2023-05-04 Not quite an Easter egg a new family of Trojan subscribers on Google Play

📃Title: Not quite an Easter egg: a new family of Trojan subscribers on Google Play
📅Date: 2023-05-04
🔗References:

• https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: campaign-analysis
• target: broad-based
• MY-relevancy: relevant

🔖MISP Galaxies:

• producer= Kaspersky
• target-information=“Indonesia”
• target-information=“Malaysia”
• target-information=“Poland”
• target-information=“Singapore”
• target-information=“Thailand”
• mitre-attack-pattern=[]

MISP event uuid: c0da94a9-7372-4952-9739-2745e76ab85a

Indicator of Compromise (IoCs)

type,value,comment
md5, f671a685fc47b83488871ae41a52bf4c, ''
md5, 5ce7d0a72b1bd805c79c5fe3a48e66c2, ''
md5, d39b472b0974df19e5efbda4c629e4d5, ''
md5, 175c59c0f9fab032dde32c7d5beede11, ''
md5, 101500cd421566690744558af3f0b8cc, ''
md5, 7f391b24d83cee69672618105f8167e1, ''
md5, f3ecf39bb0296ac37c7f35ee4c6eddbc, ''
md5, e92ff47d733e2e964106edc06f6b758a, ''
md5, b66d77370f522c6d640c54da2d11735e, ''
md5, 3d0a18503c4ef830e2d3fbe43ecbe811, ''
md5, 1879c233599e7f2634ef8d5041001d40, ''
md5, dd16bd0cb8f30b2f6daac91af4d350be, ''
md5, 37162c08587f5c3009afceec3efa43eb, ''
md5, ecdc4606901abd9bb0b160197efe39b7, ''
md5, c5dd2ea5b1a292129d4ecfbeb09343c4, 'No sample in VT\r\nLast check:09/05/2025'
md5, 2b6b1f7b220c69d37a413b0c448aa56a, 'No sample in VT\r\nLast check:09/05/2025'
md5, aa1cec619bf65972d220904130aed3d9, 'No sample in VT\r\nLast check:09/05/2025'
md5, 0beec878ff2645778472b97c1f8b4113, 'No sample in VT\r\nLast check:09/05/2025'
md5, 40c451061507d996c0ab8a233bd99ff8, 'No sample in VT\r\nLast check:09/05/2025'
md5, bdbbf20b3866c781f7f9d4f1c2b5f2d3, 'No sample in VT\r\nLast check:09/05/2025'
md5, 063093eb8f8748c126a6ad3e31c9e6fe, 'No sample in VT\r\nLast check:09/05/2025'
md5, 8095c11e404a3e701e13a6220d0623b9, 'No sample in VT\r\nLast check:09/05/2025'
url, http://ac.iprocam.xyz, 'C&C'
url, http://ad.iprocam.xyz, 'C&C'
url, http://ap.iprocam.xyz, 'C&C'
url, http://b7.photoeffect.xyz, 'C&C'
url, http://ba3.photoeffect.xyz, 'C&C'
url, http://f0.photoeffect.xyz, 'C&C'
url, http://m11.slimedit.live, 'C&C'
url, http://m12.slimedit.live, 'C&C'
url, http://m13.slimedit.live, 'C&C'
url, http://ba.beautycam.xyz, 'C&C'
url, http://f6.beautycam.xyz, 'C&C'
url, http://f8a.beautycam.xyz, 'C&C'
url, http://ae.mveditor.xyz, 'C&C'
url, http://b8c.mveditor.xyz, 'C&C'
url, http://d3.mveditor.xyz, 'C&C'
url, http://fa.gifcam.xyz, 'C&C'
url, http://fb.gifcam.xyz, 'C&C'
url, http://fl.gifcam.xyz, 'C&C'
url, http://a.hdmodecam.live, 'C&C'
url, http://b.hdmodecam.live, 'C&C'
url, http://l.hdmodecam.live, 'C&C'
url, http://vd.toobox.online, 'C&C'
url, http://ve.toobox.online, 'C&C'
url, http://vt.toobox.online, 'C&C'
url, http://54.245.21.104, 'C&C'
url, http://t1.twmills.xyz, 'C&C'
url, http://t2.twmills.xyz, 'C&C'
url, http://t3.twmills.xyz, 'C&C'
url, http://api.odskguo.xyz, 'C&C'
url, http://gbcf.odskguo.xyz, 'C&C'
url, http://track.odskguo.xyz, 'C&C'

Full IOCs available in Rectifyq’s MISP