Scraper: Malicious WhatsApp mod distributed through legitimate apps

November 1, 2022 by bytecash

Event ID	4526
UUID	86dec5f1-e2e0-4ab9-8511-422855d37b84
Creator org	CUDESO
Owner org	LUNCHBOX
Creator user	admin@admin.test
Protected Event (experimental)	Event is in unprotected mode.
Tags	misp:tool=”misp-scraper”x osint:source-type=”blog-post”x misp:event-type=”collection”x tlp:whitex workflow:state=”complete”x
Date	2022-10-14
Threat Level	Medium
Analysis	Completed
Distribution	All communities
Published	Yes 2022-11-01 06:56:00
#Attributes	15 (0 Objects)
First recorded change	2022-10-14 12:30:12
Last change	2022-10-14 20:54:10
Modification map
Sightings	0 (0) – restricted to own organisation only.

Order by dateOrder by count

Related Events

CUDESO	Scraper: DiceyF deploys GamePlayerFramework in online casino development studio
2022-10-281

CUDESO	Scraper: DeftTorero: tactics, techniques and procedures of intrusions revealed
2022-10-141

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

4526: Scraper: Malicious WhatsApp mod distributed through legitimate apps

Galaxies

Intrusion Set

Kimsuky – G0094
Volatile Cedar – G0123

Malware

Triada – S0424

Misinformation Pattern

WhatsApp

« previous
next »
view all

Scope toggle Deleted Decay score SightingDB Context Related Tags Filtering tool

	Date	Org	Category	Type	Value	Tags	Galaxies	Comment	Correlate	Related Events	Feed hits	IDS	Distribution	Sightings	Activity	Actions
	2022-10-14		Payload delivery	md5	caa640824b0e216fab86402b14447953								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	8ee2df87e75cc8ab1b77c54288d7a2d9								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	47674b2ada8586acaf34065ff4cf788a								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	f67a1866c962f870571587b833add47b								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	72645469b04af2d89bc24adda2705b68								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	deaafdd4b289443261e18b244eafb577								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	ac6c42d2f312fe8e5fb48fe91c83656b								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	cba56f43c1ef32c43f7fc5e2ac368cdc								Inherit	(0/0/0)
	2022-10-14		Payload delivery	md5	c3b2982854814e537cd25d27e295cefe								Inherit	(0/0/0)
	2022-10-14		Payload delivery	url	https://g1790.rt14v.com								Inherit	(0/0/0)
	2022-10-14		Payload delivery	url	http://av2wg.rt14v.com								Inherit	(0/0/0)
	2022-10-14		Payload delivery	url	https://wa.zcnewy.com								Inherit	(0/0/0)
	2022-10-14		Other	comment	Malicious WhatsApp mod distributed through legitimate apps			Blog title					Inherit	(0/0/0)
	2022-10-14		External analysis	link	https://securelist.com/feed/			Feed URL		4527 4531			Inherit	(0/0/0)
	2022-10-14		External analysis	link	https://securelist.com/malicious-whatsapp-mod-distributed-through-legitimate-apps/107690/			Blog URL					Inherit	(0/0/0)