Tuesday, May 21, 2019

Update2 - HERREVAD Databases Geo Location Artefacts

This second update concerns HERREVAD Databases Geo Location Artefacts referred to by me in my previous posts:

Update - HERREVAD Databases Geo Location Artefacts (2018)
http://trewmte.blogspot.com/2018/07/update-herrevad-databases-geo-location.html

and

HERREVAD Databases Geo Location Artefacts (2017)
http://trewmte.blogspot.com/2017/02/herrevad-databases-geo-location.html

Due to lack of reporting and information about HERREVAD Databases I have kept monitoring the information superhighway to see if any additional information comes up about HERREVAD.

In March 2019 the GmsCore.apk (Android Marshmallow) had an Incident Response Report at Hybrid Analysis concerning MITRE ATT&CK Techniques Detection identifying malicious indicator. The lengthy report suggests Fingerprintng location information that HERRAVAD is associated:

com.google.android.gms.herrevad.receivers.CaptivePortalReceiver // android.net.conn.NETWORK_CONDITIONS_MEASURED 
com.google.android.gms.herrevad.receivers.GservicesReceiver //  com.google.gservices.intent.action.GSERVICES_CHANGED

https://www.hybrid-analysis.com/sample/d75d4607b04ef24459cda329739b7222c5b70c53886316620c45bc3b7ddc6a3b?environmentId=200#signature-ff7edd80fdd3ee84d005809e9b2df85e

No comments: