Monday, May 30, 2016

Mobile Malware Intercepted, Hundreds of Users Affected

We've recently, intercepted, a currently, circulating, malicious, campaign, exposing, users, to, a variety, of, malicious, software, exposing, the, confidentiality, integrity, and availability, of, their devices.

In this, post, we'll, profile, the, campaign, provide, malicious, MD5s, expose, the, infrastructure, behind, it, and, discuss, in depth, the, tactics, techniques, and procedures, of, the, cybercriminals, behind, it.

Malicious MD5s known to have participated in the campaign:
MD5: bd4ed8b3b5d37f34fb63ce2798c585e9
MD5: 1c2c8894ab12a38b7420c7e04ed690f3

MD5: 7e3410e3b74866b02f8c8d6a3220aa23
MD5: 427ec5aef2a0ca2b2c8edbf24f1aeb8f
MD5: 770c77bfa64dc89638d5ac07ca6d1246
MD5: 3670576f507327fc4cbec45d0b3b6d2e

MD5: 5a3d1953631d1e78af6390c88a4ea434
MD5: 7322362d952eb63c07b9585107604a90

MD5: d9f63a6944648646343be1b7fbebe734
MD5: 611a6489bb7c9357765b8dd00f00d953
MD5: c81a88af87dfd05f5f757eea56d83fb8
MD5: 381a9b123d2b43ae8ff617d708bcfce8
MD5: a3bbf048865c48d2b2d5c8973d8a95d3
MD5: 66f31f76a5633e8a16ffe763093b546b

MD5: ac74bdca918dc6416cfa4e710d238f43
MD5: b169837db80e53c4564b62c0a4b9eba3
MD5: b334c20de944bb15cc8ac6aa59215e73
MD5: 677aa8cba92cdda2ec80b61fb7052813
MD5: 7b366d1273c65d0be63b7d68b268d3b8

Once executed, sample, malware, phones, back, to, the, following, C&C server:
hxxp://sklasse-b.in.ua/777/gate.php - 217.12.201.60

Known to have phoned back to the same C&C server IP (217.12.201.60) are also the following malicious MD5s:
MD5: e070535dd1ca923d1b12a71307b2639a
MD5: 3092a0a15dceb494a62eb00ea1c51283
MD5: 90123fd7978d42c2cd0a1fdc62651eb6
MD5: 553bed2a3cab5f1ec98bbec6dc151dd3
MD5: 947efe328858d816a77ef6b103097097

Once executed, sample, malware, phones, back, to, the, following, C&C server:
hxxp://apimobiapps.com/api/app.php - 54.72.9.115; 37.1.210.139

Known to have phoned back to the same C&C server IP (54.72.9.115) are also the following malicious MD5s:
MD5: 7e6429d92bf457f5580457260c92d615
MD5: f89ee0bd2fa97380ceedbfe5bf3d5c93

Known to have phoned back to the same C&C server IP (54.72.9.115) are also the following malicious MD5s:
MD5: 886d621a5abeea5609ae813b50ea35a5
MD5: 576da1ff48ae7d4ce092698c20bb9c2c
MD5: 1c93b5c33585ab60c61c698713a6446d
MD5: 6afea2ece23b57fe3d3076ca799c18fe
MD5: 9a43a4bee370f7ae3759a5633b0ee40a

Once executed a sample malware phones back to the following C&C server:
hxxp://dh005.com - 54.72.9.115; 172.99.89.215
hxxp://parkingcrew.net - 185.53.179.29
hxxp://quickdomainfwd.com - 208.91.196.46

We'll continue, monitoring, the campaign, and, post, updates, as, soon, as, new, developments, take, place.

Mobile Malware Hits Google Play, Hundreds of Users Affected

We've recently intercepted a currently circulating, malicious, campaign, affecting, hundreds, of Google Play users, potentially, exposing, the confidentiality, integrity, and availability, of their devices, to, a variety, of malicious, software.

In this, post, we'll, profile, the campaign, provide, malicious MD5s, expose, the infrastructure, behind, it, and, discuss, in depth, the, tactics, techniques, and procedures, of, the, cybercriminals, behind, it.

Malicious MD5s known to have participated in the campaign:
MD5: 3f57dfe0ca2440bf03fda3e3b1295edc

Once executed the sample phones back to the following C&C server:
hxxp://37.1.207.31/api/?id=5

Related malicious MD5s known to have been downloaded from the same C&C server (37.1.207.31):
MD5: 1fa7df305b49f03e9ecf05fbb9cf74b8
MD5: 52b256f04bc9f5f003e9f292e6fabcc2
MD5: 76cc87289fa2a2363b42551b180c05de
MD5: 4ac2c20905c9761b863fdc9e737ea3d5
MD5: be0493f06f55ef7daf30e7e4d9cd03db

Related malicious MD5s known to have phoned back to the same C&C server (37.1.207.31):
MD5: 6ebe7504bcc4003c5b224801e961848c
MD5: 6f918766c935c7a472c9518c5b4aa7ba
MD5: 4d083b01c850c418e97c2fcf4031eff5
MD5: 2ce8dc9e399dc90d54d151aefec97091
MD5: 8f524b8daa68063af05313870ba198cd

We'll continue monitoring the campaign, and, post, updates, as, soon, as, new, developments, take, place.

Mobile Malware Intercepted, Hundreds of Users Affected

We've, recently, intercepted, a currently, circulating, malicious, campaign, exposing, Google Play, users, to, a variety, of malicious, software, exposing, the confidentiality, integrity, and availability, of, their, devices, to, a multi-tude, of, malicious, software.

In this, post, we'll, profile, the, campaign, provide, malicious, MD5s, expose, the, infrastructure, behind, it, and, discuss, in depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Malicious MD5s known to have participated in the campaign:
MD5: f6aedc30fdab1b0a0bfebb3d51cb82ea

Related malicious MD5s known to have participated in the campaign:
MD5: ff844a8bb40da72b5c9f3a8c3cda7c9d051921e6
MD5: 83e56809b1662be002f4e1c4bcd3aef90d060d8f
MD5: 7c3f693d0b0ea6c6fdbb078e56d7e71ffaf648b8
MD5: 9e36414341e4dbaa113980f7d900e0ac4baa4103
MD5: 21266e72c8becbb439cb6d77f174b5eccefa2769

Once executed a sample malware phones back to the following C&C server:
hxxp://193.201.224.22
hxxp://85.143.221.46
hxxp://85.143.219.118

Known to have phoned back to the same C&C server IP(193.201.224.22) are also the following malicious MD5s:
MD5: 99f66211f75ace7d103fc2fbc147cd8c
MD5: ab712f0c6339d2c33cf34df44da972b8
MD5: d66f59cd897e5992c4dca3c6f6d198ce
MD5: 635fbe342c0732294db648e36b8e0a58

We'll continue, monitoring, the, campaign, and, post, updates, as, soon, as, new, developments, take, place.