Konfety Returns: Classic Mobile Threat with New Evasion Techniques
A sophisticated variant of the Android malware Konfety has been identified, employing advanced evasion techniques. The malware uses dual-app deception, ZIP-level evasion, dynamic code loading, and stealth techniques to conduct ad fraud and redirect users to malicious websites. It tampers with the APK's ZIP structure to bypass security checks and complicate reverse engineering. The malware loads encrypted assets at runtime, concealing critical functionality. It mimics legitimate apps, hides its icon, and uses geofencing to adjust behavior by region. The threat actors behind Konfety are highly adaptable, consistently updating their methods to evade detection and target various ad networks.
AI Analysis
Technical Summary
The Konfety malware is a sophisticated Android threat that has resurfaced with enhanced evasion capabilities designed to bypass detection and complicate analysis. This variant employs multiple advanced techniques including dual-app deception, where it masquerades as legitimate applications by hiding its icon and mimicking trusted apps to avoid user suspicion. It manipulates the APK's ZIP structure, a method known as ZIP-level evasion, to circumvent static security checks and hinder reverse engineering efforts. Additionally, Konfety uses dynamic code loading by decrypting and loading critical components at runtime, which conceals its true functionality from static scanners. The malware also implements geofencing to modify its behavior based on the user's geographic location, likely to evade detection in certain regions or to target specific markets. Its primary malicious activities include conducting ad fraud—generating fraudulent ad impressions and clicks to siphon revenue—and redirecting users to malicious websites, potentially exposing them to further threats. The malware leverages the CaramelAds SDK, indicating a focus on ad fraud infrastructure. The threat actors behind Konfety demonstrate high adaptability, frequently updating their tactics to evade detection and target diverse ad networks. While no known exploits in the wild have been reported, the complexity and stealth of this malware make it a persistent threat in the Android ecosystem.
Potential Impact
For European organizations, the Konfety malware poses significant risks primarily in the mobile advertising and app distribution sectors. Enterprises relying on Android mobile platforms for business operations or customer engagement could face indirect financial losses due to ad fraud, which can distort marketing analytics and inflate advertising costs. The redirection to malicious websites can expose users to phishing, credential theft, or secondary malware infections, potentially compromising corporate data if devices are used for work purposes. The geofencing capability means that the malware can selectively target users in specific European countries, increasing the risk of localized outbreaks. Additionally, the stealth techniques complicate detection and remediation, potentially allowing prolonged unauthorized activity within corporate mobile environments. While the malware does not directly exfiltrate sensitive data or disrupt availability, its presence undermines trust in mobile applications and advertising ecosystems, which can have reputational and operational impacts on affected organizations.
Mitigation Recommendations
