{ "type": "Domain", "indicator": "version.properties", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/version.properties", "alexa": "http://www.alexa.com/siteinfo/version.properties", "indicator": "version.properties", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2704140583, "indicator": "version.properties", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69d38c3c31ed79d5da57c209", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.822000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d38c3c712738e344743ed2", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.065000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68437e52b8af5d3ada5de35a", "name": "Baidu -Dangerous behavior gained through malicious ads", "description": "droid.permission.RECEIVE_BOOT_COMPLETED\nandroid.permission.WRITE_SETTINGS\nandroid.permission.VIBRATE\ncom.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY\ngetui.permission.GetuiService.cn.quicktv.androidpro\ncom.android.launcher.permission.INSTALL_SHORTCUT\nandroid.permission.ACCESS_WIFI_STATE\nandroid.permission.WAKE_LOCK\nandroid.permission.ACCESS_DOWNLOAD_MANAGER\nandroid.permission.MODIFY_AUDIO_SETTINGS\nMore: https://www.virustotal.com/gui/file/0033fd6cacc814fb077261e7c19bc1137250ef80409a2a64919b2957a7982a8e/details", "modified": "2025-07-06T23:00:11.603000", "created": "2025-06-06T23:48:34.875000", "tags": [ "filehashsha1", "filehashsha256", "get http", "post http", "get https", "post https", "resolved ips", "detail info", "flag", "componentname", "componentinfo", "behaviour", "start", "linux", "android", "forbidden date", "gmt connection", "extras", "accept", "file type" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 8, "URL": 54, "hostname": 16, "domain": 18 }, "indicator_count": 100, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6223086a4908687e9df0ac1f", "name": "NewDom-7-20220305", "description": "ICANN-Dom", "modified": "2022-04-19T00:01:05.210000", "created": "2022-03-05T06:51:22.245000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69d38c3c31ed79d5da57c209", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.822000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d38c3c712738e344743ed2", "name": "VirusTotal report\n for sample.apk", "description": "A sample of malware found in the latest version of the Android operating system has been identified by researchers at the University of California, Los Angeles. \u00c2\u00a32.5m (1.8m euros)>> this is so strong i cant even copy/paste", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:34:36.065000", "tags": [ "united", "has permission", "belgium", "file type", "may try", "https", "urls", "may access", "mitre attack", "network info", "malicious", "next", "windows sandbox", "clear filters", "reads", "apks", "accesses", "tls version", "t1413 access", "sensitive data", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471617&Signature=x4IxWb2blmi71%2Fom%2FmlGUwDf%2Fn8jPr2F%2FYVZ6U6EIreNBvKnGH67sOeu32thXveBB7jvgA2H5G1%2Fd7Fxo0eX79c3r93NoS6SzUX2566TDnKXHf4v5stQK35cGRzPOxGUMRqzwJMLUr8i674Ses7K1N%2F%2FBPfZEXupFdNgb9nCuJf%2B9o%2FDmNOO58V5SnHR%2F4%2Fy%2Fyno3g43lJ%2FWhhuR3c3%2Fo60A0xqpdswD", "https://vtbehaviour.commondatastorage.googleapis.com/0000730ea89fbbe53a526474f9c6281f769825ef8bbb91e5488b893c8865b6e2_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471639&Signature=aMdH8c7QpUdtPrzwuioQYfmuGkM%2BEUvT9X9UmV7apYYnnb1pSlKupGRD0asdRP%2FSPKfzatIKSYRRXtmzNqmzwVWptBydFE7wM%2By2aVGZQWSl2XDL5J%2BQm81RvqxS6TdIKppa0qjMKnvOXKUwRcMZUEE8bGiK2rarAplWbo6HaZkbSlyWNxOHnfV00h5V0ECJKzCU%2BPUP2kd5LadpQY6ZaEcvHjQEZXxYamIWWMf65xlPCDv", "https://vtbehaviour.commondatastorage.googleapis.com/0002e7897592a90276f84970f149547f70643829dcdfaccc55130ce13c1e18f8_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471800&Signature=M%2BhqXe8rDYTRRLbeIJgj45r87F%2Fg4pnPmpPOhmqvi86yX6OFTaPD0ZTT3u6Sd6L3Y2x6c5SkXynOum8uuSgBWtswYxObaGRvsXTHif7in%2B95g4y9KmyfvUNCGHHk2q3DupGeaz4donpGLNHk%2BU0J6Uw71rrx1QsKI8xbnOq69NIssYUP28ZHvXAWSAaxz5tqr4%2BrKXt46VNM9AqYTRx1BXkIpCnbBHXz%2BrD8JTpFs4scamGD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 170, "FileHash-MD5": 8, "FileHash-SHA1": 7, "URL": 49, "domain": 7, "hostname": 31 }, "indicator_count": 272, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68437e52b8af5d3ada5de35a", "name": "Baidu -Dangerous behavior gained through malicious ads", "description": "droid.permission.RECEIVE_BOOT_COMPLETED\nandroid.permission.WRITE_SETTINGS\nandroid.permission.VIBRATE\ncom.samsung.android.providers.context.permission.WRITE_USE_APP_FEATURE_SURVEY\ngetui.permission.GetuiService.cn.quicktv.androidpro\ncom.android.launcher.permission.INSTALL_SHORTCUT\nandroid.permission.ACCESS_WIFI_STATE\nandroid.permission.WAKE_LOCK\nandroid.permission.ACCESS_DOWNLOAD_MANAGER\nandroid.permission.MODIFY_AUDIO_SETTINGS\nMore: https://www.virustotal.com/gui/file/0033fd6cacc814fb077261e7c19bc1137250ef80409a2a64919b2957a7982a8e/details", "modified": "2025-07-06T23:00:11.603000", "created": "2025-06-06T23:48:34.875000", "tags": [ "filehashsha1", "filehashsha256", "get http", "post http", "get https", "post https", "resolved ips", "detail info", "flag", "componentname", "componentinfo", "behaviour", "start", "linux", "android", "forbidden date", "gmt connection", "extras", "accept", "file type" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 8, "URL": 54, "hostname": 16, "domain": 18 }, "indicator_count": 100, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "331 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6223086a4908687e9df0ac1f", "name": "NewDom-7-20220305", "description": "ICANN-Dom", "modified": "2022-04-19T00:01:05.210000", "created": "2022-03-05T06:51:22.245000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ZENDataGELowC", "id": "152785", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": {}, "indicator_count": 0, "is_author": false, "is_subscribing": null, "subscriber_count": 202, "modified_text": "1506 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 0 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "version.properties", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "version.properties", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780499347.2702973 }