{ "type": "URL", "indicator": "https://android.intent.action.media", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://android.intent.action.media", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3390763593, "indicator": "https://android.intent.action.media", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "63893b995de5ad1e720ff98d", "name": "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "description": "", "modified": "2022-12-01T23:41:13.601000", "created": "2022-12-01T23:41:13.601000", "tags": [ "xmpmm", "adobe photoshop", "macintosh", "creatortool", "createdate", "modifydate", "metadatadate", "instanceid", "documentid", "history", "core", "error", "cascade", "null", "service", "hybrid", "suspicious", "format", "strings", "install", "template", "download", "executor", "android", "class", "corefoundation", "coreml", "mlassetio", "unknown", "battery", "datetime", "os version", "build", "report version", "devs" ], "references": [ "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "hybrid 100/100" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 141, "hostname": 39, "domain": 7, "FileHash-SHA256": 51, "FileHash-MD5": 42, "FileHash-SHA1": 11, "SSLCertFingerprint": 1 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1277 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f133371c977a4371c132c3", "name": "TZK_ENT.apk Spyware - www.bczp.cn/iphone/soft/ITZK_ENT.apk", "description": "Remote Access\nContains a remote desktop related string\nSpyware\nHas the ability to record audio \nHas the ability to record audio or other media", "modified": "2022-09-07T00:04:00.988000", "created": "2022-08-08T16:00:55.401000", "tags": [ "download", "trojan", "apt", "api key", "please", "www.bczp.cn/iphone/soft/ITZK_ENT.apk", "Chinese Spyware" ], "references": [ "http://fm.dl.126.net/mailmaster/updatemac/update_config.json", "https://hybrid-analysis.com/sample/622e61c6289f71cf616c792fd874a1d99d01f8f200636320a5ff368ff0d3b0d5/62f104f8b9bcb7039b1d23bb", "www.bczp.cn/iphone/soft/ITZK_ENT.apk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1402", "name": "Broadcast Receivers", "display_name": "T1402 - Broadcast Receivers" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 128, "URL": 321, "FileHash-SHA256": 66, "domain": 32, "FileHash-MD5": 46, "CVE": 1, "FileHash-SHA1": 9, "SSLCertFingerprint": 1 }, "indicator_count": 604, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1363 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622209a50b6a7861c1c2e4db", "name": "online file analysis results forl MCE-PX14.2.apk", "description": "", "modified": "2022-03-04T12:44:21.020000", "created": "2022-03-04T12:44:21.020000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://hybrid-analysis.com/sample/8cf4b1a83f19b1304962777d61ec69512a60992b2eda1db5addb16c910bb0b2c?environmentId=200", "Associated URLs hxxps://c.mobi-connect.net/crs/repository/CRSWS/itmomclients/-608018437/MCE-PX14.2.apk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1402", "name": "Broadcast Receivers", "display_name": "T1402 - Broadcast Receivers" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1433", "name": "Access Call Log", "display_name": "T1433 - Access Call Log" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 95, "domain": 15, "hostname": 46, "FileHash-SHA256": 26, "FileHash-MD5": 1, "FileHash-SHA1": 1, "SSLCertFingerprint": 1 }, "indicator_count": 185, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/622e61c6289f71cf616c792fd874a1d99d01f8f200636320a5ff368ff0d3b0d5/62f104f8b9bcb7039b1d23bb", "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "https://hybrid-analysis.com/sample/8cf4b1a83f19b1304962777d61ec69512a60992b2eda1db5addb16c910bb0b2c?environmentId=200", "hybrid 100/100", "www.bczp.cn/iphone/soft/ITZK_ENT.apk", "http://fm.dl.126.net/mailmaster/updatemac/update_config.json", "Associated URLs hxxps://c.mobi-connect.net/crs/repository/CRSWS/itmomclients/-608018437/MCE-PX14.2.apk" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 969 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/action.media", "whois": "http://whois.domaintools.com/action.media", "domain": "action.media", "hostname": "android.intent.action.media" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "63893b995de5ad1e720ff98d", "name": "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "description": "", "modified": "2022-12-01T23:41:13.601000", "created": "2022-12-01T23:41:13.601000", "tags": [ "xmpmm", "adobe photoshop", "macintosh", "creatortool", "createdate", "modifydate", "metadatadate", "instanceid", "documentid", "history", "core", "error", "cascade", "null", "service", "hybrid", "suspicious", "format", "strings", "install", "template", "download", "executor", "android", "class", "corefoundation", "coreml", "mlassetio", "unknown", "battery", "datetime", "os version", "build", "report version", "devs" ], "references": [ "jxz1.tqqyun.com/apk/com.ocj.oms.mobile.apk", "hybrid 100/100" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 141, "hostname": 39, "domain": 7, "FileHash-SHA256": 51, "FileHash-MD5": 42, "FileHash-SHA1": 11, "SSLCertFingerprint": 1 }, "indicator_count": 292, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1277 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f133371c977a4371c132c3", "name": "TZK_ENT.apk Spyware - www.bczp.cn/iphone/soft/ITZK_ENT.apk", "description": "Remote Access\nContains a remote desktop related string\nSpyware\nHas the ability to record audio \nHas the ability to record audio or other media", "modified": "2022-09-07T00:04:00.988000", "created": "2022-08-08T16:00:55.401000", "tags": [ "download", "trojan", "apt", "api key", "please", "www.bczp.cn/iphone/soft/ITZK_ENT.apk", "Chinese Spyware" ], "references": [ "http://fm.dl.126.net/mailmaster/updatemac/update_config.json", "https://hybrid-analysis.com/sample/622e61c6289f71cf616c792fd874a1d99d01f8f200636320a5ff368ff0d3b0d5/62f104f8b9bcb7039b1d23bb", "www.bczp.cn/iphone/soft/ITZK_ENT.apk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1021", "name": "Remote Services", "display_name": "T1021 - Remote Services" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1402", "name": "Broadcast Receivers", "display_name": "T1402 - Broadcast Receivers" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1420", "name": "File and Directory Discovery", "display_name": "T1420 - File and Directory Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 128, "URL": 321, "FileHash-SHA256": 66, "domain": 32, "FileHash-MD5": 46, "CVE": 1, "FileHash-SHA1": 9, "SSLCertFingerprint": 1 }, "indicator_count": 604, "is_author": false, "is_subscribing": null, "subscriber_count": 392, "modified_text": "1363 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622209a50b6a7861c1c2e4db", "name": "online file analysis results forl MCE-PX14.2.apk", "description": "", "modified": "2022-03-04T12:44:21.020000", "created": "2022-03-04T12:44:21.020000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://hybrid-analysis.com/sample/8cf4b1a83f19b1304962777d61ec69512a60992b2eda1db5addb16c910bb0b2c?environmentId=200", "Associated URLs hxxps://c.mobi-connect.net/crs/repository/CRSWS/itmomclients/-608018437/MCE-PX14.2.apk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1402", "name": "Broadcast Receivers", "display_name": "T1402 - Broadcast Receivers" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1433", "name": "Access Call Log", "display_name": "T1433 - Access Call Log" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 95, "domain": 15, "hostname": 46, "FileHash-SHA256": 26, "FileHash-MD5": 1, "FileHash-SHA1": 1, "SSLCertFingerprint": 1 }, "indicator_count": 185, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1550 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://android.intent.action.media", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://android.intent.action.media", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780344566.9388208 }