2020-11-24 WAPDropper An Android Malware Subscribing Victims to Premium Services and Targeting Telecomm Companies| Threat Intelligence Malaysia

📃Title: WAPDropper: An Android Malware Subscribing Victims to Premium Services and Targeting Telecomm Companies
📅Date: 2020-11-24
🔗References:

https://research.checkpoint.com/2020/enter-wapdropper-subscribe-users-to-premium-services-by-telecom-companies/

Description

Check Point researchers recently encountered WAPDropper, a new malware which downloads and executes an additional payload. In the current campaign, it drops a WAP premium dialer which subscribes its victims to premium services without their knowledge or consent.

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: malware-analysis
target: targeted
MY-relevancy: relevant
topic: mobile-attack

🔖MISP Galaxies:

producer Check-Point
target-information=“Thailand”
target-information=“Malaysia”
sector=“Telecoms”
mitre-attack-pattern=[‘T1448’, ‘T1476’, ‘T1407’, ‘T1508’, ‘T1422’, ‘T1421’, ‘T1426’, ‘T1418’, ‘T1406’, ‘T1575’]

MISP event uuid: cbc7019f-c90e-48ef-94d6-d7cca59a6c03

Indicator of Compromise (IoCs)

type,value,comment
hostname, ks7br7.3q03on.com, 'Main C&C Server'
hostname, ip.cooktracking.com, 'Rotating C&C'
hostname, l.facebook1mob.com, 'Rotating C&C'
ip-dst, 34.233.155.78, 'IP'
ip-dst, 52.54.159.156, 'IP Infrastructure'

Full IOCs available in Rectifyq's MISP```