PINEFLOWER

Description

(FireEye) CORRUPT KITTEN was the author’s chosen name for an Android implant that, according to the blog, ‘supports a full range of spying and device management capability’. The blog contained a summary analysis of this CORRUPT KITTEN implant and an MD5 hash for a DEX file allegedly using the same C&C server. Notably, the author also noted that the malware stored files ready for exfiltration in a directory named ‘.data_gsc98647a3’, the string we identified in our PINEFLOWER samples. It seemed likely that CORRUPT KITTEN and PINEFLOWER were one and the same.

Names

Name
PINEFLOWER
CORRUPT KITTEN

Type

Backdoor
Info stealer
Exfiltration

Information

https://vblocalhost.com/uploads/VB2021-Haeghebaert.pdf

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/apk.pineflower

Other Information

Uuid

8a823fe9-e03f-4c37-be82-3288c05ec213

Last Card Change

2023-06-22

Threat Intelligence Garden

Explorer

PINEFLOWER

PINEFLOWER

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks