Openhunting Threat Library

HummingBad

HummingBad
(Type: Rootkit, Downloader)

(Check Point) In February 2016, Check Point researchers first discovered HummingBad, a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.

[News Analysis] Trends:

Total Trend: 1

Trend Per Year
1
2016


Trend Per Month
1
Jul 2016



[News Analysis] News Mention Another Threat Name:

0 - HummingBad


[TTP Analysis] Technique Performance:



[TTP Analysis] Mitre Attack Matrix:

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact


[Infrastructure Analysis] Based on Related IOC:

IP:Port Timestamp
Domain Timestamp
URL Timestamp


[Target Analysis] Region/Sector:

No information


References:

News Basic Information Indicator of Compromise Mitre Attack

News Article (Credit @Malpedia)

From HummingBad to Worse

2016-07 by Check Point from Check Point

Basic Information (Credit @etda.or.th)

Tool: HummingBad

Names: HummingBad

Description: (Check Point) In February 2016, Check Point researchers first discovered HummingBad, a malware that establishes a persistent rootkit on Android devices, generates fraudulent ad revenue, and installs additional fraudulent apps.

Category: Malware

Type: Rootkit, Downloader

Information: https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf

Information: https://en.wikipedia.org/wiki/Hummingbad

Mitre-attack: https://attack.mitre.org/software/S0322/

Alienvault-otx: https://otx.alienvault.com/browse/pulses?q=tag:HummingBad

Last-card-change: 2020-05-08

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact