{ "Event": { "analysis": "1", "date": "2026-04-10", "extends_uuid": "", "info": "[Threat Intel] A new Android RAT turning infected devices into potential residential proxy nodes", "protected": false, "publish_timestamp": "1776462994", "published": true, "threat_level_id": "3", "timestamp": "1776462994", "uuid": "a4fe071d-1e40-47d8-b9e6-7bf223c00980", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#5f0077", "local": false, "name": "ms-caro-malware:malware-platform=\"AndroidOS\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#620e4e", "local": false, "name": "misp-galaxy:target-information=\"Hungary\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": "" }, { "colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": "" }, { "colour": "#c62adc", "local": false, "name": "misp-galaxy:target-information=\"Slovenia\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776135643", "to_ids": false, "type": "link", "uuid": "eb3ed112-428f-4bac-8d85-814881dcd028", "value": "https://www.cleafy.com/cleafy-labs/mirax-a-new-android-rat-turning-infected-devices-into-potential-residential-proxy-nodes", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776135643", "to_ids": false, "type": "text", "uuid": "cf09bb8f-e2f6-4cce-ac08-c50204ed18a0", "value": "Mirax is a newly identified Android Remote Access Trojan operating as Malware-as-a-Service, actively targeting European users, particularly in Spanish-speaking regions. Distributed through Meta advertisements and GitHub-hosted droppers, the malware has reached over 200,000 accounts. It employs sophisticated techniques including dynamically fetched HTML overlays, comprehensive keylogging, and remote device control capabilities. A distinctive feature is its integration of SOCKS5-based residential proxy functionality, transforming infected devices into proxy nodes that enable attackers to route traffic through legitimate residential IP addresses. This capability allows operators to bypass geolocation restrictions and evade fraud detection systems while conducting account takeovers and transaction fraud. The malware uses commercial-grade obfuscation through Golden Encryption and establishes persistence through Accessibility Service abuse." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776135643", "to_ids": false, "type": "text", "uuid": "e18950e8-7717-4064-ad33-e689ec394213", "value": "Name: A new Android RAT turning infected devices into potential residential proxy nodes\nAuthor: AlienVault\nAdversary: \nTags: [\"mirax\", \"spanish targets\", \"teabot\", \"albiriox\", \"android\", \"residential proxy\", \"html overlay\", \"banking trojan\", \"socks5\", \"meta advertisements\", \"rat\"]\nTgtd countries: [\"Spain\"]\nMlwr families: [\"Mirax\", \"TeaBot\", \"Albiriox\"]\nAttack_ids: []\nIndustries: [\"Finance\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776402326", "to_ids": true, "type": "url", "uuid": "2f5cd387-8afc-4051-a9d6-fa725c9c33c9", "value": "http://ilovepng.info:8443/control", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776402347", "to_ids": true, "type": "url", "uuid": "ade149ee-5f00-41e6-8ac0-f10d9b96223d", "value": "http://ilovepng.info:8444/data", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776402369", "to_ids": true, "type": "domain", "uuid": "85b16e00-c332-47fd-a152-b7896faeee67", "value": "descarga-smtr.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776402390", "to_ids": true, "type": "domain", "uuid": "f56e8181-9dcf-4615-9d1c-1897e25a9cb3", "value": "ilovepng.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 real-time commands", "deleted": false, "disable_correlation": false, "timestamp": "1776402411", "to_ids": true, "type": "url", "uuid": "6bca04d1-6d8c-4a90-b1ac-11684e8151e2", "value": "wss://ilovepng.info:8443/control", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 exfiltration", "deleted": false, "disable_correlation": false, "timestamp": "1776402432", "to_ids": true, "type": "url", "uuid": "108c08d0-2d91-4693-a37e-e476ffbf2902", "value": "wss://ilovepng.info:8444/data", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776402453", "uuid": "6b9d46a3-02cf-4b0f-b8cf-9d9ab55cc9ba", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776402453", "to_ids": true, "type": "md5", "uuid": "2c86742e-c3ff-4e00-b359-77cf1ecb2435", "value": "ef219df49c55d32a7b6183d5beff3ae8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399331", "to_ids": true, "type": "sha1", "uuid": "c4e73aa3-dc11-46d0-b332-4abb0a92093e", "value": "845594ee7deef5af733c7424c7ddf232d437102c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399331", "to_ids": true, "type": "sha256", "uuid": "fab3926d-3225-4f60-96a9-b15d3e556f67", "value": "53de68ebec281e7233bffc52199b22ec2dba463eec3b29d4c399838e18daecbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398479", "to_ids": true, "type": "ssdeep", "uuid": "326a1171-1adf-4fe7-bec4-9c89ef974579", "value": "393216:ALit5JN1Wb4S3mWq4NPascTE4WH5Nw9fpHfOQBG:hz9WlHzrftZe9fxO/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398479", "to_ids": false, "type": "size-in-bytes", "uuid": "d01bcf9f-4f9c-44ff-98d2-2d60e8bcb5bf", "value": "18413783" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398479", "to_ids": true, "type": "filename", "uuid": "3d7bd4f5-668b-414b-926f-a60fcfd35d06", "value": "53de68ebec281e7233bffc52199b22ec2dba463eec3b29d4c399838e18daecbf.