ioc[.]one - OSINT Cyber Threat Intelligence Database

Interlab 인터랩 | Cyber Threat Report: RambleOn Android Malware

Tags

country:	South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Call Log - T1636.002 Contact List - T1636.003 Email Addresses - T1589.002 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	d1f83707-3856-4a22-849f-83528f080848
Fingerprint	2c29899b81bf2dad
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 30, 2024, midnight
Added to db	Aug. 13, 2023, 1:56 a.m.
Last updated	Nov. 17, 2024, 5:54 p.m.
Headline	UNKNOWN
Title	Interlab 인터랩 \| Cyber Threat Report: RambleOn Android Malware
Detected Hints/Tags/Attributes	75/3/27

Source URLs

	Redirection	Url
Details	Source	https://interlab.or.kr/archives/2567

URL Provider

Details	Provider	Source level domain
Details	interlab.or.kr	interlab.or.kr

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	139	✔	—	https://interlab.or.kr/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	2	ch.seme.services
Details	Domain	4	com.personal.info
Details	Domain	2	ch.seme.services.constants.cloud
Details	Domain	95	ip-api.com
Details	Domain	6	com.data
Details	Domain	2	pushy.me
Details	Domain	2	com.seme.services
Details	Domain	24	www2.fireeye.com
Details	Domain	9	malshare.com
Details	Domain	11	interlab.or.kr
Details	Email	3	contact@interlab.or.kr
Details	File	2	1_fizzle.apk
Details	File	3	services.log
Details	File	20	dalvik.sys
Details	File	5	personal.inf
Details	File	1	seme.log
Details	File	7	o.pl
Details	File	15	com.dat
Details	File	6	rpt_apt37.pdf
Details	sha256	3	97d8aed87ec78d975aaff4a63415badf95635616686a7ad4a3257e02b6ca2400
Details	sha256	4	0dadf1240fd097d15dee890d448cfab02d3ef8698bdc44e18f1b5495e500655f
Details	sha256	2	751e67116e71b0a04bce6cabfa748fc105238ed1dd5b7d72f6d3f6301bbcad17
Details	Threat Actor Identifier - APT	277	APT37
Details	Url	2	http://ip-api.com/json/?fields=city
Details	Url	3	https://medium.com/s2wblog/unveil-the-evolution-of-kimsuky-targeting-android-devices-with-newly-discovered-mobile-malware-280dae5a650f
Details	Url	6	https://www2.fireeye.com/rs/848-did-242/images/rpt_apt37.pdf
Details	Url	2	https://malshare.com/.