{
	"id": "34e0a4f2-92de-4317-a83d-1ce14f9d4f17",
	"created_at": "2026-04-06T00:10:53.544341Z",
	"updated_at": "2026-04-10T03:32:46.135676Z",
	"deleted_at": null,
	"sha1_hash": "3acdacda1e3f2ad89ad2dbf517e8e01208820c35",
	"title": "Android Triada modular trojan",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47293,
	"plain_text": "Android Triada modular trojan\r\nArchived: 2026-04-05 20:45:03 UTC\r\nAVG  Android/Deng.DSS  20160310\r\nAVware  Trojan.AndroidOS.Generic.A  20160310\r\nAd-Aware  Android.Trojan.Triada.A  20160310\r\nAegisLab  Troj.SMS.AndroidOS.Agent.rm!c  20160310\r\nAhnLab-V3  Android-PUP/SmsReg.ff6c  20160309\r\nAlibaba  A.L.Pay.Popr  20160310\r\nAntiy-AVL  Trojan[Backdoor:HEUR]/Android.Triada.2  20160310\r\nArcabit  Android.Trojan.Triada.R  20160310\r\nAvast  Android:Triada-C [Trj]  20160310\r\nAvira (no cloud)  ANDROID/Triada.A.55  20160310\r\nBaidu-International  Trojan.Android.Agent.BKT  20160309\r\nBitDefender  Android.Trojan.Triada.A  20160310\r\nCAT-QuickHeal  Android.Triada.B1e19 (PUP)  20160310\r\nComodo  UnclassifiedMalware  20160310\r\nCyren  AndroidOS/GenBl.BCA0D997!Olympus  20160310\r\nDrWeb  Android.Rootkit.20  20160310\r\nESET-NOD32  a variant of Android/Spy.SmsSpy.AU  20160310\r\nEmsisoft  Android.Trojan.Triada.A (B)  20160310\r\nF-Secure  Android.Trojan.Triada.A  20160310\r\nFortinet  Android/Agent.ANZ!tr  20160310\r\nGData  Android.Trojan.Triada.A  20160310\r\nIkarus  HackTool.AndroidOS.RGenius  20160310\r\nJiangmin  Backdoor.AndroidOS.cjj  20160310\r\nK7GW  Trojan ( 004d2c811 )  20160310\r\nKaspersky  HEUR:Backdoor.AndroidOS.Triada.b  20160310\r\nMcAfee  Artemis!592FA585B644  20160310\r\neScan  Android.Trojan.Triada.A  20160310\r\nNANO-Antivirus  Trojan.Android.Agent.dywqdy  20160310\r\nQihoo-360  Trojan.Android.Gen  20160310\r\nSophos  Andr/Triada-A  20160310\r\nTencent  Android.Trojan.Agentb.Auto  20160310\r\nVIPRE  Trojan.AndroidOS.Generic.A  20160310\r\nZoner  Trojan.AndroidOS.SmsSpy.A  20160310\r\nRequired permissions\r\nandroid.permission.CHANGE_NETWORK_STATE (change network connectivity) \r\nhttp://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html\r\nPage 1 of 4\n\nandroid.permission.READ_LOGS (read sensitive log data) \r\nandroid.permission.INTERNET (full Internet access) \r\nandroid.permission.SEND_SMS (send SMS messages) \r\nandroid.permission.WRITE_SMS (edit SMS or MMS) \r\nandroid.permission.ACCESS_NETWORK_STATE (view network status) \r\nandroid.permission.GET_TASKS (retrieve running applications) \r\nandroid.permission.WRITE_EXTERNAL_STORAGE (modify/delete SD card contents) \r\nandroid.permission.GET_PACKAGE_SIZE (measure application storage space) \r\nandroid.permission.READ_EXTERNAL_STORAGE (read from external storage) \r\nandroid.