About Bahamut
Bahamut was first noticed when it targeted a Middle Eastern human rights activist in the first week of January 2017. Later that month, the same tactics and patterns were seen in attempts against an Iranian women’s activist – an individual commonly targeted by Iranian actors, such as Magic Hound, APT 35, Cobalt Gypsy, Charming Kitten and the Sima campaign documented in our 2016 Black Hat talk. Recurrent patterns in hostnames, registrations, and phishing scripts provided a strong link between the two incidents, and older attempts were found that directly overlapped with these attacks. Over the course of the following months, several more attempts against the same individuals were observed, intended to steal credentials for iCloud and Gmail accounts.
Newest Fishing Page
Adversary Intent
We can find adversary intent from fishing domain and malicious APK name. Attackers use spyware to attack Jamaat-e-Islami in Kashmir.
Fishing Domain
jamaat-ul-islam.com
jamatapplication.com
jamaatforummah.com
jamaatforallah.com
Spyware Name
kashmir-youth.apk
jamaat_v_0_0_6.apk
KashmirAlliance/Kashmir-Youth.apk
Jamaatchat.apk
Jamaat-e-Islami
wikipedia
Jamaat-e-Islami (Urdu: جماعتِ اسلامی•) is an Islamic movement founded in 1941 in British India by the Islamic theologian and socio-political philosopher, Abul Ala Maududi
Technical and Tactical Analysis
Permissions
! Dangerous Permissions: LOCATION, CAMERA, CONTACTS, PHONE, STORAGE, MICROPHONE, SMS
Recording
Contact Sync Service
Get Location And IP
Get SMS Log
Get All SMS
you can find out other malicious behavior from permissions and map to MITRE ATT&CK® Matrices for Mobile.
IOC
Sha256
9d4e5d46ab3e2bb4b38256960b88ddc7e266d1959fa75d676a0cac5e811ad325
c5aa8327dfbca613e487d4075162f667e9ed967ad5d63427f79cb55ec79988b8
4899519c3b0c8ba3c811e88e3f825d84833d05a6d82d64d9bc7e679ecdd36431
80aee359a8d573cd1cdec13bcc5fe09b296cec5d6c0cc3e65e54d6c555867288
7987841d022c799eeb0dbdc9bb656d88720b874353d42d709aa613705dd03597
Domain
jamaat-ul-islam.com
jamatapplication.com
jamaatforummah.com
jamaatforallah.com
Buy Me A Coffee
WeChat Pay
原文始发于微信公众号(打假的Hunter):Bahamut's cyber espionage campaign in Kashmir
