RambleOn Android Spyware (December 2022)
Tags
country: South Korea
attack-pattern: Data Direct Model Call Log - T1636.002 Contact List - T1636.003 Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID ae168a48-9d38-4e38-8f8e-fc4333cc1f9e
Fingerprint 2c29899b81bf2fa9
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 17, 2024, midnight
Added to db Oct. 17, 2024, 10:45 p.m.
Last updated Nov. 17, 2024, 5:54 p.m.
Headline RambleOn Android Spyware (December 2022)
Title RambleOn Android Spyware (December 2022)
Detected Hints/Tags/Attributes 70/2/24
Source URLs
Redirection Url
Details Source https://www.0x0v1.com/rambleon-android-malware-december-2022/
Details Source https://malware.news/t/rambleon-android-spyware-december-2022/87584
URL Provider
Details Provider Source level domain
Details 0x0v1.com www.0x0v1.com
Details malware.news malware.news
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Details 427 [0x0v1] https://www.0x0v1.com/rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
ch.seme.services
Details Domain 4 
com.personal.info
Details Domain 2 
ch.seme.services.constants.cloud
Details Domain 95 
ip-api.com
Details Domain 6 
com.data
Details Domain 2 
pushy.me
Details Domain 2 
com.seme.services
Details Domain 24 
www2.fireeye.com
Details Domain 9 
malshare.com
Details File 2 
1_fizzle.apk
Details File 3 
services.log
Details File 20 
dalvik.sys
Details File 5 
personal.inf
Details File 7 
o.pl
Details File 15 
com.dat
Details File 6 
rpt_apt37.pdf
Details sha256 3 
97d8aed87ec78d975aaff4a63415badf95635616686a7ad4a3257e02b6ca2400
Details sha256 4 
0dadf1240fd097d15dee890d448cfab02d3ef8698bdc44e18f1b5495e500655f
Details sha256 2 
751e67116e71b0a04bce6cabfa748fc105238ed1dd5b7d72f6d3f6301bbcad17
Details Threat Actor Identifier - APT 277 
APT37
Details Url 2 
http://ip-api.com/json/?fields=city
Details Url 3 
https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f
Details Url 6 
https://www2.fireeye.com/rs/848-did-242/images/rpt_apt37.pdf
Details Url 2 
https://malshare.com/.