{ "Event": { "analysis": "1", "date": "2025-11-24", "extends_uuid": "", "info": "[Threat Intel] Hidden Google Play Adware Drains Devices and Disrupts Millions of Users", "protected": false, "publish_timestamp": "1780041323", "published": true, "threat_level_id": "3", "timestamp": "1772902066", "uuid": "8880426c-4970-4b04-b4c3-528c8e3e1eec", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Authorized App Store - T1475\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Foreground Persistence - T1541\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Generate Fraudulent Advertising Revenue - T1472\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764629004", "to_ids": false, "type": "link", "uuid": "bdae21ff-28fd-4db2-8a49-eb1bdaeba295", "value": "https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1764629004", "to_ids": false, "type": "text", "uuid": "84a9c42a-3c05-4b68-936b-dc90a450c078", "value": "A large-scale Android adware campaign dubbed 'GhostAd' has been uncovered, affecting millions of users primarily in East and Southeast Asia. The campaign involved multiple apps on Google Play that appeared harmless but created persistent background advertising engines, draining device resources and disrupting normal phone use. These apps used foreground services, job schedulers, and continuous ad refreshing to maintain their presence even after users closed or rebooted their devices. The adware integrated multiple legitimate advertising SDKs but violated fair-use policies by continuously loading ads without user interaction. Users experienced battery drain, reduced performance, and difficulty in removing the apps. Google has since removed the identified apps from the Play Store and disabled them via Google Play Protect." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1764629004", "to_ids": false, "type": "text", "uuid": "70b3c595-aa50-4a62-9222-7822d1208c7e", "value": "Name: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users\nAuthor: AlienVault\nAdversary: \nTags: [\"advertising sdks\", \"android\", \"google play\", \"adware\", \"east asia\", \"southeast asia\", \"ghostad\", \"app removal\", \"resource drain\", \"persistence\"]\nTgtd countries: [\"Malaysia\", \"Pakistan\", \"Philippines\"]\nMlwr families: [\"GhostAd\"]\nAttack_ids: []\nIndustries: []" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1767697547", "uuid": "47ec2415-900a-4986-908c-fd0556b84d6b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1767697547", "to_ids": true, "type": "md5", "uuid": "8a96ec71-256a-4fcf-a007-18818017efa3", "value": "f94db302539cd2e63c126bb92451a66b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1767695416", "to_ids": true, "type": "sha1", "uuid": "736602b6-39a9-4318-bfac-61b802184a07", "value": "68a04eec7fafeccfe8cee874e87bbd3d985c34ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1767695416", "to_ids": true, "type": "sha256", "uuid": "068c4da5-3423-4584-bd52-1cd24bb62484", "value": "13805e77fb44a5a5af829f13ee494b9cfc4d5c9b470d51014cd506bd40c57426", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1767693929", "to_ids": true, "type": "ssdeep", "uuid": "d7944144-d8e7-4eeb-93f5-5d42798332a3", "value": "393216:V7Sd5OrJKdrJPYDJvEH/PbdI1gSS9N9xsZyIiAIbZFa6qNNJUoAj:YwYJANYXuCjh2ZyIiAIbv1D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1767693929", "to_ids": false, "type": "size-in-bytes", "uuid": "9d88c32a-6a87-4b51-a1e1-463d8e03acbc", "value": "41139981" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1767693929", "to_ids": true, "type": "vhash", "uuid": "5a441e9c-aa77-4fc3-a91a-fd51501b08ff", "value": "aa29cd7306f2f4bd367db69f1e5cfc2a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1767693929", "to_ids": true, "type": "filename", "uuid": "d72be49f-d5b2-4e1d-a655-e55a134602cd", "value": "com.qrzoom.cnchzj.apk" }, { "category": "Other", "comment": "Checked: 06/01/2026\nLast-scan\t: 