号称植入了2000万设备的欺诈后门拓展分析
Tags
attack-pattern: Data Whois - T1596.002
Common Information
Type Value
UUID d3a41039-0c81-4f05-884d-2fe0276319b0
Fingerprint e8f9ba3cbd421247
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 17, 2023, midnight
Added to db Nov. 20, 2023, 12:37 a.m.
Last updated Dec. 20, 2024, 7:08 a.m.
Headline 号称植入了2000万设备的欺诈后门拓展分析
Title 号称植入了2000万设备的欺诈后门拓展分析
Detected Hints/Tags/Attributes 9/1/23
RSS Feed
Attributes
Details Type #Events CTI Value
Details Domain 2
adc.flyermobi.com
Details Domain 4
cbphe.com
Details Domain 3
flyermobi.com
Details Domain 4
cbpheback.com
Details Domain 5
ycxrl.com
Details Domain 2
dcylog.com
Details Domain 2
apkcar.com
Details Domain 2
ymsdk.apkcar.com
Details File 11
b.dat
Details File 3
v0.ini
Details File 2
并且其子域名ymex.apk
Details File 2
ymlog.apk
Details File 2
可以看到ymsdk.apk
Details md5 2
e6027f962eaaf7dede8a271166409fe6
Details md5 2
f33401aaf64a2dd3ed14e6f441ac83ab
Details IPv4 2
128.199.193.15
Details IPv4 2
128.199.97.77
Details Url 2
http://adc.flyermobi.com/update/update.conf?bdr=xx&rv=x&v=xxx&pk=xxx&tp=generic
Details Url 2
http://adc.flyermobi.com/config/config.conf、http://adc.flyermobi.com/config/config.conf.default来获取广告相关url
Details Url 2
http://128.199.97.77/logs/log.active
Details Url 2
http://adc.flyermobi.com/update/update.conf
Details Url 2
http://ymsdk.apkcar.com/adbu
Details Url 2
https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled