SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.spynote (Back to overview)

SpyNote

aka: CypherRat

Actor(s): OilRig


The malware has been released on github at https://github.com/EVLF/Cypher-Rat-Source-Code

References
2023-07-31CleafyFrancesco Iubatti
@online{iubatti:20230731:spynote:6507c5a, author = {Francesco Iubatti}, title = {{SpyNote continues to attack financial institutions}}, date = {2023-07-31}, organization = {Cleafy}, url = {https://www.cleafy.com/cleafy-labs/spynote-continues-to-attack-financial-institutions}, language = {English}, urldate = {2023-07-31} } SpyNote continues to attack financial institutions
SpyNote
2023-05-10K7 SecurityBaran S
@online{s:20230510:spynote:6170e66, author = {Baran S}, title = {{spynote}}, date = {2023-05-10}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/spynote-targets-irctc-users/}, language = {English}, urldate = {2023-05-21} } spynote
SpyNote
2023-01-05Bleeping ComputerBill Toulas
@online{toulas:20230105:spynote:54f5a05, author = {Bill Toulas}, title = {{SpyNote Android malware infections surge after source code leak}}, date = {2023-01-05}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/spynote-android-malware-infections-surge-after-source-code-leak/}, language = {English}, urldate = {2023-01-06} } SpyNote Android malware infections surge after source code leak
SpyNote
2023-01-05ThreatFabricThreatFabric
@online{threatfabric:20230105:spynote:a1e8256, author = {ThreatFabric}, title = {{SpyNote: Spyware with RAT capabilities targeting Financial Institutions}}, date = {2023-01-05}, organization = {ThreatFabric}, url = {https://www.threatfabric.com/blogs/spynote-rat-targeting-financial-institutions}, language = {English}, urldate = {2023-06-05} } SpyNote: Spyware with RAT capabilities targeting Financial Institutions
SpyMax SpyNote
2022-12-06360 Threat Intelligence Center360 Beacon Lab
@online{lab:20221206:analysis:d045827, author = {360 Beacon Lab}, title = {{Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism}}, date = {2022-12-06}, organization = {360 Threat Intelligence Center}, url = {https://mp.weixin.qq.com/s/J_A12SOX0k5TOYFAegBv_w}, language = {Chinese}, urldate = {2022-12-24} } Analysis of suspected APT-C-56 (Transparent Tribe) attacks against terrorism
AhMyth Meterpreter SpyNote AsyncRAT
2022-08-17360360 Threat Intelligence Center
@online{center:20220817:kasablanka:2a28570, author = {360 Threat Intelligence Center}, title = {{Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East}}, date = {2022-08-17}, organization = {360}, url = {https://mp.weixin.qq.com/s/mstwBMkS0G3Et4GOji2mwA}, language = {Chinese}, urldate = {2022-08-19} } Kasablanka organizes attacks against political groups and non-profit organizations in the Middle East
SpyNote Loda Nanocore RAT NjRAT
2022-08-10K7 SecurityBaran S
@online{s:20220810:spynote:277e9ab, author = {Baran S}, title = {{spynote}}, date = {2022-08-10}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/spynote-an-android-snooper/}, language = {English}, urldate = {2022-08-17} } spynote
SpyNote
2021-09-21civilsphereprojectcivilsphereproject
@online{civilsphereproject:20210921:capturing:60e5728, author = {civilsphereproject}, title = {{Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN}}, date = {2021-09-21}, organization = {civilsphereproject}, url = {https://www.civilsphereproject.org/blog/2021/9/21/capturing-and-detecting-androidtester-remote-access-trojan-with-the-emergency-vpn}, language = {English}, urldate = {2021-09-22} } Capturing and Detecting AndroidTester Remote Access Trojan with the Emergency VPN
SpyNote
2021-04-21FacebookMike Dvilyanski, David Agranovich
@online{dvilyanski:20210421:taking:23e0fb2, author = {Mike Dvilyanski and David Agranovich}, title = {{Taking Action Against Hackers in Palestine}}, date = {2021-04-21}, organization = {Facebook}, url = {https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/}, language = {English}, urldate = {2021-04-28} } Taking Action Against Hackers in Palestine
SpyNote Houdini NjRAT
2020-12-10Intel 471Intel 471
@online{471:20201210:no:9fd2ae1, author = {Intel 471}, title = {{No pandas, just people: The current state of China’s cybercrime underground}}, date = {2020-12-10}, organization = {Intel 471}, url = {https://intel471.com/blog/china-cybercrime-undergrond-deepmix-tea-horse-road-great-firewall/}, language = {English}, urldate = {2020-12-10} } No pandas, just people: The current state of China’s cybercrime underground
Anubis SpyNote AsyncRAT Cobalt Strike Ghost RAT NjRAT
2020-12-01QianxinQi Anxin Threat Intelligence Center
@online{center:20201201:blade:1b3519c, author = {Qi Anxin Threat Intelligence Center}, title = {{Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed}}, date = {2020-12-01}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/Blade-hawk-The-activities-of-targeted-the-Middle-East-and-West-Asia-are-exposed/}, language = {English}, urldate = {2022-04-15} } Blade Eagle Group - Targeted attack group activities circling the Middle East and West Asia's cyberspace revealed
SpyNote BladeHawk
2020-07-15RelativityBartlomiej Czyż
@online{czy:20200715:indepth:9a7c4dd, author = {Bartlomiej Czyż}, title = {{An in-depth analysis of SpyNote remote access trojan}}, date = {2020-07-15}, organization = {Relativity}, url = {https://bulldogjob.pl/articles/1200-an-in-depth-analysis-of-spynote-remote-access-trojan}, language = {English}, urldate = {2020-11-06} } An in-depth analysis of SpyNote remote access trojan
SpyNote
2020-03-31VolexityVolexity Threat Research
@online{research:20200331:storm:b491e72, author = {Volexity Threat Research}, title = {{Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign}}, date = {2020-03-31}, organization = {Volexity}, url = {https://www.volexity.com/blog/2020/03/31/storm-cloud-unleashed-tibetan-community-focus-of-highly-targeted-fake-flash-campaign/}, language = {English}, urldate = {2020-04-07} } Storm Cloud Unleashed: Tibetan Focus of Highly Targeted Fake Flash Campaign
SpyNote Stitch Godlike12
2019-04-30ClearSkyClearSky Cyber Security
@online{security:20190430:raw:327940f, author = {ClearSky Cyber Security}, title = {{Raw Threat Intelligence 2019-04-30: Oilrig data dump link analysis}}, date = {2019-04-30}, organization = {ClearSky}, url = {https://docs.google.com/document/d/1oYX3uN6KxIX_StzTH0s0yFNNoHDnV8VgmVqU5WoeErc/edit#heading=h.hcd1wvpsrgfr}, language = {English}, urldate = {2019-10-23} } Raw Threat Intelligence 2019-04-30: Oilrig data dump link analysis
SpyNote OopsIE

There is no Yara-Signature yet.