← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Arid Viper poisons Android apps with AridSpy
WHITE AridViper AlienVault 2024-06-14 Modified: 2024-07-14
45
IOCs
MEDIUM VOLUME
ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its command-and-control server to avoid detection and exfiltrates sensitive information like contacts, messages, locations, and media files.
aridspyandroidspywareexfiltrationespionage
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
AridSpy
Indicators of Compromise (45)
All domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
domain almoshell.website 2024-06-14
domain alwaysgoodidea.com 2024-06-14
domain analyticsandroid.com 2024-06-14
domain androidd.com 2024-06-14
domain clemochat.com 2024-06-14
domain crashstoreplayer.website 2024-06-14
domain elsilvercloud.com 2024-06-14
domain gameservicesplay.com 2024-06-14
domain lapizachat.com 2024-06-14
domain nortirchats.com 2024-06-14
domain orientflags.com 2024-06-14
domain palcivilreg.com 2024-06-14
domain pariberychat.com 2024-06-14
domain reblychat.com 2024-06-14
domain renatchat.com 2024-06-14
domain ultraversion.com 2024-06-14
domain voevanil.com 2024-06-14
hostname www.lapizachat.com 2024-06-14
hostname www.palcivilreg.com 2024-06-14
hostname zezsoft.wuaze.com 2024-06-14
FileHash-MD5 103e22b050bdac39a80aac2c2831902d MD5 of 8ff57dc85a7732e4a9d144f20b68e5bc9e581300 2024-06-14
FileHash-MD5 24ac2a350a3c6aeb2e75413eb7c57ef1 MD5 of b806b89b8c44f46748888c1f8c3f05df2387df19 2024-06-14
FileHash-MD5 2f5d39c31808ecf71b333818887d2f17 MD5 of a934fb482f61d85dda5e52a7015f1699bf55b5a9 2024-06-14
FileHash-MD5 3d070d0fed8bd8bde8bd09d907df66dc MD5 of 797073511a15eb85c1e9d8584b26baa3a0b14c9e 2024-06-14
FileHash-MD5 7269751abac507dd0305b89047e6851a MD5 of 568e62abc0948691d67236d9290d68de34bd6c75 2024-06-14
FileHash-SHA1 16c8725362d1ebc8443c97c5ab79a1b6428ff87d 2024-06-14
FileHash-SHA1 2158d88bce6368fac3fcb7f3a508fe6b96b0cf8a 2024-06-14
FileHash-SHA1 3485a0a51c6dae251cdad20b2f659b3815212162 2024-06-14
FileHash-SHA1 568e62abc0948691d67236d9290d68de34bd6c75 2024-06-14
FileHash-SHA1 5f0213ba62b84221c9628f7d0a0cf87f27a45a28 2024-06-14
FileHash-SHA1 78f6669e75352f08a8b0ca155377eee06e228f58 2024-06-14
FileHash-SHA1 797073511a15eb85c1e9d8584b26baa3a0b14c9e 2024-06-14
FileHash-SHA1 8ff57dc85a7732e4a9d144f20b68e5bc9e581300 2024-06-14
FileHash-SHA1 a64d73c43b41f9a5b938ae8558759adc474005c1 2024-06-14
FileHash-SHA1 a934fb482f61d85dda5e52a7015f1699bf55b5a9 2024-06-14
FileHash-SHA1 b806b89b8c44f46748888c1f8c3f05df2387df19 2024-06-14
FileHash-SHA1 c999ace5325b7735255d9ee2dd782179ae21a673 2024-06-14
FileHash-SHA1 db6b6326b772257fddcb4be7cf1a0cc0322387d8 2024-06-14
FileHash-SHA1 e71f1484b1e3acb4c8e8525ba1f5f8822ab7238b 2024-06-14
FileHash-SHA1 f49b00896c99ea030dcca0808b87e414bbde1549 2024-06-14
FileHash-SHA256 0cb41557841ff6f314c398250a165706e0b18f93674a7c12f4489018a1661673 SHA256 of 797073511a15eb85c1e9d8584b26baa3a0b14c9e 2024-06-14
FileHash-SHA256 19df327e7c0ffe8bd883f044c3906424cefe893d50a0d5386e8445668d2dd1e4 SHA256 of b806b89b8c44f46748888c1f8c3f05df2387df19 2024-06-14
FileHash-SHA256 a4e74f74e675a08fdf8e0b55d5da59af8f1c67a2820c97ba6c6790b29589663d SHA256 of 8ff57dc85a7732e4a9d144f20b68e5bc9e581300 2024-06-14
FileHash-SHA256 d6140ef329f2a8f141a05055b1d583a40dc9f5b26b00c63c72c7ebd82fa3c7ec SHA256 of 568e62abc0948691d67236d9290d68de34bd6c75 2024-06-14
FileHash-SHA256 f4ddfd426440829bcbbbe789cb0c18fa3a23798eb5643f1c88b7986390b3d648 SHA256 of a934fb482f61d85dda5e52a7015f1699bf55b5a9 2024-06-14
References (1)
↗ https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/