Triada malware: hitting the android core system (part I)
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | fbc6cfe8-7825-4a4e-b5ea-df1f49adbcfa |
| Fingerprint | 7f2b7da904bd64d4 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 16, 2016, midnight |
| Added to db | Jan. 18, 2023, 7:32 p.m. |
| Last updated | Nov. 8, 2024, 12:42 a.m. |
| Headline | Some stuff about security.. |
| Title | Triada malware: hitting the android core system (part I) |
| Detected Hints/Tags/Attributes | 18/2/35 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 188 | com.android |
|
| Details | Domain | 2 | com.android.system.guardianship.info |
|
| Details | Domain | 1 | com.bel.android |
|
| Details | Domain | 4 | android.process.media |
|
| Details | Domain | 57 | com.google.android |
|
| Details | Domain | 1 | de.schaeuffelhut.android |
|
| Details | Domain | 2 | com.android.music |
|
| Details | Domain | 1 | com.cooliris.media |
|
| Details | Domain | 1 | com.cyanogenmod.android |
|
| Details | Domain | 2 | ph4.xiaoyisy.com |
|
| Details | Domain | 2 | xla.poticlas.com |
|
| Details | Domain | 1 | com.bc.android |
|
| Details | Domain | 1 | ph2.xiaoyisy.com |
|
| Details | Domain | 1 | ph1.xiaoyisy.com |
|
| Details | Domain | 2 | ph3.xiaoyisy.com |
|
| Details | File | 30 | android.sys |
|
| Details | File | 2 | guardianship.inf |
|
| Details | File | 20 | android.settings |
|
| Details | File | 1 | lastaccesstimes.db |
|
| Details | File | 1 | opb_mark_recover.db |
|
| Details | File | 1 | phone.db |
|
| Details | File | 2 | xla.pot |
|
| Details | File | 1 | opbupdate_6000.jar |
|
| Details | File | 1 | gloablbcserviceinfo.apk |
|
| Details | File | 1 | opbupdate_6000_opbrelease.db |
|
| Details | File | 5 | android.core |
|
| Details | sha1 | 1 | bf26f9b2909c429af8d4876c8015a41633eb3d74 |
|
| Details | sha1 | 1 | 95e6ad4c2bc9e6a29ea1f6d90d782be9971450bd |
|
| Details | sha1 | 1 | 09d856882b205e1a8f6065334d8d0fa583666acb |
|
| Details | sha1 | 1 | f9b5e56e76c5eeea61f224279c756da4abb4d665 |
|
| Details | sha1 | 1 | c1152d2e8c005dad77b3dfac7e1e4cd785031bdc |
|
| Details | sha1 | 1 | d47b0a190af5754625c7edf15d1ecddeae4c7108 |
|
| Details | sha256 | 2 | b2c2f74772c5057451668f144191f8d7191e5f98dbc6b6533698af5aa2baabc8 |
|
| Details | IPv4 | 1 | 103.20.249.203 |
|
| Details | IPv4 | 2 | 103.6.223.226 |