Posts

Showing posts from October, 2022

SharkDBS IRC/FTP Bot

Image
As always, IOCs at the end.  Characteristics: Uses IRC to send data to the attacker and FTP. Get the victim's IP address via external services, uses ip2location until it is able to connect to the external service. Get list of applications Send SMS using the device. Requests several permissions: android.permission.INTERNET android.permission.READ_EXTERNAL_STORAGE android.permission.RECEIVE_BOOT_COMPLETED android.permission.REBOOT android.permission.CALL_PHONE android.permission.READ_SMS android.permission.READ_CONTACTS android.permission.SEND_SMS android.permission.WRITE_EXTERNAL_STORAGE android.permission.READ_CALL_LOG android.permission.SYSTEM_ALERT_WINDOW Includes Spanish strings in the code, suggesting the actor is from a Spanish speaking country.  The IP the duckdns serves the APK from is from Spain. Useful links: Virustotal Graph: https://www.virustotal.com/graph/embed/g1f66b84527234df186946867ace02cc1d175d8dd4bd045cf948261dd16565c7d  Virustotal Collection: https://www.virusto