GPlayed Trojan - .Net playing with Google Market
Tags
country: Russia
attack-pattern: Data Model Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006 Server - T1583.004 Server - T1584.004 Sms Messages - T1636.004 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID eb968493-7235-4a1c-88d8-09fcda52ddc9
Fingerprint aeae1db52d529bc9
Analysis status DONE
Considered CTI value 2
Text language
Published Oct. 11, 2018, 9:06 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 14, 2024, 2:04 p.m.
Headline Vulnerability Information
Title GPlayed Trojan - .Net playing with Google Market
Detected Hints/Tags/Attributes 62/2/15
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2018/10/gplayedtrojan.html
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 52 
android.app
Details Domain 904 
snort.org
Details Domain 3 
sub1.tdsworker.ru
Details File 2 
reznov.dll
Details File 2 
ecommon.dll
Details File 2 
testcc.php
Details File 3 
package.apk
Details sha256 2 
a342a16082ea53d101f556b50532651cd3e3fdc7d9e0be3aa136680ad9c6a69f
Details sha256 2 
604deb75eedf439766896f05799752de268baf437bf89a7185540627ab4a4bd1
Details sha256 2 
17b8665cdbbb94482ca970a754d11d6e29c46af6390a2d8e8193d8d6a527dec3
Details IPv4 2 
5.9.33.226
Details IPv4 2 
172.110.10.171
Details Url 2 
http://5.9.33.226:5416
Details Url 2 
http://172.110.10.171:85/testcc.php
Details Url 2 
http://sub1.tdsworker.ru:5555/3ds