2020-06-25 MA-788.062020 MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users| Threat Intelligence Malaysia

📃Title: MA-788.062020: MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users
📅Date: 2020-06-25
🔗References:

https://mycert.org.my/portal/advisory?id=MA-788.062020

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
target: targeted
MY-relevancy: relevant
topic: mobile-attack

🔖MISP Galaxies:

target-information=“Malaysia”
producer= 4a61b42d-e3f0-4964-9d88-4aa96e24c31d
mitre-attack-pattern=[]

MISP event uuid: 5b86ba10-d505-42c8-9c28-b1d8ea01cbd9

Indicator of Compromise (IoCs)

type,value,comment
md5, 9c4c5035012b3b8a88d8bbe5a2f94baa, ''
md5, b61c8f5157a38a1b40b4294be3e8cb29, ''
md5, 548bae857891cc7e578031922def6c5a, ''
md5, 8ff52a49b6efc41c5bd3f77c406297f3, ''
md5, e1dab20d26cad225b29c715f24ce0594, ''
md5, 69efe778721dcd66bbd7ed1eaf2ae116, ''
md5, 1974bd3c5efbe76fbfe58664c0906fa9, 'No sample in VT\r\nLast check:08/05/2025'
sha1, ed068afc2d41bed7c6e5f4a6f380431babd43a00, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 13dcb880e3263363acef3c772178257490fe08ab31bc03e949bb8d4bad73d3f4, 'No sample in VT\r\nLast check:08/05/2025'
md5, 097f4b26211d6d50c3635147168710d2, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 60895094b942c46926df2ca20b175f073b331552, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 7aac3e2b9a9a044e54f8e1c0998ad48a4cc2fe9e6246a66d8f334d243bbe9523, 'No sample in VT\r\nLast check:08/05/2025'
md5, 4ab5a95e8443dd5a98bccff50a49d0cc, 'No sample in VT\r\nLast check:08/05/2025'
sha1, a8c709ff95ba07d79c4b61b3f1f2c99e6b578958, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 9471fc333219acb41c7f39724aa117a6a6c771d536bd09570e06134fbdc427dd, 'No sample in VT\r\nLast check:08/05/2025'
md5, 086aa916e3de9133415dab0075deeced, 'No sample in VT\r\nLast check:08/05/2025'
sha1, c88487090bbf266aeac211a5aa50044ec3447785, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 952381377ca43239b1105a89f9d0aa7fda11f51b488fb2fe4f4ac570b7829503, 'No sample in VT\r\nLast check:08/05/2025'
md5, 97d31fb3c830f7a441288e1853371c07, 'No sample in VT\r\nLast check:08/05/2025'
sha1, e0941fea65541fed509b25ccab37162ae3fc4857, 'No sample in VT\r\nLast check:08/05/2025'
sha256, acc88ccd3e39926086c173b094dca31b9ca79f70c34cbed52ea3d24e1797aac5, 'No sample in VT\r\nLast check:08/05/2025'
md5, 98fd5e686e897007f1625ed6850127b1, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 6b55b2763bcf26008e004c40136e2f2fafd275f4, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 298ec58a1d1d1ce242e9ffb3d44bfdcac2bea1fc3fdfa87e93742771edc2d44d, 'No sample in VT\r\nLast check:08/05/2025'
md5, cebc0c87d6426b595a3ff5bcc9af352a, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 1e93d8c0d68a8cc53d91b15b74ab909531637961, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 8a76716af58fe4dae5b4fab0c6dbbbf7ffb9f04786dfc1e64f45a46f8901f0d2, 'No sample in VT\r\nLast check:08/05/2025'
md5, 64a9c5b43dfde507de727ba7a2346d72, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 8ffc913798760ca3256e9d096228cea26c8deb0e, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 6c2461889c1387ceb7c80bb38f540ee88e651c971913528ecd818a2108135593, 'No sample in VT\r\nLast check:08/05/2025'
md5, 6f67733de9ed9cd26d4f74011e0c5b74, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 00a3aed7d00164a61aa705d76678f70a54b13e31, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 01260ca05c79ab84d0750c8b2b2e6ca79f46349b2ed698ab7cbe875bc2209f87, 'No sample in VT\r\nLast check:08/05/2025'
md5, a26286972e7ff06ffba100af1c1f8d4f, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 7faf27c0c682c578c64405aa391c415a05279107, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 9153637aef23e94409e37270c1bdd907a2a5d79c83a87309e2c5f5016fa896b1, 'No sample in VT\r\nLast check:08/05/2025'
md5, 6d59408703e9eb19686fd10d349a5319, 'No sample in VT\r\nLast check:08/05/2025'
sha1, 2dba2aa12f967220d124416ac5d19db7eac87dce, 'No sample in VT\r\nLast check:08/05/2025'
sha256, 5d9fff3e5cb62214a06493fc1b2c72494eab03cb8868d9a895e6980d4978d32e, 'No sample in VT\r\nLast check:08/05/2025'
domain, gladyobreic24e1s.top, 'C2'
domain, cabel1lan4ightice2.top, 'C2'
domain, fe2rltao23ts.top, 'C2'
domain, ucuzplastk.tk, 'C2'
ip-dst, 47.252.20.45, 'C2'
ip-dst, 148.66.159.235, 'C2'
url, https://defase241.s3.eu-central-1.amazonaws.com, 'This malware is hosted at'
url, https://fewfasdfwerta.s3.eu-central-1.amazonaws.com/StayAtHome.apk, 'This malware is hosted at'
url, https://stayinghomemalaysia.s3.eu-central-1.amazonaws.com/StayingHomeMalaysia.apk, 'This malware is hosted at'
url, https://fesastatre214s.s3.eu-central-1.amazonaws.com, 'This malware is hosted at'
url, https://20gbcampaings.tk/APK/20GBGift.apk, 'This malware is hosted at'

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2020-06-25 MA-788.062020 MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View