29/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1767693929", "to_ids": false, "type": "text", "uuid": "cd8c99f8-925c-483f-87cb-607e92b1b603", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:8/67\nFirst Submission:2025-09-30T08:10:45.000000+00:00\nLast Submission:2025-11-02T08:37:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1767697568", "uuid": "14e10b2e-6462-4619-873d-de0a16624568", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1767697568", "to_ids": true, "type": "md5", "uuid": "e588c1f6-537b-458b-9292-80e001ace34a", "value": "ac289e27a2f0585285911b2009252499", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1767695417", "to_ids": true, "type": "sha1", "uuid": "1d033535-2cbd-4064-818b-7496ea6e68e7", "value": "787687fafe6d968bc0d781dda14ed7e537eab860", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1767695417", "to_ids": true, "type": "sha256", "uuid": "1b7460f7-969e-40ee-b0ba-cba35cb0bedd", "value": "7185a439005033b45b48294b302973898e68d8c898003f98acc275b27948ad40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1767693951", "to_ids": true, "type": "ssdeep", "uuid": "26978a4d-1805-41df-ad73-74908f2d498f", "value": "393216:id742fppriuCmYUdvbuj5IrOAO94bTf1W3XXX8ezxfrkh5jH9zmvXLA3p:iLifivbuj5mOqbTf6XXpNry5jdMXLA5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1767693951", "to_ids": false, "type": "size-in-bytes", "uuid": "f2742d1c-c29d-44ac-bb49-b26d51260faa", "value": "41568423" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1767693951", "to_ids": true, "type": "vhash", "uuid": "b03ba2ce-2de6-4d2e-b371-94f20da98a22", "value": "2c1e76dad0ddd71b8e160fe2748becc0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1767693951", "to_ids": true, "type": "filename", "uuid": "28f4e989-1734-438b-b295-080404c23890", "value": "7185a439005033b45b48294b302973898e68d8c898003f98acc275b27948ad40.apk" }, { "category": "Other", "comment": "Checked: 06/01/2026\nLast-scan\t: 29/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1767693951", "to_ids": false, "type": "text", "uuid": "6ed94b41-7b0c-4d3e-a25e-2c52cb8ef2bb", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:6/68\nFirst Submission:2025-10-13T01:03:48.000000+00:00\nLast Submission:2025-10-23T05:26:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1767697589", "uuid": "836dd186-6ff2-4969-9177-14b0ba1fc499", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1767697589", "to_ids": true, "type": "md5", "uuid": "42bcc08b-5514-4a39-afc8-a12c033ebd02", "value": "d0346b347cdad6b2d9bd5444924fe8b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1767695418", "to_ids": true, "type": "sha1", "uuid": "a99b922c-00f8-4aa5-8536-f7404be8428d", "value": "e4ab7e433f100219379583da4e1400a5c07a8ee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1767695418", "to_ids": true, "type": "sha256", "uuid": "5b2b118d-2891-4573-8872-33f2e4ddfbdd", "value": "91eb6afb903b2155246cb64289b4c2554922e0472fb355091843e0138c91a114", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1767693972", "to_ids": true, "type": "ssdeep", "uuid": "cd4e1632-9160-4e6c-94d7-43049b2d516e", "value": "393216:L9ap9hRMjeuBtjTQJSw6GRKxNHMTT8Mwo6KsJsOope7Fg:QpjABlTqcNsc2uJsOokFg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1767693972", "to_ids": false, "type": "size-in-bytes", "uuid": "6bc08d51-274b-402e-bc34-3540aa1d5d77", "value": "37622774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1767693972", "to_ids": true, "type": "vhash", "uuid": "ce97c898-15ce-4342-b6c5-4c8384bc7149", "value": "eed65b97123a93cc5bceb839ff40729c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1767693972", "to_ids": true, "type": "filename", "uuid": "156a0879-ba90-433d-8376-c6d820eb4d55", "value": "91eb6afb903b2155246cb64289b4c2554922e0472fb355091843e0138c91a114.apk" }, { "category": "Other", "comment": "Checked: 06/01/2026\nLast-scan\t: 29/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1767693972", "to_ids": false, "type": "text", "uuid": "645db446-3fbd-4bed-bf8f-67fa940c8580", "value": "Type Description: