{ "type": "URL", "indicator": "https://www.xmlpull.org/v1/doc/features.html", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.xmlpull.org/v1/doc/features.html", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4031271074, "indicator": "https://www.xmlpull.org/v1/doc/features.html", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69db4698d0cd0d278dc7ebac", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T11:31:40.754000", "created": "2026-04-12T07:15:36.900000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69db469af0e341420764ab93", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T07:15:38.372000", "created": "2026-04-12T07:15:38.372000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69daf535597472533079e5f6", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T03:27:13.698000", "created": "2026-04-12T01:28:21.713000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "windows sandbox", "clear filters", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "program", "date" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957388&Signature=j7mXlx0GVb0TDeeeaHo0qwgZHxnVi4UTmmhgRk3wlp6IEw2ck926P9kdu9Bwyl5LaXy%2FYq3ymJRelUPUI7aCjoJFuGfYD8I7mw7EGYakeIUiWZYxhXK0JlufPqPnve%2FTHZC4XGtctnsv6V7oK3Qelm67Z1%2Fp1QbDgdl0oRB3JQ5cJs5%2BQhbBsphLhRc72Rvb3TCG6FhBlplf06D9RYxzJjXWoh3nCTN%2FCLpspJxyoVqlBlFyuN", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957405&Signature=jmT3CGVytjqR42R8NEdcnfLU2JfSqYRjGKmSOeTIeyM9zjC9SUc2kprtucDQyXxFQrY0aWlR5hpDk3ZhyivJ%2FWtzlSUgIPb%2BsD4I4iRT5lbhHsts9vvdB4gJ74TyMsaHv6yNq1Z5UMtXvu6kPXrDl4WsIFDKpzbKPFhkASB76qeXEEAqD6j%2Bxl8Lheyr7S6sS%2Fgcjh4VUmKvPDoXtavRuNyN3YJ6u4E%2BsfuJXw2zo0wiJOk", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957451&Signature=N2m2sK3XauqRFF3owN9CyW5oH4lW7mCTJC7JDPU4MBjdP9gjHB9u85xL9mfPmTng%2BipCBg7JmSxzAxBzlUHptzenijHka8MDBJ796vBsZ%2Bhf9LGPH8EVYbWTKjlz2eIj3GN4JzKOZa9EQFyZqUbLnR1U2Wsyv0mDXZA1sJtNZKH9fiCn5ywME8YL5w3m6CSem2hdKubPx%2BuC3px0Ln6qwsRV9fAsLV5pmFtLJVdUbNOJ5kXc6e4hc0ohlpRbP27W", "https://vtbehaviour.commondatastorage.googleapis.com/59ab46ed842430175dd343634a4832a8ee326620f572ce6136847ce1ba8cd662_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957494&Signature=UWODW7HArkGZy47J4shCBEE1miTB7G8oVfL98Pw0EcTRZ%2F5tHlFR4FscqBu0h11ell3iLxmgTk%2BVVk6P%2FKLVmhtL8jsFv9TgyY09W0SHHs%2Fd%2BzIzrOZVxeoV3U38ea0NyAdYTQyqu0iYCXCYgK06ML7ILo5aWLIzZINJR1dpRsAwA6uwJSYZ8Zvu5pMSdNF3fBIFVo86ElhKTEk%2F9mXzQCpBu0h9tzUggruaLOAo7S0eTw5JD8", "https://vtbehaviour.commondatastorage.googleapis.com/fb087f42790328af4e77c319f2cba27555061293eaff1776f08a52d1d6a3b842_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957524&Signature=uYl%2BWEuvmmRW4mWz7rkBPJbR6%2B%2Fk2opmif8T16J37itEzu%2Ba9Lx%2FD1xixRy0rucm6zCSI6Yhhq34qv%2FPc3vbJe29oov%2B0vPaVeyDvjDc7dNeBeTOfuauhCWFfaVW6oDvyWLOXVL1glPM8kCxcJHAhWXpS4t36D6nuKhNF4kiEu%2FDaqpON29XxvuYu1DPEdjaYfEkS8Ekofo5n52W2g7cDMyp6MvreGZ3gInElrum1ueOVAEiSWog7g" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 97, "FileHash-SHA1": 91, "FileHash-SHA256": 107, "URL": 538, "domain": 29, "hostname": 256, "IPv4": 39 }, "indicator_count": 1157, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67980c317b7bb954fd0cc8ab", "name": "https://vuldb.com/ http://www.scip.ch http://cvedetails.com", "description": "", "modified": "2025-05-14T20:42:29.121000", "created": "2025-01-27T22:44:01.462000", "tags": [ "sha256", "imphasz", "pejzasz", "wirustotal", "wysoki", "baseseverity", "google android", "tempseverity", "redni", "limit", "znaleziono luk", "zostaa", "cwe787", "vuldb", "impact", "android", "scip", "scip ag", "zurich", "switzerland", "swiss", "security", "contact", "vulnerability", "news", "us news", "history data", "privacy notice", "offense defense", "locations blog", "defense", "alexa", "google play", "cve pliki", "krytyczny", "androidem", "aosp", "imagination", "zabezpiecze z", "problemy", "typ poziom", "protect", "mainline", "pixel", "ssdeep", "z\u00fcrich", "schweiz", "magazin bcher", "business firma", "news vortrge", "aktuell archiv", "anfahrt blog", "blog aktuell", "archiv", "vulnerability database", "vulnerability data feed", "vdb", "vulndb", "cve", "nvd", "cyber threat intelligence", "hack", "hacking", "it-security", "information security", "infosec", "cybersecurity", "exploit", "exploiting", "open-source", "team", "tenda cp3", "vuldb mod", "cti team", "intelligence", "please", "abb flxeon", "latest", "exploits", "sliver", "download", "sha1" ], "references": [ "https://source.android.com/security/bulletin/2021", "http://www.scip.ch", "http://vuldb.com", "http://cvedetails.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 140, "URL": 605, "CVE": 37, "domain": 68, "FileHash-SHA256": 653, "FileHash-MD5": 52, "FileHash-SHA1": 82, "IPv4": 6, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "341 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://source.android.com/security/bulletin/2021", "https://vtbehaviour.commondatastorage.googleapis.com/fb087f42790328af4e77c319f2cba27555061293eaff1776f08a52d1d6a3b842_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957524&Signature=uYl%2BWEuvmmRW4mWz7rkBPJbR6%2B%2Fk2opmif8T16J37itEzu%2Ba9Lx%2FD1xixRy0rucm6zCSI6Yhhq34qv%2FPc3vbJe29oov%2B0vPaVeyDvjDc7dNeBeTOfuauhCWFfaVW6oDvyWLOXVL1glPM8kCxcJHAhWXpS4t36D6nuKhNF4kiEu%2FDaqpON29XxvuYu1DPEdjaYfEkS8Ekofo5n52W2g7cDMyp6MvreGZ3gInElrum1ueOVAEiSWog7g", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957405&Signature=jmT3CGVytjqR42R8NEdcnfLU2JfSqYRjGKmSOeTIeyM9zjC9SUc2kprtucDQyXxFQrY0aWlR5hpDk3ZhyivJ%2FWtzlSUgIPb%2BsD4I4iRT5lbhHsts9vvdB4gJ74TyMsaHv6yNq1Z5UMtXvu6kPXrDl4WsIFDKpzbKPFhkASB76qeXEEAqD6j%2Bxl8Lheyr7S6sS%2Fgcjh4VUmKvPDoXtavRuNyN3YJ6u4E%2BsfuJXw2zo0wiJOk", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957451&Signature=N2m2sK3XauqRFF3owN9CyW5oH4lW7mCTJC7JDPU4MBjdP9gjHB9u85xL9mfPmTng%2BipCBg7JmSxzAxBzlUHptzenijHka8MDBJ796vBsZ%2Bhf9LGPH8EVYbWTKjlz2eIj3GN4JzKOZa9EQFyZqUbLnR1U2Wsyv0mDXZA1sJtNZKH9fiCn5ywME8YL5w3m6CSem2hdKubPx%2BuC3px0Ln6qwsRV9fAsLV5pmFtLJVdUbNOJ5kXc6e4hc0ohlpRbP27W", "https://vtbehaviour.commondatastorage.googleapis.com/59ab46ed842430175dd343634a4832a8ee326620f572ce6136847ce1ba8cd662_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957494&Signature=UWODW7HArkGZy47J4shCBEE1miTB7G8oVfL98Pw0EcTRZ%2F5tHlFR4FscqBu0h11ell3iLxmgTk%2BVVk6P%2FKLVmhtL8jsFv9TgyY09W0SHHs%2Fd%2BzIzrOZVxeoV3U38ea0NyAdYTQyqu0iYCXCYgK06ML7ILo5aWLIzZINJR1dpRsAwA6uwJSYZ8Zvu5pMSdNF3fBIFVo86ElhKTEk%2F9mXzQCpBu0h9tzUggruaLOAo7S0eTw5JD8", "http://www.scip.ch", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957388&Signature=j7mXlx0GVb0TDeeeaHo0qwgZHxnVi4UTmmhgRk3wlp6IEw2ck926P9kdu9Bwyl5LaXy%2FYq3ymJRelUPUI7aCjoJFuGfYD8I7mw7EGYakeIUiWZYxhXK0JlufPqPnve%2FTHZC4XGtctnsv6V7oK3Qelm67Z1%2Fp1QbDgdl0oRB3JQ5cJs5%2BQhbBsphLhRc72Rvb3TCG6FhBlplf06D9RYxzJjXWoh3nCTN%2FCLpspJxyoVqlBlFyuN", "http://cvedetails.com", "http://vuldb.com", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 3131 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/xmlpull.org", "whois": "http://whois.domaintools.com/xmlpull.org", "domain": "xmlpull.org", "hostname": "www.xmlpull.org" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69db4698d0cd0d278dc7ebac", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T11:31:40.754000", "created": "2026-04-12T07:15:36.900000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69db469af0e341420764ab93", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T07:15:38.372000", "created": "2026-04-12T07:15:38.372000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69daf535597472533079e5f6", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T03:27:13.698000", "created": "2026-04-12T01:28:21.713000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "windows sandbox", "clear filters", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "program", "date" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957388&Signature=j7mXlx0GVb0TDeeeaHo0qwgZHxnVi4UTmmhgRk3wlp6IEw2ck926P9kdu9Bwyl5LaXy%2FYq3ymJRelUPUI7aCjoJFuGfYD8I7mw7EGYakeIUiWZYxhXK0JlufPqPnve%2FTHZC4XGtctnsv6V7oK3Qelm67Z1%2Fp1QbDgdl0oRB3JQ5cJs5%2BQhbBsphLhRc72Rvb3TCG6FhBlplf06D9RYxzJjXWoh3nCTN%2FCLpspJxyoVqlBlFyuN", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957405&Signature=jmT3CGVytjqR42R8NEdcnfLU2JfSqYRjGKmSOeTIeyM9zjC9SUc2kprtucDQyXxFQrY0aWlR5hpDk3ZhyivJ%2FWtzlSUgIPb%2BsD4I4iRT5lbhHsts9vvdB4gJ74TyMsaHv6yNq1Z5UMtXvu6kPXrDl4WsIFDKpzbKPFhkASB76qeXEEAqD6j%2Bxl8Lheyr7S6sS%2Fgcjh4VUmKvPDoXtavRuNyN3YJ6u4E%2BsfuJXw2zo0wiJOk", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957451&Signature=N2m2sK3XauqRFF3owN9CyW5oH4lW7mCTJC7JDPU4MBjdP9gjHB9u85xL9mfPmTng%2BipCBg7JmSxzAxBzlUHptzenijHka8MDBJ796vBsZ%2Bhf9LGPH8EVYbWTKjlz2eIj3GN4JzKOZa9EQFyZqUbLnR1U2Wsyv0mDXZA1sJtNZKH9fiCn5ywME8YL5w3m6CSem2hdKubPx%2BuC3px0Ln6qwsRV9fAsLV5pmFtLJVdUbNOJ5kXc6e4hc0ohlpRbP27W", "https://vtbehaviour.commondatastorage.googleapis.com/59ab46ed842430175dd343634a4832a8ee326620f572ce6136847ce1ba8cd662_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957494&Signature=UWODW7HArkGZy47J4shCBEE1miTB7G8oVfL98Pw0EcTRZ%2F5tHlFR4FscqBu0h11ell3iLxmgTk%2BVVk6P%2FKLVmhtL8jsFv9TgyY09W0SHHs%2Fd%2BzIzrOZVxeoV3U38ea0NyAdYTQyqu0iYCXCYgK06ML7ILo5aWLIzZINJR1dpRsAwA6uwJSYZ8Zvu5pMSdNF3fBIFVo86ElhKTEk%2F9mXzQCpBu0h9tzUggruaLOAo7S0eTw5JD8", "https://vtbehaviour.commondatastorage.googleapis.com/fb087f42790328af4e77c319f2cba27555061293eaff1776f08a52d1d6a3b842_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775957524&Signature=uYl%2BWEuvmmRW4mWz7rkBPJbR6%2B%2Fk2opmif8T16J37itEzu%2Ba9Lx%2FD1xixRy0rucm6zCSI6Yhhq34qv%2FPc3vbJe29oov%2B0vPaVeyDvjDc7dNeBeTOfuauhCWFfaVW6oDvyWLOXVL1glPM8kCxcJHAhWXpS4t36D6nuKhNF4kiEu%2FDaqpON29XxvuYu1DPEdjaYfEkS8Ekofo5n52W2g7cDMyp6MvreGZ3gInElrum1ueOVAEiSWog7g" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 97, "FileHash-SHA1": 91, "FileHash-SHA256": 107, "URL": 538, "domain": 29, "hostname": 256, "IPv4": 39 }, "indicator_count": 1157, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "67980c317b7bb954fd0cc8ab", "name": "https://vuldb.com/ http://www.scip.ch http://cvedetails.com", "description": "", "modified": "2025-05-14T20:42:29.121000", "created": "2025-01-27T22:44:01.462000", "tags": [ "sha256", "imphasz", "pejzasz", "wirustotal", "wysoki", "baseseverity", "google android", "tempseverity", "redni", "limit", "znaleziono luk", "zostaa", "cwe787", "vuldb", "impact", "android", "scip", "scip ag", "zurich", "switzerland", "swiss", "security", "contact", "vulnerability", "news", "us news", "history data", "privacy notice", "offense defense", "locations blog", "defense", "alexa", "google play", "cve pliki", "krytyczny", "androidem", "aosp", "imagination", "zabezpiecze z", "problemy", "typ poziom", "protect", "mainline", "pixel", "ssdeep", "z\u00fcrich", "schweiz", "magazin bcher", "business firma", "news vortrge", "aktuell archiv", "anfahrt blog", "blog aktuell", "archiv", "vulnerability database", "vulnerability data feed", "vdb", "vulndb", "cve", "nvd", "cyber threat intelligence", "hack", "hacking", "it-security", "information security", "infosec", "cybersecurity", "exploit", "exploiting", "open-source", "team", "tenda cp3", "vuldb mod", "cti team", "intelligence", "please", "abb flxeon", "latest", "exploits", "sliver", "download", "sha1" ], "references": [ "https://source.android.com/security/bulletin/2021", "http://www.scip.ch", "http://vuldb.com", "http://cvedetails.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 140, "URL": 605, "CVE": 37, "domain": 68, "FileHash-SHA256": 653, "FileHash-MD5": 52, "FileHash-SHA1": 82, "IPv4": 6, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "341 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.xmlpull.org/v1/doc/features.html", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.xmlpull.org/v1/doc/features.html", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776732695.035174 }