去年写了一篇Bahamut’s cyber espionage campaign in Kashmir。为什么再次更新Bahamut?
-
公众号在积灰
-
因为国内研究这个组织的人少,一些情报不准或者没情报
部分历史
-
2021.6 计算器钓鱼
C2: ohnvaohhajhwtvo245904.de
URL:http://calcyapp.com/calcyapp_v_2_1.apk
sha256: 4f7d7a67fee25405bc14614c064f2682a14a8a9ef1badcff04a1e071c1617173
-
2021.7 色情
C2: oekgaqcm7rcuou1wic60t6nbdu8582zlnppkmcl2.de
URL:https://freesexvideos.ch/adult-v1.apk
sha256: 489849eec17935e15a96ceef23b317d526b25367ca09e2a10e6000425f975ebb
-
2021.8 克什米尔
h94xnghlldx6a862moj3.de
jamaat-ul-islam.com
jamatapplication.com
jamaatforummah.com
jamaatforallah.com
9d4e5d46ab3e2bb4b38256960b88ddc7e266d1959fa75d676a0cac5e811ad325
c5aa8327dfbca613e487d4075162f667e9ed967ad5d63427f79cb55ec79988b8
4899519c3b0c8ba3c811e88e3f825d84833d05a6d82d64d9bc7e679ecdd36431
80aee359a8d573cd1cdec13bcc5fe09b296cec5d6c0cc3e65e54d6c555867288
7987841d022c799eeb0dbdc9bb656d88720b874353d42d709aa613705dd03597
-
2022.2
17ef1a468a57dbbcd84e32df86509106e3065a82caa47a469cb3a694ce88c78c
20a520aa0437428e4f93157979eaf181f3c3276abaea6ad01ce083ffa6e55e39
c4cdcfb645cb50451f6a5cf792ef91e07aa1ed166ad99f59358eb8b9a1284440
cbd72c2f407d20b863a2e2e6b5ddae8f6f9c7ea30d9da7efbddcc9f9fabcb3c1
r4dc3btbyzip0edkbykb1qteulwb.de
行为
从权限看,变化不是很大。
android.permission.ACCESS_FINE_LOCATION
android.permission.READ_PHONE_STATE
android.permission.CAMERA
android.permission.ACCESS_COARSE_LOCATION
android.permission.READ_CALL_LOG
android.permission.RECORD_AUDIO
android.permission.INTERNET
android.permission.READ_SMS
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_CONTACTS
android.permission.RECEIVE_SMS
android.permission.READ_EXTERNAL_STORAGE
android.permission.WAKE_LOCK
android.permission.FOREGROUND_SERVICE
android.permission.WRITE_SETTINGS
android.permission.ACCESS_NETWORK_STATE
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
android.permission.ACCESS_BACKGROUND_LOCATION
Bahamut反恐
共同富裕
有想法、想动的朋友欢迎来共同富裕,个人微信:bugcry。
原文始发于微信公众号(打假的Hunter):Bahamut碎碎念