Pulse Detail — Threat Intelligence

PULSE NAME

KYCShadow: An Android Banking Malware Exploiting Fake KYC Workflows for Credential and OTP Theft

WHITE Tr1sa111 2026-04-30 Modified: 2026-04-30

IOCs

LOW VOLUME

MITRE ATT&CK & Malware Families

MALWARE FAMILIES

KYCShadow

Indicators of Compromise (9)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	3da35272ad6d280d3388d57bdbf61b9c	—	2026-04-30
FileHash-SHA1	0a467a2c936734affc8d796a4e468543b9d182e7	—	2026-04-30
FileHash-SHA256	1d261b45e73b5b712becb12ed182ec89d3dd0d73143a2dd8ff5512da489a50eb	—	2026-04-30
FileHash-SHA256	34479b18597f1a0deb5d55b8450bc21af1d1f638c4ceca1ee19e6f5ac89d6be2	—	2026-04-30
URL	https://jsonapi.biz	—	2026-04-30
FileHash-SHA1	10bd31f7d0e47f8c24f58cac962036d342d57057	—	2026-04-30
domain	jsonapi.biz	—	2026-04-30
domain	jsonserv.biz	—	2026-04-30
domain	jsonserv.xyz	—	2026-04-30

References (1)