{ "type": "URL", "indicator": "http://com.tencent.mm/.plugin.multitalk.ui.MultiTalkMainUI", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://com.tencent.mm/.plugin.multitalk.ui.MultiTalkMainUI", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2810549640, "indicator": "http://com.tencent.mm/.plugin.multitalk.ui.MultiTalkMainUI", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "657093ed430911a8ca4d6981", "name": "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/keymap/5b0a2024c6df0b236b1d3e0cf7e36ca2_AowGame.xml", "description": "", "modified": "2023-12-06T15:31:57.588000", "created": "2023-12-06T15:31:57.588000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 48, "FileHash-MD5": 11, "FileHash-SHA1": 11, "hostname": 18, "domain": 8, "URL": 42 }, "indicator_count": 138, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64745d201f055d9a3f0171cf", "name": "Researchers uncovered Android Spyware, Predator", "description": "Predator, a commercial Android spyware programme marketed by the Israeli business Intellexa (formerly Cytrox), has had its internal workings thoroughly examined by security experts.", "modified": "2023-05-29T08:06:56.407000", "created": "2023-05-29T08:06:56.407000", "tags": [ "predator", "alien", "spyware", "threat advisory", "top story", "landing page top story", "threats", "securex", "android", "quaileggs", "appliance", "cytrox", "talos", "cve20211048", "python module", "apis", "python", "main", "exploit", "august", "refresh", "hooks" ], "references": [ "https://blog.talosintelligence.com/mercenary-intellexa-predator/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ALIEN", "display_name": "ALIEN", "target": null }, { "id": "PREDATOR", "display_name": "PREDATOR", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 43, "hostname": 13, "domain": 8, "email": 1, "CVE": 5 }, "indicator_count": 73, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "1098 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6383a7be1bcdf0dc1c023475", "name": "Part 2 of 10.0.0.172 - com.sina.weibo - this is very very BAD", "description": "So many relative ioc's from my own cache poisoning on windows in early 2016", "modified": "2022-12-27T17:03:27.434000", "created": "2022-11-27T18:09:02.710000", "tags": [ "ansi", "analysis", "memoryfile scan", "dropped file", "found", "indicator", "text", "sha1", "seen", "static parser", "android", "hybrid", "suspicious", "strings", "insert", "error", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q", "https://www.virustotal.com/gui/url/31a0fc66018b2d3f1eac84925b75c", "https://www.virustotal.com/graph/g9c436978fc00498db5d80e1e40dca5" ], "references": [ "platformflow.staging.mambucloud.com", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q", "https://www.virustotal.com/gui/url/31a0fc66018b2d3f1eac84925b75c449a1320cfe66645d3714daeec292e3b9e5/details", "https://www.virustotal.com/graph/g9c436978fc00498db5d80e1e40dca510e9b90f67e36d4597a25f55b55926ff5c", "https://hybrid-analysis.com/sample/4af9320f9bcbf6e68edef4c637ae724c539a2bb79aacbf0e18aaef86bc607e33" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1540", "name": "Code Injection", "display_name": "T1540 - Code Injection" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1074, "hostname": 327, "FileHash-SHA256": 621, "domain": 72, "FileHash-MD5": 6, "FileHash-SHA1": 6, "SSLCertFingerprint": 1 }, "indicator_count": 2107, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1251 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "636da9f54028c7db06fb72c0", "name": "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/keymap/5b0a2024c6df0b236b1d3e0cf7e36ca2_AowGame.xml", "description": "", "modified": "2022-12-11T01:02:56.441000", "created": "2022-11-11T01:48:37.290000", "tags": [ "runtime data", "ansi", "size", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "unicode", "hash seen", "strings", "hybrid", "general", "click", "date", "hosts", "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/" ], "references": [ "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/keymap/5b0a2024c6df0b236b1d3e0cf7e36ca2_AowGame.xml p" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 