otx.alienvault.com
Open in
urlscan Pro
13.35.253.2
Public Scan
URL:
https://otx.alienvault.com/pulse/61a79adb823719a2ddf8a0b4?scan=1&utm_userid=swimlanecyou&utm_medium=inproduct&utm_source=ot...
Submission: On December 01 via api from US — Scanned from DE
Submission: On December 01 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form _ngcontent-uyb-c132="" novalidate="" class="login ng-untouched ng-pristine ng-invalid" id="welcomeLoginForm-pulse-detail" __bizdiag="-695151727" __biza="WJ__">
<div _ngcontent-uyb-c132="" class="form-group"><label _ngcontent-uyb-c132="" for="id_login">Username</label><input _ngcontent-uyb-c132="" container="body" formcontrolname="login" id="id_login" name="login" placement="right" type="text"
class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div>
<div _ngcontent-uyb-c132="" class="form-group"><label _ngcontent-uyb-c132="" for="id_password">Password</label><input _ngcontent-uyb-c132="" container="body" formcontrolname="password" id="id_password" name="password" placement="right"
type="password" class="form-control input-alienvault ng-untouched ng-pristine ng-invalid"><!----></div><button _ngcontent-uyb-c132="" id="loginBtn" type="submit" class="btn btn-att disabled" disabled=""> Log in
<i _ngcontent-uyb-c132="" aria-hidden="true" class="fa fa-chevron-right smaller"></i></button>
<div _ngcontent-uyb-c132="" class="remember-checkbox"><label _ngcontent-uyb-c132=""><input _ngcontent-uyb-c132="" id="id_remember" name="remember" type="checkbox"> REMEMBER ME</label></div>
</form>Text Content
× * Browse * Scan Endpoints * Create Pulse * Submit Sample * API Integration * Login | Sign Up All * Login | Sign Up * Share Actions Subscribers (166815) Suggest Edit Clone Embed Download Report Spam DECEIVE THE HEAVENS TO CROSS THE SEA: 300.000+ INFECTIONS VIA DROPPERS ON GOOGLE PLAY STORE * Created 40 minutes ago by AlienVault * Public * TLP: White The “Deceive the Heavens to Cross the sea” stratagem comes from the first chapter of the ‘Thirty-Six Stratagems’, a famous Chinese collection of tactics and techniques used in politics, war and civil life. It translates to “hide in plain sight” or “mask your true goals”. Android banking trojan actors have taken this stratagem to heart and have been very adaptable over years to new Google Play app store restrictions introduced to limit their operations. These restrictions include setting limitations on the use of certain (dangerous) app permissions, which play a big role in distributing or automating malware tactics. Reference: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Tags: anatsa, brunhilda, gustuff, gymdrop, ermac, hydra, alien Adversary: Brunhilda Industry: Finance Malware Families: Brunhilda , Anatsa , Gymdrop , Gustuff , Ermac , Alien Att&ck IDs: T1056 - Input Capture , T1574 - Hijack Execution Flow , T1566 - Phishing , T1059 - Command and Scripting Interpreter , T1036 - Masquerading , T1475 - Deliver Malicious App via Authorized App Store , T1577 - Compromise Application Executable Endpoint Security Scan your endpoints for IOCs from this Pulse! Learn more * Indicators of Compromise (34) * Related Pulses (6) * Comments (0) * History (0) URL (2)Domain (5)IPv4 (2)FileHash-SHA256 (17)FileHash-MD5 (4)FileHash-SHA1 (4) TYPES OF INDICATORS Germany (1) THREAT INFRASTRUCTURE Show 10 25 50 100 entries Search: type indicator Role title Added Active related Pulses domainreadyqrscanner.clubDec 1, 2021, 3:55:08 PM2 domainprotectionguardapp.clubDec 1, 2021, 3:55:08 PM2 domainonlinefitnessanalysis.comDec 1, 2021, 3:55:08 PM2 domainmultifuctionscanner.clubDec 1, 2021, 3:55:08 PM2 domainflowdivison.clubDec 1, 2021, 3:55:08 PM2 FileHash-SHA256fd7e7e23db5f645db9ed47a5d36e7cf57ca2dbdf46a37484eafa1e04f657bf02Dec 1, 2021, 3:55:08 PM3 FileHash-SHA256ed537f8686824595cb3ae45f0e659437b3ae96c0a04203482d80a3e51dd915abDec 1, 2021, 3:55:08 PM3 FileHash-SHA256e8cbcc34af3bd352767b7a9270dd684a50da2e68976a3712675526a7398550a0Dec 1, 2021, 3:55:08 PM3 FileHash-SHA256d4e9a95719e4b4748dba1338fdc5e4c7622b029bbcd9aac8a1caec30b5508db4Dec 1, 2021, 3:55:08 PM3 FileHash-SHA256d42e0d3db3662e809af3198da67fdbd46d5c2a1052b5945401e4cdd06c197714Dec 1, 2021, 3:55:08 PM3 SHOWING 1 TO 10 OF 34 ENTRIES 1 2 3 4 Next COMMENTS You must be logged in to leave a comment. Refresh Comments * © Copyright 2021 AlienVault, Inc. * Legal * Status Login to Initiate Scan × * Sign Up * Log In or Username Password Log in REMEMBER ME Recover Your Password | Resend Verification Email