2022-06-07 MA-834.052022 MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential| Threat Intelligence Malaysia

📃Title: MA-834.052022: MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential
📅Date: 2022-06-07
🔗References:

https://www.mycert.org.my/portal/details?menu=431fab9c-d24c-4a27-ba93-e92edafdefa5&id=c2a5b8c1-fe94-489e-a772-dbb9d0fb8968

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: targeted
MY-relevancy: relevant

🔖MISP Galaxies:

target-information=“Malaysia”
financial-fraud=“Fake App”
financial-fraud=“Fake Website”
producer 4a61b42d-e3f0-4964-9d88-4aa96e24c31d
mitre-attack-pattern=[‘T1476’, ‘T1412’]

MISP event uuid: 145ab1a4-7880-4eb5-91f8-dd900a76997a

Indicator of Compromise (IoCs)

type,value,comment
ip-dst, 139.162.61.96, 'LEA campaign'
ip-dst, 185.244.150.159, 'cleaning services campaign'
domain, token2.club, 'cleaning services campaign'
ip-dst, 194.195.211.26, 'cleaning services campaign'
domain, grabamaid-my.online, 'cleaning services campaign'
ip-dst, 172.67.177.79, 'cleaning services campaign'
domain, maidacalls.online, 'cleaning services campaign'
ip-dst, 172.67.205.26, 'cleaning services campaign'
domain, petsmore.online, 'cleaning services campaign'
ip-dst, 172.67.174.195, 'cleaning services campaign'
domain, cleangmy.site, 'cleaning services campaign'
domain, my-maid4us.site, 'cleaning services campaign'
domain, yourmaid.online, 'cleaning services campaign'
domain, muapks.online, 'cleaning services campaign'
domain, grabsapks.online, 'cleaning services campaign'
ip-dst, 104.21.19.184, 'cleaning services campaign'
domain, grabmyapks90.online, 'cleaning services campaign'
ip-dst, 104.21.29.168, 'cleaning services campaign'
domain, m4apks.online, 'cleaning services campaign'
ip-dst, 172.67.208.54, 'cleaning services campaign'
domain, maid4uapks90.online, 'cleaning services campaign'
ip-dst, 172.67.161.142, 'cleaning services campaign'
domain, grabmaidsapks80.online, 'cleaning services campaign'
ip-dst, 2.57.90.16, 'cleaning services campaign'
domain, puapks.online, 'cleaning services campaign'
ip-dst, 124.217.246.203, 'cleaning services campaign'
ip-dst, 172.67.166.180, 'cleaning services campaign'
domain, meapks.xyz, 'cleaning services campaign'
url, https://api.lapubo.com, ''
url, https://mymaidkl.com, ''
url, https://mobile666.mymaidkl.com, ''

Full IOCs available in Rectifyq's MISP```

Rectifyq

Explorer

2022-06-07 MA-834.052022 MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential

Indicator of Compromise (IoCs)

Graph View