European organizations should implement a multi-layered mobile security strategy tailored to detect and prevent sophisticated Android threats like Konfety. This includes deploying advanced mobile threat defense (MTD) solutions capable of detecting dynamic code loading and anomalies in APK structures, such as ZIP-level tampering. Application vetting processes should be enhanced to include behavioral analysis and runtime monitoring to identify hidden or encrypted payloads. Organizations should restrict installation of apps from untrusted sources and enforce strict app store policies. Network-level controls can be used to monitor and block suspicious ad traffic and redirects. Geofencing detection mechanisms should be integrated to identify unusual app behavior based on location. Regular user awareness training focused on mobile threats and phishing risks is critical. For developers and advertisers, auditing SDKs like CaramelAds for malicious behavior and ensuring only trusted SDKs are integrated is essential. Incident response plans should include mobile-specific procedures to quickly isolate and remediate infected devices. Finally, collaboration with mobile security researchers and sharing threat intelligence can improve detection and response capabilities.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland
Indicators of Compromise
- hash: 00945892d2c890153a2a81ef285b342f
- hash: 2540c17d6e5b09e52ac242214cad0dd0
- hash: 27d6ab57886b5cddd0a90e34a29f24a8
- hash: 2ab79081761aa8d832c15c7f02c267c4
- hash: 481ad2ee4c1694fafa3953067066db6a
- hash: 5198e584dd2a8a0c8b211cd38296b5fd
- hash: 54a5995985269dfc9cbbe7bda8adf8c7
- hash: 58dc17b962b5998c3fa1efc4f0b5a0c2
- hash: 59c9519bffb8f2be7303ecd4e48adb41
- hash: 5fea973402191177a5a0d62823e8f798
- hash: 71d2f9d222f90754261ad491947c049a
- hash: 7b99ec732d1d5184b6475bc0095d3f5d
- hash: a2875066bc239d0eb1d6a4aaa04aa250
- hash: aaea0df58d6c2ff5124847297584f134
- hash: ab20375bdd8ab546f1eaf1181ee36ec6
- hash: af111828c1e6680d99f7489b981e1036
- hash: dde5f1abaec3514bcf7f54e5888dd65e
- hash: e9c87daf4d1d41f46f9776c18340ad36
- hash: ea88ea0b1429e9a6ef3939df40a1efca
- hash: fbde5673da3a79655f562bfc306ae422
- hash: 2772e93e76f00a3a21344fc74459aeb496ffaf43
- hash: 38d3a1f588f4cf309ea67e4e2797269be7cce5f2
- hash: 4308fe6fb14959bcdad5ed504251cde58bf551ee
- hash: 5a87cb01c572589163fe5f03827b122cf253aa96
- hash: 706ab9f13cb33e2d8478ea439ef61fe2a00a7b9c
- hash: 78daf6fe05b9dc295ecf596190848c55166baf30
- hash: 8772a66c21e662acff18c07e454d443f65b770fe
- hash: 9b2714b8c5bc195275980cec5be4907dceb0e8ff
- hash: 9f85ad70e46262ca37fc36b9dfbf1d6845bf41f3
- hash: a5e22a25b649f846b2b7cee4c7ccf6fba8142242
- hash: ab6909227820dbd62bf7ca0f100b90b8883a0301
- hash: c353f4927ae38539869062207ab83636b4e2ddbc
- hash: cde18cef2ca2e58a3de6764681f50770e6809f93
- hash: d6db6ff1feef3247d8ce98100d72069ce38f3a8d
- hash: da3d4e9374b95714bfc51a16d247aa8d2934f76d
- hash: da5af103fec02a8bc4f40cfe6e5eb41bbb298204
- hash: e3ab8f6f554b707472f500cdd1192620e962c65a
- hash: ee2fa12a7b75193f3bb7d68ed2efd6e0e24ff977
- hash: f92fb5bdf653daf14424598f8ea3535c06b1a9ef
- hash: fe81ca3806a637f27801f09ebbe6805b8d2168cc
- hash: 0bc62ee202ec3022da280dfec839e4dec0800bb421ed482a657abf7aaf6f9c10
- hash: 160a924a804c5f390358a17dcd45031a5785ae013990a9185d57a164d3836845
- hash: 2d26502ff7a99c0df781ea7830fbafef621ff5c592a0803e63784f9b3d85d4ce
- hash: 30bc2c475d09f9e41f11bcdc9089b077cfc4982f9d411e62f53ca5d732424541
- hash: 30d8a0fc34697966f80ca9652e98781612006efc09df93f42b92c8f0d3979056
- hash: 362d15f5f98e5ac2fbfb1333b57e6fe08cd98b2703e18341d51424f4e749fd7a
- hash: 3b6cdd4d708c3c79c7c2adbb2394293797a2c9cace8f724a14ed1dfa49d4a025
- hash: 45ccf69ad2b86b46d749998438aa090c50f0e3b12b74d109c02e3de70152f2ab
- hash: 4d81aeb12c20131f7581ed9c00f1fdd8edb4e82ffe762959e0e32832ddf9ab7c
- hash: 602972dfa5321381c4b40e35fe3f8b1ac66e7759c9c4a76efdffdbe0eaa1bca3
- hash: 6097ac05da6c79d06f8ced22edf611ad551fbad7a00410f14fa4831cc9ccf2ea
- hash: 6504fc4739d220dc98f3596a424479ce066ea5eed409f3bc2cf0ea08584e6dc1
- hash: 6dc9d8c1cf11138eccea44e3662b044879f9721c22d6e3a90a1fdb76e674260e
- hash: 73763f6106f8c0e928fe302d5764926832cc3afabe016c35b9c9fd99656d5191
- hash: 7f645f7794a3039ed57e68a2a4dccd9825de054cfa3aece8e58694183cfcdf7d
- hash: 7f8a1ae757dcce8fc869f5f50f79d12b24c6316b5498ce5117d62ebffc8c4178
- hash: 8449156b632a3d7839c632377197728430e4dea8c7fa9a02648d13f9fa33bb8b
- hash: 94c01ed008c8b83f1d9fc247b18ec36c05356b449a1d3d7940b0a737f3a61d22
- hash: 9f0778d5d3625321547d561e8c485f21ca606754e6c107685b97b3800336f3ee
- hash: a8c6a7a08e836ffad32b706182aa081849688fbdc023841c36a0920d62dd1fd4
- hash: b8348f6a2b81216a7c4603c70dddcfbd95ed9a8a2119cb8547782ce115e85759
- hash: ca4ee1b33f69a2239efb4568fa0f2da9ee1b11145d12a539bb5db2ce61881023
- hash: d554ec3737d2ce09ab44366b210a0a3ce73af687b0a55047d899913c5932a14c
- hash: e61a5f23526315c249997feaa08fbf86c42e584cfd19ab070ce23e9e2ffa0023
- hash: eadcb8d177ef3fe5de6d0999d4f854485f79f832593c375491361b6a3e23d595
- hash: ec7e1bb518d6d0a42afc78d33856e1b90a92f110a47cfd92ed9ff23a635ba017
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
Description
A sophisticated variant of the Android malware Konfety has been identified, employing advanced evasion techniques. The malware uses dual-app deception, ZIP-level evasion, dynamic code loading, and stealth techniques to conduct ad fraud and redirect users to malicious websites. It tampers with the APK's ZIP structure to bypass security checks and complicate reverse engineering. The malware loads encrypted assets at runtime, concealing critical functionality. It mimics legitimate apps, hides its icon, and uses geofencing to adjust behavior by region. The threat actors behind Konfety are highly adaptable, consistently updating their methods to evade detection and target various ad networks.
AI-Powered Analysis
Technical Analysis
The Konfety malware is a sophisticated Android threat that has resurfaced with enhanced evasion capabilities designed to bypass detection and complicate analysis. This variant employs multiple advanced techniques including dual-app deception, where it masquerades as legitimate applications by hiding its icon and mimicking trusted apps to avoid user suspicion. It manipulates the APK's ZIP structure, a method known as ZIP-level evasion, to circumvent static security checks and hinder reverse engineering efforts. Additionally, Konfety uses dynamic code loading by decrypting and loading critical components at runtime, which conceals its true functionality from static scanners. The malware also implements geofencing to modify its behavior based on the user's geographic location, likely to evade detection in certain regions or to target specific markets. Its primary malicious activities include conducting ad fraud—generating fraudulent ad impressions and clicks to siphon revenue—and redirecting users to malicious websites, potentially exposing them to further threats. The malware leverages the CaramelAds SDK, indicating a focus on ad fraud infrastructure. The threat actors behind Konfety demonstrate high adaptability, frequently updating their tactics to evade detection and target diverse ad networks. While no known exploits in the wild have been reported, the complexity and stealth of this malware make it a persistent threat in the Android ecosystem.
Potential Impact
For European organizations, the Konfety malware poses significant risks primarily in the mobile advertising and app distribution sectors. Enterprises relying on Android mobile platforms for business operations or customer engagement could face indirect financial losses due to ad fraud, which can distort marketing analytics and inflate advertising costs. The redirection to malicious websites can expose users to phishing, credential theft, or secondary malware infections, potentially compromising corporate data if devices are used for work purposes. The geofencing capability means that the malware can selectively target users in specific European countries, increasing the risk of localized outbreaks. Additionally, the stealth techniques complicate detection and remediation, potentially allowing prolonged unauthorized activity within corporate mobile environments. While the malware does not directly exfiltrate sensitive data or disrupt availability, its presence undermines trust in mobile applications and advertising ecosystems, which can have reputational and operational impacts on affected organizations.
