Pulse Detail — Threat Intelligence

PULSE NAME

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

WHITE GREF AlienVault 2023-08-31 Modified: 2023-10-03

IOCs

MEDIUM VOLUME

Research has identified two campaigns targeting Android users via trojanized Signal and Telegram apps and a malware family that has previously been used to target Uyghurs and other Turkic ethnic minorities.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1418 T1426 T1430 T1437 T1509 T1495 T1134 T1040 T1530 T1082 T1071 T1090 T1422 T1533

MALWARE FAMILIES

FlyGram Uyghur Telegram OS X GREF Android BadBazaar

Indicators of Compromise (1 / 19 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	ef271686f134be63277ce471a5181ee9	MD5 of e368db837edf340e47e85652d6159d6e90725b0d	2023-08-31

References (1)

↗ https://www.welivesecurity.com/en/eset-research/badbazaar-espionage-tool-targets-android-users-trojanized-signal-telegram-apps/