18, "domain": 8, "FileHash-SHA256": 48, "URL": 42, "FileHash-MD5": 11, "FileHash-SHA1": 11 }, "indicator_count": 138, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1267 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63893b995de5ad1e720ff98d", "name": "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "description": "", "modified": "2022-12-01T23:41:13.601000", "created": "2022-12-01T23:41:13.601000", "tags": [ "xmpmm", "adobe photoshop", "macintosh", "creatortool", "createdate", "modifydate", "metadatadate", "instanceid", "documentid", "history", "core", "error", "cascade", "null", "service", "hybrid", "suspicious", "format", "strings", "install", "template", "download", "executor", "android", "class", "corefoundation", "coreml", "mlassetio", "unknown", "battery", "datetime", "os version", "build", "report version", "devs" ], "references": [ "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "hybrid 100/100" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 141, "hostname": 39, "domain": 7, "FileHash-SHA256": 51, "FileHash-MD5": 42, "FileHash-SHA1": 11, "SSLCertFingerprint": 1 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1276 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6383969576b78ed27dadd025", "name": "10.0.0.172 - com.sina.weibo - https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q - TS 100/100", "description": "", "modified": "2022-11-27T17:16:20.697000", "created": "2022-11-27T16:55:49.994000", "tags": [ "ansi", "analysis", "memoryfile scan", "dropped file", "found", "indicator", "text", "sha1", "seen", "static parser", "android", "hybrid", "suspicious", "strings", "insert", "error", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q" ], "references": [ "platformflow.staging.mambucloud.com", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1540", "name": "Code Injection", "display_name": "T1540 - Code Injection" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 33, "FileHash-SHA256": 17, "domain": 2, "hostname": 19, "FileHash-MD5": 6, "FileHash-SHA1": 6, "SSLCertFingerprint": 1 }, "indicator_count": 84, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1281 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f133371c977a4371c132c3", "name": "TZK_ENT.apk Spyware - www.bczp.cn/iphone/soft/ITZK_ENT.apk", "description": "Remote Access\nContains a remote desktop related string\nSpyware\nHas the ability to record audio \nHas the ability to record audio or other media", "modified": "2022-09-07T00:04:00.988000", "created": "2022-08-08T16:00:55.401000", "tags": [ "download", "trojan", "apt", "api key", "please", "www.bczp.cn/iphone/soft/ITZK_ENT.apk", "Chinese Spyware" ], "references": [ "http://fm.dl.126.net/mailmaster/updatemac/update_config.json", "https://hybrid-analysis.com/sample/622e61c6289f71cf616c792fd874a1d99d01f8f200636320a5ff368ff0d3b0d5/62f104f8b9bcb7039b1d23bb", "www.bczp.cn/iphone/soft/ITZK_ENT.apk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1402", "name": "Broadcast Receivers", "display_name": "T1402 - Broadcast Receivers" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 128, "URL": 321, "FileHash-SHA256": 66, "domain": 32, "FileHash-MD5": 46, "CVE": 1, "FileHash-SHA1": 9, "SSLCertFingerprint": 1 }, "indicator_count": 604, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1362 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "http://fm.dl.126.net/mailmaster/updatemac/update_config.json", "hybrid 100/100", "https://www.virustotal.com/graph/g9c436978fc00498db5d80e1e40dca510e9b90f67e36d4597a25f55b55926ff5c", "https://hybrid-analysis.com/sample/4af9320f9bcbf6e68edef4c637ae724c539a2bb79aacbf0e18aaef86bc607e33", "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/keymap/5b0a2024c6df0b236b1d3e0cf7e36ca2_AowGame.xml p", "https://www.virustotal.com/gui/url/31a0fc66018b2d3f1eac84925b75c449a1320cfe66645d3714daeec292e3b9e5/details", "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "www.bczp.cn/iphone/soft/ITZK_ENT.apk", "platformflow.staging.mambucloud.com", "https://hybrid-analysis.com/sample/622e61c6289f71cf616c792fd874a1d99d01f8f200636320a5ff368ff0d3b0d5/62f104f8b9bcb7039b1d23bb", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q", "https://blog.talosintelligence.com/mercenary-intellexa-predator/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Predator", "Alien" ], "industries": [], "unique_indicators": 