{"id":220,"date":"2015-02-15T21:20:43","date_gmt":"2015-02-15T20:20:43","guid":{"rendered":"http:\/\/www.skateman.nl\/?p=220"},"modified":"2015-02-15T21:20:43","modified_gmt":"2015-02-15T20:20:43","slug":"investigating-malware-pawn-storm-for-iphone","status":"publish","type":"post","link":"https:\/\/www.skateman.nl\/index.php\/2015\/02\/15\/investigating-malware-pawn-storm-for-iphone\/","title":{"rendered":"Investigating Malware Pawn Storm for iPhone"},"content":{"rendered":"<p>As posted on the Fortinet Blog!<\/p>\n<p style=\"text-align: center;\"><a href=\"http:\/\/blog.fortinet.com\/post\/investigating-on-pawn-storm-for-iphone\"><img src='https:\/\/www.skateman.nl\/wordpress\/wp-content\/uploads\/2015\/02\/xagent-gps.jpg' alt='' \/><\/a><\/p>\n<p>What does the malware do?<\/p>\n<p>To summarize the malware&#8217;s goals, it fetches commands via HTTP GET from a remote C&amp;C, and uploads information via HTTP POST. The command it recognizes are listed in the table below.<\/p>\n<p>0 Get Info Device<\/p>\n<p>1 Start Record<\/p>\n<p>2 Get Audio File<\/p>\n<p>3 Get Contact List<\/p>\n<p>4 Current Location<\/p>\n<p>5 Get Installed Apps<\/p>\n<p>6 Wifi Status<\/p>\n<p>7 Get all Pictures from Photo Library<\/p>\n<p>8 List a given directory<\/p>\n<p>9 Get a given file<\/p>\n<p>10 Get process list<\/p>\n<p>11 Get SMS<\/p>\n<p>The code shows a few interesting things:<\/p>\n<p>via <a href=\"http:\/\/blog.fortinet.com\/post\/investigating-on-pawn-storm-for-iphone\">Investigating on Pawn Storm for iPhone | Fortinet Blog<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As posted on the Fortinet Blog! What does the malware do? To summarize the malware&#8217;s goals, it fetches commands via HTTP GET from a remote C&amp;C, and uploads information via HTTP POST. The command it recognizes are listed in the table below. 0 Get Info Device 1 Start Record 2 Get Audio File 3 Get  [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[33,41,47,63],"class_list":["post-220","post","type-post","status-publish","format-standard","hentry","category-security","tag-fortinet","tag-iphone","tag-malware","tag-security"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/posts\/220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/comments?post=220"}],"version-history":[{"count":0,"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/posts\/220\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/media?parent=220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/categories?post=220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skateman.nl\/index.php\/wp-json\/wp\/v2\/tags?post=220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}