{
  "name": "New Antidot Android Banking Trojan Masquerading as Fake Google Play Updates",
  "slug": "new-antidot-android-banking-trojan-masquerading-as-fake-google-play-updates",
  "description": "The \"Antidot\" Android Banking Trojan Masquerades As A Google Play Update App. It Strategically Targets Android Users Across Various Regions And Employs VNC And Overlay Techniques To Harvest Credentials.",
  "published": "2024-05-20T09:57:30+00:00",
  "created_at": "2024-05-20T09:57:30+00:00",
  "modified_at": "2024-05-20T14:05:25+00:00",
  "created_at_opencti": "2024-05-20T09:57:30+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-20"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "213.255.246.209"
      },
      {
        "id": "",
        "name": "193.181.23.70"
      },
      {
        "id": "",
        "name": "188.241.240.75"
      },
      {
        "id": "",
        "name": "46.228.205.159"
      },
      {
        "id": "",
        "name": "http://46.228.205.159:5055/"
      },
      {
        "id": "",
        "name": "https://wgona.click/"
      },
      {
        "id": "",
        "name": "http://213.255.246.209:5055"
      },
      {
        "id": "",
        "name": "http://193.181.23.70:5055"
      },
      {
        "id": "",
        "name": "http://188.241.240.75:5055"
      },
      {
        "id": "",
        "name": "wgona.click"
      },
      {
        "id": "",
        "name": "a6f6e6fb44626f8e609b3ccb6cbf73318baf01d08ef84720706b205f2864b116"
      },
      {
        "id": "",
        "name": "9f8a49432e76b9c69d33ea228cc44254bc0a58bfa15eb0c51a302c59db81caa3"
      },
      {
        "id": "",
        "name": "7a0664c3a9914531c84d875669f6249b433d09155b1c06ad3654c210a1798ee0"
      },
      {
        "id": "",
        "name": "654cfe773e92261a7e2c74f4b16bd36be9286a95840b49139cf18c8d4333345b"
      }
    ],
    "attack_patterns": [
      {
        "id": "161056b4-a500-465e-b023-bf2f8ed7d46f",
        "name": "T1516"
      },
      {
        "id": "6ff3450b-1c3b-4800-82e2-aabb488b412e",
        "name": "T1512"
      },
      {
        "id": "10ac6a4d-540e-4af8-813d-c85fd99f1e38",
        "name": "T1429"
      },
      {
        "id": "d41d23f8-8b6f-4ffa-ac71-e0ee226577e2",
        "name": "T1426"
      },
      {
        "id": "e052d0a2-6d19-44f9-a843-2b372181b6a7",
        "name": "T1417"
      },
      {
        "id": "05c6fe85-561b-427e-8021-da2311219098",
        "name": "T1513"
      },
      {
        "id": "832e3836-8a71-469b-a274-4b539d9e0f3f",
        "name": "T1418"
      }
    ]
  },
  "external_refs": [
    "https://cyble.com/blog/new-antidot-android-banking-trojan-masquerading-as-google-play-updates/",
    "https://otx.alienvault.com/pulse/664b3aaa22c4f79404275112"
  ]
}