{
	"id": "7cec7f6c-ac14-45cd-87fa-5fe8dfe71717",
	"created_at": "2026-04-06T00:18:08.672769Z",
	"updated_at": "2026-04-10T03:21:03.605097Z",
	"deleted_at": null,
	"sha1_hash": "ab19a86a4d3185bc0e000ddd459c60f49affb0b2",
	"title": "PINEFLOWER (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28585,
	"plain_text": "PINEFLOWER (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 19:04:45 UTC\r\nPINEFLOWER\r\nAccording to Mandiant, PINEFLOWER is an Android malware family capable of a wide range of backdoor\r\nfunctionality, including stealing system inform information, logging and recording phone calls, initiating audio\r\nrecordings, reading SMS inboxes and sending SMS messages. The malware also has features to facilitate device\r\nlocation tracking, deleting, downloading, and uploading files, reading connectivity state, speed, and activity, and\r\ntoggling Bluetooth, Wi-Fi, and mobile data settings.\r\nReferences\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/apk.pineflower\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/apk.pineflower\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/apk.pineflower"
	],
	"report_names": [
		"apk.pineflower"
	],
	"threat_actors": [],
	"ts_created_at": 1775434688,
	"ts_updated_at": 1775791263,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ab19a86a4d3185bc0e000ddd459c60f49affb0b2.pdf",
		"text": "https://archive.orkl.eu/ab19a86a4d3185bc0e000ddd459c60f49affb0b2.txt",
		"img": "https://archive.orkl.eu/ab19a86a4d3185bc0e000ddd459c60f49affb0b2.jpg"
	}
}