Rectifyq📃Title: MA-694.012018: MyCERT Alert - Fake Bank Negara Malicious APK
📅Date: 2018-01-13
🔗References:
- https://www.mycert.org.my/portal/advisory?id=MA-694.012018
- https://www.mycert.org.my/portal/advisory?id=MA-695.012018
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: malware-analysis
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Malaysia”
- sector=“Bank”
- f3b46834-6ce9-44ef-852d-d7ac61a12920=“82a4a09c-ca5b-4dd1-b194-df3e65f93fa3”
- financial-fraud=“Fake App”
- financial-fraud=“Fake Website”
- producer 4a61b42d-e3f0-4964-9d88-4aa96e24c31d
- mitre-attack-pattern=[‘T1412’, ‘T1582’, ‘T1432’, ‘T1636.003’, ‘T1616’, ‘T1409’]
MISP event uuid: fb3c6d54-a1eb-47ca-9ad8-285973c276c7
Indicator of Compromise (IoCs)
type,value,comment
sha256, 21cda890254d5519bb6dfee3a68025ca4ddfdb41a846ae5d9b2b556bb0b3474c, 'No sample in VT\r\nLast check:06/05/2025'
ip-dst, 67.229.128.74, 'Cloud Service, host malicious file'
ip-dst, 23.244.168.148, 'Cloud Service, C2 server'
ip-dst, 183.86.209.102, 'Cloud Service, C2 server'
ip-dst, 144.217.88.38, 'Cloud Service, host malicious file, C2 server'
Full IOCs available in Rectifyq's MISP```