Mitigation Recommendations
European organizations should implement a multi-layered mobile security strategy tailored to detect and prevent sophisticated Android threats like Konfety. This includes deploying advanced mobile threat defense (MTD) solutions capable of detecting dynamic code loading and anomalies in APK structures, such as ZIP-level tampering. Application vetting processes should be enhanced to include behavioral analysis and runtime monitoring to identify hidden or encrypted payloads. Organizations should restrict installation of apps from untrusted sources and enforce strict app store policies. Network-level controls can be used to monitor and block suspicious ad traffic and redirects. Geofencing detection mechanisms should be integrated to identify unusual app behavior based on location. Regular user awareness training focused on mobile threats and phishing risks is critical. For developers and advertisers, auditing SDKs like CaramelAds for malicious behavior and ensuring only trusted SDKs are integrated is essential. Incident response plans should include mobile-specific procedures to quickly isolate and remediate infected devices. Finally, collaboration with mobile security researchers and sharing threat intelligence can improve detection and response capabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://github.com/Zimperium/IOC/blob/master/2025-07-Konfety/apks.csv"]
- Adversary
- null
- Pulse Id
- 68775c1f3243d970b75d786c
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hash00945892d2c890153a2a81ef285b342f | MD5 of b8348f6a2b81216a7c4603c70dddcfbd95ed9a8a2119cb8547782ce115e85759 | |
hash2540c17d6e5b09e52ac242214cad0dd0 | MD5 of 2d26502ff7a99c0df781ea7830fbafef621ff5c592a0803e63784f9b3d85d4ce | |
hash27d6ab57886b5cddd0a90e34a29f24a8 | MD5 of eadcb8d177ef3fe5de6d0999d4f854485f79f832593c375491361b6a3e23d595 | |
hash2ab79081761aa8d832c15c7f02c267c4 | MD5 of 160a924a804c5f390358a17dcd45031a5785ae013990a9185d57a164d3836845 | |
hash481ad2ee4c1694fafa3953067066db6a | MD5 of ec7e1bb518d6d0a42afc78d33856e1b90a92f110a47cfd92ed9ff23a635ba017 | |
hash5198e584dd2a8a0c8b211cd38296b5fd | MD5 of 30d8a0fc34697966f80ca9652e98781612006efc09df93f42b92c8f0d3979056 | |
hash54a5995985269dfc9cbbe7bda8adf8c7 | MD5 of 602972dfa5321381c4b40e35fe3f8b1ac66e7759c9c4a76efdffdbe0eaa1bca3 | |
hash58dc17b962b5998c3fa1efc4f0b5a0c2 | MD5 of 73763f6106f8c0e928fe302d5764926832cc3afabe016c35b9c9fd99656d5191 | |
hash59c9519bffb8f2be7303ecd4e48adb41 | MD5 of 6dc9d8c1cf11138eccea44e3662b044879f9721c22d6e3a90a1fdb76e674260e | |
hash5fea973402191177a5a0d62823e8f798 | MD5 of 0bc62ee202ec3022da280dfec839e4dec0800bb421ed482a657abf7aaf6f9c10 | |
