Mirrors
/
ioc-collection
mirror of https://github.com/avast/ioc
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ioc-collection/SMSFactory
History
avast-ti f99cc279bd
Update README.md 		2022-06-02 11:15:02 +02:00
..
README.md Update README.md 2022-06-02 11:15:02 +02:00
SMSFactory IOC.csv Add files via upload 2022-06-02 10:55:12 +02:00
SMSFactory IOC.pdf Add files via upload 2022-06-02 10:55:12 +02:00

README.md

IOC for SMSFactory

Android

SMSFactory has a few versions, each with numerous samples that are nearly identical in their malicious features.

The IOCs include several samples from each version as well as C2 servers used to deliver commands.

More technical informations at https://blog.avast.com/smsfactory-android-trojan

Most recent version with SMS and call features

SHA256 | Package name
453df13d0a713ceaaf4790d7d08475a5f770e0ddf3b99c7355e99ff1819f5e83 | com.older.appearedbringing
5e0b625abb4125ffeb1ec375f36ad22d8f4699bb411067434b3a71688959e495 | xyz.toe.punishmentdemo
315aa2102b04fef28347788c8e32b6b45c0fd395106f6415f8d08db368c85053 | xyz.milfs.ebonyignored
adea95a9b678220b6a5c54d54c3043f20c26ed9cbcc4ce304f2a737a98e7d1b4 | com.introducing.incestpointer
26d527ffdbe35c1a3cac05a490bca36d3eae13a897648ee7ff81e0c412ce5a54 | net.apart.behavioralrefinance
a01808e5b4d57f31bd17b1d8a2422d23d52f618e3284732449f7d22139d0eb36 | xyz.bachelor.desktopscooking

Version with conditions and admin access

SHA256 | Package name
a57fdb5f8845022cbcb33e62bfe8fc8757391b64fbfb6be87eb7e71e92c538f5 | way.heaven.cringe.stop
5e13ba4cd22e59f9dec180a050865348f8c64147527f5d52a6f467e51201a29a | mueres.vives.elige.wise
befbb3ab3711a991903a0cdac8d9f3782bc460c75fece4d9e8b01aba7394acd7 | panama.tony.exit.roma
58557cbb1cffa5f50bd2f70e205edca5f2b037bda0e99a2dfe3b1035cc0ff497 | scope.submarine.maza.zoo
a9c24f54503c58b73bffa20bd4fb77bd424e01d3014a949a41de638f6841a45f | casius.klay.tropa.roop
a0d0ded55f9bf2d286c5eac230b998a5e4ec6bbd894ff2dd0da97fd1079b4a92 | period.inform.crash.troupe

Older game hack version with an icon

SHA256 | Package name
d7a6f57c30e04623b105fc83c0b8e85787e327accd0bf691af3b1da655f1d160 | com.fortnite
0e278d7faf8dd97689297435f08bb5561c36151b4a3ef2c3ab0d024165170091 | com.enlighten.lastlight.hack
ff2a35970052a0d66802d543260f4eafc8ceac4ea0d3a709a1859b0f5914bef9 | net.peakgames.amy.hack
06d1759e8b4cdce0bc2faa5f4678d83d64887570dd0dd6a04b596052ab2c7edd | com.outfit7.mytalkingtomfree.hack
13f6322973ce58a0e20607e6167f3fb7925c494cdd627bdabdc2d78f87f3c38a | com.pockettrend.neomonsters.hack
07fb68ae79c38a3a17222e7fa67bcb5e0bee5a8fe46e4a6b5caaf16135241f45 | com.gamefirst.chibisurvivorlord.hack

C2

sms.service.mobilelinks[.]xyz
krinterro[.]com
phone.relario[.]xyz
sms.relario[.]xyz