• GhostSpy C2 Panel: The domain https://storeappweb.com/ hosts a C2 control panel for GhostSpy.
• Open Directory of APK Samples: On the same domain, there is an accessible directory at https://storeappweb.com/uploads/ with over 50 APK samples, likely all or mostly related to GhostSpy.
• #Obfuscated #ELF: An ELF file was found that appears to be a variant of the #Mirai malware.
• Malware URLs:
• http://185.196.10.215:12234/mips.bin
• http://185.196.10.215:12234/x86_64.bin
They made an attempt to hide by using port 12234 and the .bin file extension.
• Open Directory of APK Samples: On the same domain, there is an accessible directory at https://storeappweb.com/uploads/ with over 50 APK samples, likely all or mostly related to GhostSpy.
• #Obfuscated #ELF: An ELF file was found that appears to be a variant of the #Mirai malware.
• Malware URLs:
• http://185.196.10.215:12234/mips.bin
• http://185.196.10.215:12234/x86_64.bin
They made an attempt to hide by using port 12234 and the .bin file extension.