3077 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/com.tencent.mm", "whois": "http://whois.domaintools.com/com.tencent.mm", "domain": "com.tencent.mm", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "657093ed430911a8ca4d6981", "name": "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/keymap/5b0a2024c6df0b236b1d3e0cf7e36ca2_AowGame.xml", "description": "", "modified": "2023-12-06T15:31:57.588000", "created": "2023-12-06T15:31:57.588000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 48, "FileHash-MD5": 11, "FileHash-SHA1": 11, "hostname": 18, "domain": 8, "URL": 42 }, "indicator_count": 138, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64745d201f055d9a3f0171cf", "name": "Researchers uncovered Android Spyware, Predator", "description": "Predator, a commercial Android spyware programme marketed by the Israeli business Intellexa (formerly Cytrox), has had its internal workings thoroughly examined by security experts.", "modified": "2023-05-29T08:06:56.407000", "created": "2023-05-29T08:06:56.407000", "tags": [ "predator", "alien", "spyware", "threat advisory", "top story", "landing page top story", "threats", "securex", "android", "quaileggs", "appliance", "cytrox", "talos", "cve20211048", "python module", "apis", "python", "main", "exploit", "august", "refresh", "hooks" ], "references": [ "https://blog.talosintelligence.com/mercenary-intellexa-predator/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "ALIEN", "display_name": "ALIEN", "target": null }, { "id": "PREDATOR", "display_name": "PREDATOR", "target": null } ], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1123", "name": "Audio Capture", "display_name": "T1123 - Audio Capture" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1068", "name": "Exploitation for Privilege Escalation", "display_name": "T1068 - Exploitation for Privilege Escalation" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 3, "URL": 43, "hostname": 13, "domain": 8, "email": 1, "CVE": 5 }, "indicator_count": 73, "is_author": false, "is_subscribing": null, "subscriber_count": 214, "modified_text": "1098 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6383a7be1bcdf0dc1c023475", "name": "Part 2 of 10.0.0.172 - com.sina.weibo - this is very very BAD", "description": "So many relative ioc's from my own cache poisoning on windows in early 2016", "modified": "2022-12-27T17:03:27.434000", "created": "2022-11-27T18:09:02.710000", "tags": [ "ansi", "analysis", "memoryfile scan", "dropped file", "found", "indicator", "text", "sha1", "seen", "static parser", "android", "hybrid", "suspicious", "strings", "insert", "error", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q", "https://www.virustotal.com/gui/url/31a0fc66018b2d3f1eac84925b75c", "https://www.virustotal.com/graph/g9c436978fc00498db5d80e1e40dca5" ], "references": [ "platformflow.staging.mambucloud.com", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q", "https://www.virustotal.com/gui/url/31a0fc66018b2d3f1eac84925b75c449a1320cfe66645d3714daeec292e3b9e5/details", "https://www.virustotal.com/graph/g9c436978fc00498db5d80e1e40dca510e9b90f67e36d4597a25f55b55926ff5c", "https://hybrid-analysis.com/sample/4af9320f9bcbf6e68edef4c637ae724c539a2bb79aacbf0e18aaef86bc607e33" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1540", "name": "Code Injection", "display_name": "T1540 - Code Injection" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1074, "hostname": 327, "FileHash-SHA256": 621, "domain": 72, "FileHash-MD5": 6, "FileHash-SHA1": 6, "SSLCertFingerprint": 1 }, "indicator_count": 2107, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1251 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "636da9f54028c7db06fb72c0", "name": "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/keymap/5b0a2024c6df0b236b1d3e0cf7e36ca2_AowGame.xml", "description": "", "modified": "2022-12-11T01:02:56.441000", "created": "2022-11-11T01:48:37.290000", "tags": [ "runtime data", "ansi", "size", "copy md5", "copy sha1", "copy sha256", "sha1", "sha256", "unicode", "hash seen", "strings", "hybrid", "general", "click", "date", "hosts", "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/" ], "references": [ "http://pm.myapp.com/invc/xfspeed/qqpcmgr/module_update/emulator/keymap/5b0a2024c6df0b236b1d3e0cf7e36ca2_AowGame.xml p" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 18, "domain": 8, "FileHash-SHA256": 48, "URL": 42, "FileHash-MD5": 11, "FileHash-SHA1": 11 }, "indicator_count": 138, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1267 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63893b995de5ad1e720ff98d", "name": "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "description": "", "modified": "2022-12-01T23:41:13.601000", "created": "2022-12-01T23:41:13.601000", "tags": [ "xmpmm", "adobe photoshop", "macintosh", "creatortool", "createdate", "modifydate", "metadatadate", "instanceid", "documentid", "history", "core", "error", "cascade", "null", "service", "hybrid", "suspicious", "format", "strings", "install", "template", "download", "executor", "android", "class", "corefoundation", "coreml", "mlassetio", "unknown", "battery", "datetime", "os version", "build", "report version", "devs" ], "references": [ "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "hybrid 100/100" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 141, "hostname": 39, "domain": 7, "FileHash-SHA256": 51, "FileHash-MD5": 42, "FileHash-SHA1": 11, "SSLCertFingerprint": 1 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1276 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6383969576b78ed27dadd025", "name": "10.0.0.172 - com.sina.weibo - https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q - TS 100/100", "description": "", "modified": "2022-11-27T17:16:20.697000", "created": "2022-11-27T16:55:49.994000", "tags": [ "ansi", "analysis", "memoryfile scan", "dropped file", "found", "indicator", "text", "sha1", "seen", "static parser", "android", "hybrid", "suspicious", "strings", "insert", "error", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q" ], "references": [ "platformflow.staging.mambucloud.com", "https://ucdl.25pp.com/2014/03/29/1396060230_011736131353.apk?q" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1540", "name": "Code Injection", "display_name": "T1540 - Code Injection" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 33, "FileHash-SHA256": 17, "domain": 2, "hostname": 19, "FileHash-MD5": 6, "FileHash-SHA1": 6, "SSLCertFingerprint": 1 }, "indicator_count": 84, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1281 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f133371c977a4371c132c3", "name": "TZK_ENT.apk Spyware - www.bczp.cn/iphone/soft/ITZK_ENT.apk", "description": "Remote Access\nContains a remote desktop related string\nSpyware\nHas the ability to record audio \nHas the ability to record audio or other media", "modified": "2022-09-07T00:04:00.988000", "created": "2022-08-08T16:00:55.401000", "tags": [ "download", "trojan", "apt", "api key", "please", "www.bczp.cn/iphone/soft/ITZK_ENT.apk", "Chinese Spyware" ], "references": [ "http://fm.dl.126.net/mailmaster/updatemac/update_config.json", "https://hybrid-analysis.com/sample/622e61c6289f71cf616c792fd874a1d99d01f8f200636320a5ff368ff0d3b0d5/62f104f8b9bcb7039b1d23bb", "www.bczp.cn/iphone/soft/ITZK_ENT.apk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1402", "name": "Broadcast Receivers", "display_name": "T1402 - Broadcast Receivers" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 128, "URL": 321, "FileHash-SHA256": 66, "domain": 32, "FileHash-MD5": 46, "CVE": 1, "FileHash-SHA1": 9, "SSLCertFingerprint": 1 }, "indicator_count": 604, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1362 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://com.tencent.mm/.plugin.multitalk.ui.MultiTalkMainUI", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://com.tencent.mm/.plugin.multitalk.ui.MultiTalkMainUI", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780265388.5177813 }