2023-05-04 Not quite an Easter egg a new family of Trojan subscribers on Google Play

📃Title: Not quite an Easter egg: a new family of Trojan subscribers on Google Play
📅Date: 2023-05-04
🔗References:

• https://securelist.com/fleckpe-a-new-family-of-trojan-subscribers-on-google-play/109643/

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: campaign-analysis
• target: broad-based
• MY-relevancy: relevant

🔖MISP Galaxies:

• producer Kaspersky
• target-information=“Indonesia”
• target-information=“Malaysia”
• target-information=“Poland”
• target-information=“Singapore”
• target-information=“Thailand”
• mitre-attack-pattern=[]

MISP event uuid: c0da94a9-7372-4952-9739-2745e76ab85a

Indicator of Compromise (IoCs)

type,value,comment
md5, c5dd2ea5b1a292129d4ecfbeb09343c4, 'No sample in VT\r\nLast check:09/05/2025'
md5, 2b6b1f7b220c69d37a413b0c448aa56a, 'No sample in VT\r\nLast check:09/05/2025'
md5, aa1cec619bf65972d220904130aed3d9, 'No sample in VT\r\nLast check:09/05/2025'
md5, 0beec878ff2645778472b97c1f8b4113, 'No sample in VT\r\nLast check:09/05/2025'
md5, 40c451061507d996c0ab8a233bd99ff8, 'No sample in VT\r\nLast check:09/05/2025'
md5, bdbbf20b3866c781f7f9d4f1c2b5f2d3, 'No sample in VT\r\nLast check:09/05/2025'
md5, 063093eb8f8748c126a6ad3e31c9e6fe, 'No sample in VT\r\nLast check:09/05/2025'
md5, 8095c11e404a3e701e13a6220d0623b9, 'No sample in VT\r\nLast check:09/05/2025'
url, http://ac.iprocam.xyz, 'C&C'
url, http://ad.iprocam.xyz, 'C&C'
url, http://ap.iprocam.xyz, 'C&C'
url, http://b7.photoeffect.xyz, 'C&C'
url, http://ba3.photoeffect.xyz, 'C&C'
url, http://f0.photoeffect.xyz, 'C&C'
url, http://m11.slimedit.live, 'C&C'
url, http://m12.slimedit.live, 'C&C'
url, http://m13.slimedit.live, 'C&C'
url, http://ba.beautycam.xyz, 'C&C'
url, http://f6.beautycam.xyz, 'C&C'
url, http://f8a.beautycam.xyz, 'C&C'
url, http://ae.mveditor.xyz, 'C&C'
url, http://b8c.mveditor.xyz, 'C&C'
url, http://d3.mveditor.xyz, 'C&C'
url, http://fa.gifcam.xyz, 'C&C'
url, http://fb.gifcam.xyz, 'C&C'
url, http://fl.gifcam.xyz, 'C&C'
url, http://a.hdmodecam.live, 'C&C'
url, http://b.hdmodecam.live, 'C&C'
url, http://l.hdmodecam.live, 'C&C'
url, http://vd.toobox.online, 'C&C'
url, http://ve.toobox.online, 'C&C'
url, http://vt.toobox.online, 'C&C'
url, http://54.245.21.104, 'C&C'
url, http://t1.twmills.xyz, 'C&C'
url, http://t2.twmills.xyz, 'C&C'
url, http://t3.twmills.xyz, 'C&C'
url, http://api.odskguo.xyz, 'C&C'
url, http://gbcf.odskguo.xyz, 'C&C'
url, http://track.odskguo.xyz, 'C&C'

Full IOCs available in Rectifyq's MISP```