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot) \r\nandroid.permission.ACCESS_MTK_MMHW (Unknown permission from android reference) \r\ncom.android.alarm.permission.SET_ALARM (set alarm in alarm clock) \r\nandroid.permission.BROADCAST_STICKY (send sticky broadcast) \r\nandroid.permission.WRITE_SETTINGS (modify global system settings) \r\nandroid.permission.READ_PHONE_STATE (read phone state and identity) \r\nandroid.permission.READ_SMS (read SMS or MMS) \r\nandroid.permission.SYSTEM_ALERT_WINDOW (display system-level alerts) \r\nandroid.permission.KILL_BACKGROUND_PROCESSES (kill background processes) \r\nandroid.permission.ACCESS_WIFI_STATE (view Wi-Fi status) \r\nandroid.permission.WAKE_LOCK (prevent phone from sleeping) \r\nandroid.permission.CHANGE_WIFI_STATE (change Wi-Fi status) \r\nandroid.permission.RECEIVE_SMS (receive SMS) \r\nandroid.permission.CLEAR_APP_CACHE (delete all application cache data) \r\nandroid.permission.MOUNT_UNMOUNT_FILESYSTEMS (mount and unmount file systems) \r\nandroid.permission.RESTART_PACKAGES (kill background processes) \r\nActivities\r\nhttp://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html\r\nPage 2 of 4\n\ncom.good.sunsine.FlashScreen \r\ncom.good.sunsine.MainActivity \r\nServices\r\ncom.android.system.UpdateService \r\nReceivers\r\ncom.android.system.PopReceiver \r\nService-related intent filters\r\ncom.android.system.UpdateService\r\nactions: com.android.system.UpdateService\r\nActivity-related intent filters\r\ncom.good.sunsine.FlashScreen\r\nactions: android.intent.action.MAIN\r\ncategories: android.intent.category.LAUNCHER \r\nReceiver-related intent filters\r\ncom.android.system.PopReceiver\r\nactions: android.intent.action.BOOT_COMPLETED, android.provider.Telephony.SMS_RECEIVED,\r\nandroid.intent.action.PHONE_STATE, android.intent.action.NEW_OUTGOING_CALL\r\ncategories: android.intent.category.LAUNCHER \r\nvalidfrom: 06:55 AM 05/25/2015\r\nserialnumber: 6B36CE51\r\nIssuer\r\n    DN: OU=98yudodaqe, CN=98eyu1982ey98eu\r\n    CN: 98eyu1982ey98eu\r\n    OU: 98yudodaqe\r\nSubject\r\n    DN: OU=98yudodaqe, CN=98eyu1982ey98eu\r\n    CN: 98eyu1982ey98eu\r\n    OU: 98yudodaqe\r\nhttp://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html\r\nPage 3 of 4\n\nthumbprint: 41775876A2CD11B4D1B85C9D73D49B187EFFA1D2\r\nSource: http://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html\r\nhttp://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiominidump.blogspot.de/2016/07/android-triada-modular-trojan.html"
	],
	"report_names": [
		"android-triada-modular-trojan.html"
	],
	"threat_actors": [
		{
			"id": "3fff98c9-ad02-401d-9d4b-f78b5b634f31",
			"created_at": "2023-01-06T13:46:38.376868Z",
			"updated_at": "2026-04-10T02:00:02.949077Z",
			"deleted_at": null,
			"main_name": "Cleaver",
			"aliases": [
				"G0003",
				"Operation Cleaver",
				"Op Cleaver",
				"Tarh Andishan",
				"Alibaba",
				"TG-2889",
				"Cobalt Gypsy"
			],
			"source_name": "MISPGALAXY:Cleaver",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434253,
	"ts_updated_at": 1775791966,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3acdacda1e3f2ad89ad2dbf517e8e01208820c35.pdf",
		"text": "https://archive.orkl.eu/3acdacda1e3f2ad89ad2dbf517e8e01208820c35.txt",
		"img": "https://archive.orkl.eu/3acdacda1e3f2ad89ad2dbf517e8e01208820c35.jpg"
	}
}