hash71d2f9d222f90754261ad491947c049a | MD5 of 6097ac05da6c79d06f8ced22edf611ad551fbad7a00410f14fa4831cc9ccf2ea | |
hash7b99ec732d1d5184b6475bc0095d3f5d | MD5 of 7f645f7794a3039ed57e68a2a4dccd9825de054cfa3aece8e58694183cfcdf7d | |
hasha2875066bc239d0eb1d6a4aaa04aa250 | MD5 of 94c01ed008c8b83f1d9fc247b18ec36c05356b449a1d3d7940b0a737f3a61d22 | |
hashaaea0df58d6c2ff5124847297584f134 | MD5 of 6504fc4739d220dc98f3596a424479ce066ea5eed409f3bc2cf0ea08584e6dc1 | |
hashab20375bdd8ab546f1eaf1181ee36ec6 | MD5 of a8c6a7a08e836ffad32b706182aa081849688fbdc023841c36a0920d62dd1fd4 | |
hashaf111828c1e6680d99f7489b981e1036 | MD5 of 9f0778d5d3625321547d561e8c485f21ca606754e6c107685b97b3800336f3ee | |
hashdde5f1abaec3514bcf7f54e5888dd65e | MD5 of 8449156b632a3d7839c632377197728430e4dea8c7fa9a02648d13f9fa33bb8b | |
hashe9c87daf4d1d41f46f9776c18340ad36 | MD5 of d554ec3737d2ce09ab44366b210a0a3ce73af687b0a55047d899913c5932a14c | |
hashea88ea0b1429e9a6ef3939df40a1efca | MD5 of 45ccf69ad2b86b46d749998438aa090c50f0e3b12b74d109c02e3de70152f2ab | |
hashfbde5673da3a79655f562bfc306ae422 | MD5 of 3b6cdd4d708c3c79c7c2adbb2394293797a2c9cace8f724a14ed1dfa49d4a025 | |
hash2772e93e76f00a3a21344fc74459aeb496ffaf43 | SHA1 of 7f645f7794a3039ed57e68a2a4dccd9825de054cfa3aece8e58694183cfcdf7d | |
hash38d3a1f588f4cf309ea67e4e2797269be7cce5f2 | SHA1 of 6097ac05da6c79d06f8ced22edf611ad551fbad7a00410f14fa4831cc9ccf2ea | |
hash4308fe6fb14959bcdad5ed504251cde58bf551ee | SHA1 of 94c01ed008c8b83f1d9fc247b18ec36c05356b449a1d3d7940b0a737f3a61d22 | |
hash5a87cb01c572589163fe5f03827b122cf253aa96 | SHA1 of d554ec3737d2ce09ab44366b210a0a3ce73af687b0a55047d899913c5932a14c | |
hash706ab9f13cb33e2d8478ea439ef61fe2a00a7b9c | SHA1 of 30d8a0fc34697966f80ca9652e98781612006efc09df93f42b92c8f0d3979056 | |
hash78daf6fe05b9dc295ecf596190848c55166baf30 | SHA1 of 0bc62ee202ec3022da280dfec839e4dec0800bb421ed482a657abf7aaf6f9c10 | |
hash8772a66c21e662acff18c07e454d443f65b770fe | SHA1 of 160a924a804c5f390358a17dcd45031a5785ae013990a9185d57a164d3836845 | |
hash9b2714b8c5bc195275980cec5be4907dceb0e8ff | SHA1 of 6504fc4739d220dc98f3596a424479ce066ea5eed409f3bc2cf0ea08584e6dc1 | |
hash9f85ad70e46262ca37fc36b9dfbf1d6845bf41f3 | SHA1 of 45ccf69ad2b86b46d749998438aa090c50f0e3b12b74d109c02e3de70152f2ab | |
hasha5e22a25b649f846b2b7cee4c7ccf6fba8142242 | SHA1 of a8c6a7a08e836ffad32b706182aa081849688fbdc023841c36a0920d62dd1fd4 | |
hashab6909227820dbd62bf7ca0f100b90b8883a0301 | SHA1 of ec7e1bb518d6d0a42afc78d33856e1b90a92f110a47cfd92ed9ff23a635ba017 | |
hashc353f4927ae38539869062207ab83636b4e2ddbc | SHA1 of 9f0778d5d3625321547d561e8c485f21ca606754e6c107685b97b3800336f3ee | |
