malaysia India Pakistan
attack-pattern:	Data Access Notifications - T1517 Software Discovery - T1418 Application Layer Protocol - T1437 Audio Capture - T1429 Boot Or Logon Initialization Scripts - T1398 Contact List - T1636.003 Data From Local System - T1533 Data Manipulation - T1641 Data Manipulation - T1565 Domains - T1583.001 Domains - T1584.001 Exfiltration Over C2 Channel - T1646 File And Directory Discovery - T1420 Input Capture - T1417 Keylogging - T1056.001 Keylogging - T1417.001 System Network Configuration Discovery - T1422 Location Tracking - T1430 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 One-Way Communication - T1102.003 One-Way Communication - T1481.003 Protected User Data - T1636 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Social Media Accounts - T1585.001 Social Media Accounts - T1586.001 Software Discovery - T1518 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Service - T1481 Video Capture - T1512 Trap - T1546.005 Standard Application Layer Protocol - T1071 Audio Capture - T1123 Logon Scripts - T1037 Data From Local System - T1005 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Input Capture - T1056 System Information Discovery - T1082 System Network Configuration Discovery - T1016 Web Service - T1102 Video Capture - T1125 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	a7e37f29-bc68-4761-98d6-ca8704fbb960
Fingerprint	8c089c01803365e3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 1, 2024, midnight
Added to db	Oct. 1, 2024, 1:05 p.m.
Last updated	Nov. 9, 2024, 6:09 a.m.
Headline	VajraSpy: A Patchwork of espionage apps
Title	VajraSpy: A Patchwork of espionage apps
Detected Hints/Tags/Attributes	93/3/47

Source URLs

	Redirection	Url
Details	Redirection	https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps
Details	Source	https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	fich.buzz
Details	Domain	114	eset.com
Details	Domain	1	com.hello.chat
Details	Domain	1	com.chit.chat
Details	Domain	1	com.meeete.org
Details	Domain	1	com.nidus.no
Details	Domain	1	com.rafaqat.news
Details	Domain	1	com.tik.talk
Details	Domain	1	com.wave.chat
Details	Domain	1	com.priv.talk
Details	Domain	1	com.letsm.chat
Details	Domain	1	com.nionio.org
Details	Domain	1	com.qqc.chat
Details	Domain	1	com.yoho.talk
Details	Domain	1	hello-chat-c47ad-default-rtdb.firebaseio.com
Details	Domain	1	chit-chat-e9053-default-rtdb.firebaseio.com
Details	Domain	1	meetme-abc03-default-rtdb.firebaseio.com
Details	Domain	1	chatapp-6b96e-default-rtdb.firebaseio.com
Details	Domain	1	tiktalk-2fc98-default-rtdb.firebaseio.com
Details	Domain	1	wave-chat-e52fe-default-rtdb.firebaseio.com
Details	Domain	1	privchat-6cc58-default-rtdb.firebaseio.com
Details	Domain	1	glowchat-33103-default-rtdb.firebaseio.com
Details	Domain	1	letschat-5d5e3-default-rtdb.firebaseio.com
Details	Domain	1	quick-chat-1d242-default-rtdb.firebaseio.com
Details	Domain	1	yooho-c3345-default-rtdb.firebaseio.com
Details	Domain	1	rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app
Details	Email	69	threatintel@eset.com
Details	File	6	com.wav
Details	sha1	1	881541a1104aedc7cee504723bd5f63e15db6420
Details	sha1	1	baf6583c54fc680aa6f71f3b694e71657a7a99d0
Details	sha1	1	846b83b7324dfe2b98264bafac24f15fd83c4115
Details	sha1	1	5cfb6cf074ff729e544a65f2bcfe50814e4e1bd8
Details	sha1	1	1b61dc3c2d2c222f92b84242f6fcb917d4bc5a61
Details	sha1	1	bcd639806a143bd52f0c3892fa58050e0eeef401
Details	sha1	1	137ba80e443610d9d733c160ccdb9870f3792fb8
Details	sha1	1	5f860d5201f9330291f25501505ebab18f55f8da
Details	sha1	1	3b27a62d77c5b82e7e6902632da3a3e5ef98e743
Details	sha1	1	44e8f9d0cd935d0411b85409e146acd10c80bf09
Details	sha1	1	94dc9311b53c5d9cc5c40cd943c83b71bd75b18a
Details	sha1	1	e0d73c035966c02df7bce66e6ce24e016607e62e
Details	sha1	1	235897bcb9c14eb159e4e74de2bc952b3ad5b63a
Details	sha1	1	8ab01840972223b314bf3c9d9ed3389b420f717f
Details	IPv4	2	34.120.160.131
Details	IPv4	1	35.186.236.207
Details	IPv4	1	160.20.147.67
Details	Threat Actor Identifier - APT-C	7	APT-C-52
Details	Threat Actor Identifier - APT-Q	3	APT-Q-43