2023-07-28 Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns

📃Title: Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns
📅Date: 2023-07-28
🔗References:

• https://www.trendmicro.com/en_us/research/23/g/cherryblos-and-faketrade-android-malware-involved-in-scam-campai.html

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: campaign-analysis
• target: broad-based
• MY-relevancy: relevant
• topic: mobile-attack

🔖MISP Galaxies:

• producer= Trend-Micro
• target-information=“Indonesia”
• target-information=“Malaysia”
• target-information=“Mexico”
• target-information=“Philippines”
• target-information=“Uganda”
• target-information=“Vietnam”
• mitre-attack-pattern=[]

MISP event uuid: 594728ee-92ad-4f92-9f47-358cce216ba9

Indicator of Compromise (IoCs)

type,value,comment
md5, e355f01472bc880619bf9fe930cd5743, 'CherryBlos - Robot 999'
md5, 3ca466e4a248c2a96fee018237024b41, 'CherryBlos - GPTalk'
md5, ba18d79dbec5a8f9232a998abb126124, 'CherryBlos - SynthNet'
md5, 6736399cb3a96b4faa8f9bbe63fc98c0, 'CherryBlos - SynthNet'
md5, 73c55e38f936325fc308f73ce58da5a4, 'CherryBlos - SynthNet'
md5, aabf9d98a82913dd8933cab118cce866, 'CherryBlos - Happy Miner'
hostname, 008c.hugeversapi.com, 'C&C server'
domain, chatgptc.io, 'Phishing'
hostname, gptc.m1m1mapi.com, 'C&C server'
domain, happyminder.buzz, 'Phishing'
url, https://dl.chatgptc.io/gptalkwallet.apk, 'Malware download URL'
url, https://dl.synthnet.ai/synthnet.apk, 'Malware download URL'
url, https://happyminder.buzz/happyminer.apk, 'Malware download URL'
url, https://www.robot999.net/robot999.apk, 'Malware download URL'
domain, robot999.net, 'Phishing'
domain, synthnet.ai, 'Phishing'
hostname, synthnet.m1m1mapi.com, 'C&C server'
hostname, wapi.hugeversapi.com, 'C&C server'
sha256, 8a01025d4ee1c9649d86ff74864c580a1773deb77b469dc1439e410ecff595e3, 'SynthNet No sample in VT\r\nLast check:12/05/2025'

Full IOCs available in Rectifyq’s MISP