Scraper: Malicious WhatsApp mod distributed through legitimate apps

Event ID4526
UUID86dec5f1-e2e0-4ab9-8511-422855d37b84 
Creator orgCUDESO
Owner orgLUNCHBOX
Creator useradmin@admin.test
Protected Event (experimental)  Event is in unprotected mode.
Tagsmisp:tool=”misp-scraper”x osint:source-type=”blog-post”x misp:event-type=”collection”x tlp:whitex workflow:state=”complete”x   
Date2022-10-14
Threat LevelMedium
AnalysisCompleted
DistributionAll communities   
PublishedYes 2022-11-01 06:56:00
#Attributes15 (0 Objects)
First recorded change2022-10-14 12:30:12
Last change2022-10-14 20:54:10
Modification map
Sightings0 (0) – restricted to own organisation only.  

Order by dateOrder by count

Related Events

CUDESOScraper: DiceyF deploys GamePlayerFramework in online casino development studio
2022-10-281
CUDESOScraper: DeftTorero: tactics, techniques and procedures of intrusions revealed
2022-10-141

PivotsGalaxyEvent graphEvent timelineCorrelation graphATT&CK matrixEvent reportsAttributesDiscussion

4526: Scraper: Malicious WhatsApp mod distributed through legitimate apps

Galaxies

Intrusion Set 

  •  Kimsuky – G0094   
  •  Volatile Cedar – G0123   

Malware 

  •  Triada – S0424   

Misinformation Pattern 

  •  WhatsApp   

Scope toggle  Deleted Decay score SightingDB Context Related Tags Filtering tool

DateOrgCategoryTypeValueTagsGalaxiesCommentCorrelateRelated EventsFeed hitsIDSDistributionSightingsActivityActions
2022-10-14Payload deliverymd5caa640824b0e216fab86402b14447953     Inherit   (0/0/0)         
2022-10-14Payload deliverymd58ee2df87e75cc8ab1b77c54288d7a2d9     Inherit   (0/0/0)         
2022-10-14Payload deliverymd547674b2ada8586acaf34065ff4cf788a     Inherit   (0/0/0)         
2022-10-14Payload deliverymd5f67a1866c962f870571587b833add47b     Inherit   (0/0/0)         
2022-10-14Payload deliverymd572645469b04af2d89bc24adda2705b68     Inherit   (0/0/0)         
2022-10-14Payload deliverymd5deaafdd4b289443261e18b244eafb577     Inherit   (0/0/0)         
2022-10-14Payload deliverymd5ac6c42d2f312fe8e5fb48fe91c83656b     Inherit   (0/0/0)         
2022-10-14Payload deliverymd5cba56f43c1ef32c43f7fc5e2ac368cdc     Inherit   (0/0/0)         
2022-10-14Payload deliverymd5c3b2982854814e537cd25d27e295cefe     Inherit   (0/0/0)         
2022-10-14Payload deliveryurlhttps://g1790.rt14v.com     Inherit   (0/0/0)         
2022-10-14Payload deliveryurlhttp://av2wg.rt14v.com     Inherit   (0/0/0)         
2022-10-14Payload deliveryurlhttps://wa.zcnewy.com     Inherit   (0/0/0)         
2022-10-14OthercommentMalicious WhatsApp mod distributed through legitimate apps    Blog titleInherit   (0/0/0)     
2022-10-14External analysislinkhttps://securelist.com/feed/    Feed URL4527 4531 Inherit   (0/0/0)     
2022-10-14External analysislinkhttps://securelist.com/malicious-whatsapp-mod-distributed-through-legitimate-apps/107690/    Blog URLInherit   (0/0/0)