XLoader Disguises as Android Apps, Has FakeSpy Links
Tags
| cmtmf-attack-pattern: | Native Code |
| country: | Japan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | df18fcd7-55d6-4ef3-8778-23d8aecfe2a5 |
| Fingerprint | 84955909d87fff49 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 2, 2019, midnight |
| Added to db | Oct. 15, 2024, 5:27 p.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | XLoader Disguises as Android Apps, Has FakeSpy Links |
| Title | XLoader Disguises as Android Apps, Has FakeSpy Links |
| Detected Hints/Tags/Attributes | 52/4/87 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | apple-icloud.qwq-japan.com |
|
| Details | Domain | 1 | apple-icloud.zqo-japan.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 17 | jp.co |
|
| Details | Domain | 1 | apple-icloud.qwe-japan.com |
|
| Details | Domain | 1 | files.spamo.jp |
|
| Details | Domain | 1 | mailsa-qae.com |
|
| Details | Domain | 1 | mailsa-qaf.com |
|
| Details | Domain | 1 | mailsa-qau.com |
|
| Details | Domain | 1 | mailsa-qaw.com |
|
| Details | Domain | 1 | mailsa-wqe.com |
|
| Details | Domain | 1 | mailsa-wqo.com |
|
| Details | Domain | 1 | mailsa-wqp.com |
|
| Details | Domain | 1 | mailsa-wqq.com |
|
| Details | Domain | 1 | mailsa-wqu.com |
|
| Details | Domain | 1 | mailsa-wqw.com |
|
| Details | Domain | 1 | nttdocomo-qae.com |
|
| Details | Domain | 1 | nttdocomo-qaq.com |
|
| Details | Domain | 1 | nttdocomo-qar.com |
|
| Details | Domain | 1 | nttdocomo-qat.com |
|
| Details | Domain | 1 | nttdocomo-qaw.com |
|
| Details | Domain | 1 | sagawa-reg.com |
|
| Details | Domain | 1 | www.711231.com |
|
| Details | Domain | 1 | www.759383.com |
|
| Details | Domain | 1 | www.923525.com |
|
| Details | Domain | 1 | www.923915.com |
|
| Details | Domain | 1 | www.975685.com |
|
| Details | Domain | 165 | www.instagram.com |
|
| Details | Domain | 1 | mainsheetgyam.tumblr.com |
|
| Details | Domain | 1 | hormonaljgrj.tumblr.com |
|
| Details | Domain | 1 | globalanab.tumblr.com |
|
| Details | File | 1 | 佐川急便.apk |
|
| Details | File | 1 | mainsheetgyam.tum |
|
| Details | File | 1 | hormonaljgrj.tum |
|
| Details | File | 1 | globalanab.tum |
|
| Details | sha256 | 1 | 332e68d865009d627343b89a5744843e3fde4ae870193f36b82980363439a425 |
|
| Details | sha256 | 1 | 403401aa71df1830d294b78de0e5e867ee3738568369c48ffafe1b15f3145588 |
|
| Details | sha256 | 1 | 466dafa82a4460dcad722d2ad9b8ca332e9a896fc59f06e16ebe981ad3838a6b |
|
| Details | sha256 | 1 | 5022495104c280286e65184e3164f3f248356d065ad76acef48ee2ce244ffdc8 |
|
| Details | sha256 | 1 | a0f3df39d20c4eaa410a61a527507dbc6b17c7f974f76e13181e98225bda0511 |
|
| Details | sha256 | 1 | cb412b9a26c1e51ece7a0e6f98f085e1c27aa0251172bf0a361eb5d1165307f7 |
|
| Details | IPv4 | 1 | 38.27.99.11 |
|
| Details | IPv4 | 1 | 104.160.191.190 |
|
| Details | IPv4 | 1 | 61.230.204.87 |
|
| Details | IPv4 | 1 | 61.230.205.122 |
|
| Details | IPv4 | 1 | 61.230.205.132 |
|
| Details | Url | 1 | http://apple-icloud.qwq-japan.com |
|
| Details | Url | 1 | http://apple-icloud.zqo-japan.com |
|
| Details | Url | 1 | https://twitter.com/fdgoer343 |
|
| Details | Url | 1 | http://38.27.99.11/xvideo |
|
| Details | Url | 1 | http://apple-icloud.qwe-japan.com |
|
| Details | Url | 1 | http://files.spamo.jp/佐川急便.apk |
|
| Details | Url | 1 | http://mailsa-qae.com |
|
| Details | Url | 1 | http://mailsa-qaf.com |
|
| Details | Url | 1 | http://mailsa-qau.com |
|
| Details | Url | 1 | http://mailsa-qaw.com |
|
| Details | Url | 1 | http://mailsa-wqe.com |
|
| Details | Url | 1 | http://mailsa-wqo.com |
|
| Details | Url | 1 | http://mailsa-wqp.com |
|
| Details | Url | 1 | http://mailsa-wqq.com |
|
| Details | Url | 1 | http://mailsa-wqu.com |
|
| Details | Url | 1 | http://mailsa-wqw.com |
|
| Details | Url | 1 | http://nttdocomo-qae.com |
|
| Details | Url | 1 | http://nttdocomo-qaq.com |
|
| Details | Url | 1 | http://nttdocomo-qaq.com/aa |
|
| Details | Url | 1 | http://nttdocomo-qar.com |
|
| Details | Url | 1 | http://nttdocomo-qat.com |
|
| Details | Url | 1 | http://nttdocomo-qaw.com |
|
| Details | Url | 1 | http://sagawa-reg.com |
|
| Details | Url | 1 | http://www.711231.com |
|
| Details | Url | 1 | http://www.759383.com |
|
| Details | Url | 1 | http://www.923525.com |
|
| Details | Url | 1 | http://www.923915.com |
|
| Details | Url | 1 | http://www.975685.com |
|
| Details | Url | 1 | https://twitter.com/lucky88755 |
|
| Details | Url | 1 | https://twitter.com/lucky98745 |
|
| Details | Url | 1 | https://twitter.com/lucky876543 |
|
| Details | Url | 1 | https://twitter.com/luckyone1232 |
|
| Details | Url | 1 | https://twitter.com/sadwqewqeqw |
|
| Details | Url | 1 | https://twitter.com/gyugyu87418490 |
|
| Details | Url | 1 | https://twitter.com/sdfghuio342 |
|
| Details | Url | 1 | https://twitter.com/asdqweqweqeqw |
|
| Details | Url | 1 | https://twitter.com/ukenivor3 |
|
| Details | Url | 1 | https://www.instagram.com/freedomguidepeople1830 |
|
| Details | Url | 1 | https://mainsheetgyam.tumblr.com |
|
| Details | Url | 1 | https://hormonaljgrj.tumblr.com |
|
| Details | Url | 1 | https://globalanab.tumblr.com |