Android\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:15/68\nFirst Submission:2025-10-23T15:55:56.000000+00:00\nLast Submission:2025-11-10T14:44:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1767697611", "uuid": "e75d6cc3-abad-46ce-a62d-156371b910a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1767697611", "to_ids": true, "type": "md5", "uuid": "a6cbb7d6-a10f-4dd3-8753-756241d964b5", "value": "e0800d9cc1824dc725ab44f35b8ecfef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1767695419", "to_ids": true, "type": "sha1", "uuid": "d5e657fa-794a-4ae7-89ee-755cb0ab2927", "value": "88a640ad499708ef49a7b69d371c120d19ef3583", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1767695419", "to_ids": true, "type": "sha256", "uuid": "d708ed4b-e8ed-4f1a-8a97-eb51daef2681", "value": "a039c862807a14482169db0db5904749b7e5d733807418430d1cc3c2e3724f96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1767693994", "to_ids": true, "type": "ssdeep", "uuid": "9e4f89d1-cf8a-43a0-8bde-5840c0fbceb2", "value": "786432:xCUK4IYDCuZss8Bv7y/SULZyIiAIb28zy:xo4zZyIiAIbO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1767693994", "to_ids": false, "type": "size-in-bytes", "uuid": "27b3ce9a-4adf-47c4-b0fa-2192affd6b65", "value": "45959295" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1767693994", "to_ids": true, "type": "vhash", "uuid": "7ab8dcb3-8a4e-46ee-8ae4-60c2414cd7d0", "value": "aa29cd7306f2f4bd367db69f1e5cfc2a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1767693994", "to_ids": true, "type": "filename", "uuid": "c7e040c7-cb86-43fb-b86e-018539151462", "value": "a039c862807a14482169db0db5904749b7e5d733807418430d1cc3c2e3724f96.apk" }, { "category": "Other", "comment": "Checked: 06/01/2026\nLast-scan\t: 29/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1767693994", "to_ids": false, "type": "text", "uuid": "5774947c-0697-4454-8d51-050f6ca8353f", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:9/66\nFirst Submission:2025-10-11T11:40:30.000000+00:00\nLast Submission:2025-10-28T02:25:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1767697632", "uuid": "8e378bfc-b768-4b8a-bbbb-d57bb3935f68", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1767697632", "to_ids": true, "type": "md5", "uuid": "e7f4b083-bc98-4c5b-96c9-ca8eb493ea40", "value": "2ae1474680ff4e0bf5bb336609cc99a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1767695421", "to_ids": true, "type": "sha1", "uuid": "9fceff5f-3453-48ba-8fcd-8c3daa761433", "value": "98404334c68df52925b93ed537229e219491484f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1767695421", "to_ids": true, "type": "sha256", "uuid": "d66c6331-f131-456b-ad9b-65c3cc8d1f14", "value": "ebd4365923964218caa24c9f88f009aefa7f1427a20f0f02927c98285734dae5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1767694016", "to_ids": true, "type": "ssdeep", "uuid": "acd6e6eb-9cfc-4ab5-87df-d5c154bf6374", "value": "786432:8s1bAAKacx7Q8etpD4lEZyIiAIb2iOjNE:7Ax7OZyIiAIb2lO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1767694016", "to_ids": false, "type": "size-in-bytes", "uuid": "8bb74f5f-3678-4df1-bd1e-d9ada28d7710", "value": "43151034" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1767694016", "to_ids": true, "type": "vhash", "uuid": "b6506bbc-b992-451a-9f43-893d163d0d36", "value": "32f5e29b9e13069a4ea5fc1263989a5a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1767694016", "to_ids": true, "type": "filename", "uuid": "6216e3c3-d03f-4f92-91e0-37d15b881360", "value": "ebd4365923964218caa24c9f88f009aefa7f1427a20f0f02927c98285734dae5.apk" }, { "category": "Other", "comment": "Checked: 06/01/2026\nLast-scan\t: 29/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1767694016", "to_ids": false, "type": "text", "uuid": "8474322a-a08f-4008-9756-0bcdbc6306ec", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:6/66\nFirst Submission:2025-09-16T06:46:02.000000+00:00\nLast Submission:2025-11-02T15:38:48.000000+00:00" } ] } ] } }