{
	"id": "c7924c8d-c7c5-4dc2-b738-bbf9a2b9a8ff",
	"created_at": "2026-04-06T00:06:59.835008Z",
	"updated_at": "2026-04-10T03:24:29.555765Z",
	"deleted_at": null,
	"sha1_hash": "8eee80f38f7654aba9d2aa290a7d4375876a8c28",
	"title": "GitHub - ics-iot-bootcamp/cerberus_research: Research tools for analysing Cerberus banking trojan.",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 169519,
	"plain_text": "GitHub - ics-iot-bootcamp/cerberus_research: Research tools for\r\nanalysing Cerberus banking trojan.\r\nBy lotusexpeditor\r\nArchived: 2026-04-05 19:34:20 UTC\r\nRelated research paper : https://github.com/ics-iot-bootcamp/cerberus_research/blob/master/cerberus_research_paper.pdf\r\nThis repository currently has two tools that can be used.\r\nHercules: Hercules automatically finds decryption key for actual DEX of the given Cerberus sample, decrypts it,\r\nthen decrypts configuration parameters in the actual payload. All statically, in seconds.\r\nqueryCerberus: Partial implementation of the Cerberus banking trojan C2 communication.\r\ncerberus_full_package contains Cerberus source code that distributed to premium members of originated forum.\r\nCredits: DC8044\r\nInitial analysis shows that the Android V2 in the source package is not the latest version in the wild. It lacks\r\nAndroid 10 improvements. Our research paper covers latest version of the malware. According to leftover files,\r\nlooks like their development team uses a private GitHub repository.\r\n-Latest version contains Endless Foreground Service taken from;\r\nhttps://robertohuertas.com/2019/06/29/android_foreground_services/\r\n-Communication parameters of latest version are abbreviated. In this one they aren't.\r\nhttps://github.com/ics-iot-bootcamp/cerberus_research\r\nPage 1 of 2\n\nStay Safe \u0026 Healthy.\r\nRegards, Cyberwise Research Task Force (Cyberwise - RTF).\r\nSource: https://github.com/ics-iot-bootcamp/cerberus_research\r\nhttps://github.com/ics-iot-bootcamp/cerberus_research\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/ics-iot-bootcamp/cerberus_research"
	],
	"report_names": [
		"cerberus_research"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434019,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8eee80f38f7654aba9d2aa290a7d4375876a8c28.pdf",
		"text": "https://archive.orkl.eu/8eee80f38f7654aba9d2aa290a7d4375876a8c28.txt",
		"img": "https://archive.orkl.eu/8eee80f38f7654aba9d2aa290a7d4375876a8c28.jpg"
	}
}