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398479", "to_ids": false, "type": "text", "uuid": "50205c84-0ef0-413f-9db6-c4ab18a2df0e", "value": "Dropper\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:15/67\nFirst Submission:2026-04-10T14:56:47.000000+00:00\nLast Submission:2026-04-15T20:32:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776402475", "uuid": "93b617cc-d93d-4af2-b872-545258d5776b", "Attribute": [ { "category": "Payload delivery", "comment": "Malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776402475", "to_ids": true, "type": "md5", "uuid": "4852950d-3f08-4d4c-a183-fd7112afb940", "value": "e443f9beb0fcbf496e3afb45bad28bad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399331", "to_ids": true, "type": "sha1", "uuid": "80a76547-d077-407c-9dfd-eb805d291b81", "value": "dc426f04cec865ff475055b7019ffe1201d8eab1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399332", "to_ids": true, "type": "sha256", "uuid": "5dcfadd0-c303-45ea-ae66-f41d1eed5080", "value": "88e6e4a5478a3ee7bfdfc5e7614ae6f3f121e0d470741a9cc84a111fe9b266db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398501", "to_ids": true, "type": "ssdeep", "uuid": "0fc1fc4e-1aee-47e9-aa43-6731137eaf0c", "value": "98304:8RlyHmPQG1YoTwrAeTh2pBddtcXE3585HZgxPkUz199qZiUg+W2KLuveqlKS85zN:MUHmoG1ogRwipNh9u/vea+zKUJRYSa+V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398501", "to_ids": false, "type": "size-in-bytes", "uuid": "7a85f994-16f4-4f4b-8d1b-4bd3b0d0d3d5", "value": "10491731" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398501", "to_ids": true, "type": "filename", "uuid": "8111179f-83bf-4767-8a04-a352b655e78b", "value": "org.yjeiwd.plusdc71.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398501", "to_ids": false, "type": "text", "uuid": "780d70a0-14c5-48d5-8f93-3b83e3a3737a", "value": "Malware\r\nType Description: Android\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:19/67\nFirst Submission:2026-04-10T14:58:05.000000+00:00\nLast Submission:2026-04-10T14:58:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776402496", "uuid": "7bdcb3ed-b733-4e3e-9d54-86168e02646f", "Attribute": [ { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776402496", "to_ids": true, "type": "md5", "uuid": "1aae89a4-e23d-40fe-af14-08da9ce6b392", "value": "2ffd718025e8938b6b96e209091f7939", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399332", "to_ids": true, "type": "sha1", "uuid": "f045345b-3d8b-4389-b09b-d9118e423141", "value": "b741668b62f9c5fc0d4e7b399023dcd5eea5a637", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399332", "to_ids": true, "type": "sha256", "uuid": "61580a3f-9e88-48e3-8c05-ffd1e4c54285", "value": "759eed82699b86b6a792a63ccc76c2fa5ed71720b89132abdead9753f5d7bd11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398522", "to_ids": true, "type": "ssdeep", "uuid": "bad318b5-57cc-44bb-ab3d-deb36c468dd1", "value": "393216:N3PjTqfDNEIWeGdOnSJ28KuQPjqi1DrhdlX:drTq+xe0E81QOUXhTX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398522", "to_ids": false, "type": "size-in-bytes", "uuid": "1e4b698f-8021-4603-9600-e0dd668bb098", "value": "18207887" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398522", "to_ids": true, "type": "filename", "uuid": "77809ee6-e9cf-4054-ad18-57004f8b7f9a", "value": "759eed82699b86b6a792a63ccc76c2fa5ed71720b89132abdead9753f5d7bd11.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398522", "to_ids": false, "type": "text", "uuid": "ed805525-9f1a-46cc-8d81-4fb8418be8b6", "value": "Dropper\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:14/67\nFirst Submission:2026-03-09T03:06:25.000000+00:00\nLast Submission:2026-04-10T14:56:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776402518", "uuid": "a9548e22-ec27-4684-99ba-ce76286e8202", "Attribute": [ { "category": "Payload delivery", "comment": "Malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776402518", "to_ids": true, "type": "md5", "uuid": "08ead859-6715-4925-b473-34eeaaa9fe1d", "value": "a3c01da020c9ed0020fac28af7c3e665", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399334", "to_ids": true, "type": "sha1", "uuid": "ec87fea2-ab1c-4f85-9a6e-d57c058ced2b", "value": "9dbf1601d5d88765c576864c2d327bb8b2a92927", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399334", "to_ids": true, "type": "sha256", "uuid": "ecd742dc-6ebd-4f14-b480-d705b114d97e", "value": "29577570d18409d93fa2517198354716740b19699eb5392bfaa265f2f6b91896", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398545", "to_ids": true, "type": "ssdeep", "uuid": "ce328c93-4a01-483b-b0ae-e7869a8904c1", "value": "196608:avjqUjBmc/5PrdlcMRZKWuJPSauzsdv0czGlAMQiLiAfB:QqSBmc/3l9rKWcPNuzvcClNTiiB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398545", "to_ids": false, "type": "size-in-bytes", "uuid": "799e23bf-8c4f-477b-a7b1-122997e07415", "value": "10277238" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398545", "to_ids": true, "type": "filename", "uuid": "d5ec940f-94a0-4967-b310-db0bb12d263e", "value": "Reproductor de video_1.0.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398545", "to_ids": false, "type": "text", "uuid": "bd240235-9fc5-4883-9ebf-c01f30089d73", "value": "Malware\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/Multiverze!rfn\nVT Total Detection:19/67\nFirst Submission:2026-04-10T14:55:32.000000+00:00\nLast Submission:2026-04-16T07:23:55.000000+00:00" } ] } ] } }