← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
VirusTotal report for sample.apk
WHITE msudosos 2026-05-22 Modified: 2026-05-22
363
IOCs
HIGH VOLUME
Evasive malware campaign using corrupt/legacy certificates to bypass automated detection.Volume: Over 100,000 active Indicators of Compromise (IOCs) identified via public OSINT data.Activity: Coordinated infrastructure migration away from US/EU networks using newly mapped geospatial endpoints.Detection & Sandbox EvasionThe Bypass: The payload successfully triggers zero findings in major evasive sandboxes.API Delta: CAPE environments show highest sensitivity. APIs.Vendor Split:11 Vendors: Detect suspicious behavior mapping to MITRE ATT&CK, but do not flag a virus.15 Vendors: Explicitly mark the malicious payload as safe.Trust Abuse: Exploitation of legacy Verisign roots and regional cert authorities to spoof validity.Infra@Geospatial RoutingMigration: Traffic shifted heavily away from US/EU endpoints this week.Target Net: Infrastructure relocated to specific alternate regional network assets confirmed by geospatial endpoint analysis.
file typehttpsperforms dnsurlstls versionmitre attacknetwork infomaliciousaccesseslayer protocolloadspersistencedefense evasioninfonextwindows sandboxclear filtersandroid sandboxBusyboxThird partyAndroid 9SampleCurrently running
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (8 / 363 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 a6ff692baa8754c5ed05a523c8128ffb 2026-05-22
FileHash-MD5 6ec2896feff5746955f700c0023f5804 2026-05-22
FileHash-MD5 9b02ebd3a43b62d825e1ac605b621dc8 2026-05-22
FileHash-MD5 9c815150ea821166faecf80757d8826a 2026-05-22
FileHash-MD5 c67e9dc27d283f1f89b4ebb4b4670c21 2026-05-22
FileHash-MD5 cd08e31494f9531f560d64c695473da9 2026-05-22
FileHash-MD5 eaabed81520b23ea8a800b36bd7e359e 2026-05-22
FileHash-MD5 550248359231f39a4c5f148313f4e3c5 MD5 of f8396fc8f7bb08681dc2d2feb6613ab367ab03fb2aa947ddc40fab5adf6144e1 2026-05-22
References (3)
↗ https://vtbehaviour.commondatastorage.googleapis.com/4c667f59ffca45888ea55b2cb2bb0970c1216e0b9916aec79a3dcd6e5da61480_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779442472&Signature=SaTOoC0NF8oY11e9qXMGg5%2B78gPDYTpT%2FIIdOnF5ZXtOR%2FXBaHAOPMqFpzKAaA46jnPDMP2%2BxeBReZShlVIM16tHDRJXUIeNKQfMp%2BioRtZPiqUJ1sSpuvbvTgTzOxUBYCr%2BUtSzE9W04eThRjEOoh7uYYGS1KhA6lxJywpaYcL7MP5JitlfW2TwW7g%2BMYPjamuzxmvl6vIUER9rR71%2BN9bqT66C6aH2tHUP6w1GfCdu%2BHvdkP9V ↗ https://vtbehaviour.commondatastorage.googleapis.com/4c667f59ffca45888ea55b2cb2bb0970c1216e0b9916aec79a3dcd6e5da61480_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779442500&Signature=fP5tZPDDBIe1x4Zro6ajevLrk0Kr6UttvPFBABVUgWl1YCEy7e3B3VWegBmVdx23z2FsZI5dV6LgUIfQ1Odevykd7MOFGren1GKexcs3fVjW%2FyuWOXEf%2F2PTm2r%2BM8qmY3Is%2B2%2FqP6wcrjLoxXPVVc68wtjVDOAYxcCG8E0SofK9Q9Y7waT9gGWaMnE%2B7x1tQBSlmh08OYA%2BJXKpkcae2VNEIyy6w%2Fk28ijmBymTn ↗ https://vtbehaviour.commondatastorage.googleapis.com/4c667f59ffca45888ea55b2cb2bb0970c1216e0b9916aec79a3dcd6e5da61480_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779442547&Signature=RWta5nM9gINoI9wa3uQpH5FikunD7%2Ft5pNj8BNz%2Bt91LiKioV9aDfWd%2B2tRfyqFfaKsQHg4Ew6CVAH9IHhIJ9757vPmJmqMFY0%2Ftt87DDrV6ZpbubrZj3m9fZxdMjfJdw9t0uBpY82bXHzY5SzMY%2B4d79brRE9o%2BG5zCSPAmFbyPqdkyFEhEgKVEm7eYxW9sWWZs4tC%2FD4rKkI7y6NaaoNtobT1SzREk%2FEUr%2FX%