hashcde18cef2ca2e58a3de6764681f50770e6809f93 | SHA1 of 8449156b632a3d7839c632377197728430e4dea8c7fa9a02648d13f9fa33bb8b | |
hashd6db6ff1feef3247d8ce98100d72069ce38f3a8d | SHA1 of b8348f6a2b81216a7c4603c70dddcfbd95ed9a8a2119cb8547782ce115e85759 | |
hashda3d4e9374b95714bfc51a16d247aa8d2934f76d | SHA1 of 73763f6106f8c0e928fe302d5764926832cc3afabe016c35b9c9fd99656d5191 | |
hashda5af103fec02a8bc4f40cfe6e5eb41bbb298204 | SHA1 of 6dc9d8c1cf11138eccea44e3662b044879f9721c22d6e3a90a1fdb76e674260e | |
hashe3ab8f6f554b707472f500cdd1192620e962c65a | SHA1 of eadcb8d177ef3fe5de6d0999d4f854485f79f832593c375491361b6a3e23d595 | |
hashee2fa12a7b75193f3bb7d68ed2efd6e0e24ff977 | SHA1 of 3b6cdd4d708c3c79c7c2adbb2394293797a2c9cace8f724a14ed1dfa49d4a025 | |
hashf92fb5bdf653daf14424598f8ea3535c06b1a9ef | SHA1 of 602972dfa5321381c4b40e35fe3f8b1ac66e7759c9c4a76efdffdbe0eaa1bca3 | |
hashfe81ca3806a637f27801f09ebbe6805b8d2168cc | SHA1 of 2d26502ff7a99c0df781ea7830fbafef621ff5c592a0803e63784f9b3d85d4ce | |
hash0bc62ee202ec3022da280dfec839e4dec0800bb421ed482a657abf7aaf6f9c10 | — | |
hash160a924a804c5f390358a17dcd45031a5785ae013990a9185d57a164d3836845 | — | |
hash2d26502ff7a99c0df781ea7830fbafef621ff5c592a0803e63784f9b3d85d4ce | — | |
hash30bc2c475d09f9e41f11bcdc9089b077cfc4982f9d411e62f53ca5d732424541 | — | |
hash30d8a0fc34697966f80ca9652e98781612006efc09df93f42b92c8f0d3979056 | — | |
hash362d15f5f98e5ac2fbfb1333b57e6fe08cd98b2703e18341d51424f4e749fd7a | — | |
hash3b6cdd4d708c3c79c7c2adbb2394293797a2c9cace8f724a14ed1dfa49d4a025 | — | |
hash45ccf69ad2b86b46d749998438aa090c50f0e3b12b74d109c02e3de70152f2ab | — | |
hash4d81aeb12c20131f7581ed9c00f1fdd8edb4e82ffe762959e0e32832ddf9ab7c | — | |
hash602972dfa5321381c4b40e35fe3f8b1ac66e7759c9c4a76efdffdbe0eaa1bca3 | — | |
hash6097ac05da6c79d06f8ced22edf611ad551fbad7a00410f14fa4831cc9ccf2ea | — | |
hash6504fc4739d220dc98f3596a424479ce066ea5eed409f3bc2cf0ea08584e6dc1 | — | |
hash6dc9d8c1cf11138eccea44e3662b044879f9721c22d6e3a90a1fdb76e674260e | — | |
hash73763f6106f8c0e928fe302d5764926832cc3afabe016c35b9c9fd99656d5191 | — | |
hash7f645f7794a3039ed57e68a2a4dccd9825de054cfa3aece8e58694183cfcdf7d | — | |
hash7f8a1ae757dcce8fc869f5f50f79d12b24c6316b5498ce5117d62ebffc8c4178 | — | |
hash8449156b632a3d7839c632377197728430e4dea8c7fa9a02648d13f9fa33bb8b | — | |
hash94c01ed008c8b83f1d9fc247b18ec36c05356b449a1d3d7940b0a737f3a61d22 | — | |
hash9f0778d5d3625321547d561e8c485f21ca606754e6c107685b97b3800336f3ee | — | |
hasha8c6a7a08e836ffad32b706182aa081849688fbdc023841c36a0920d62dd1fd4 | — | |
hashb8348f6a2b81216a7c4603c70dddcfbd95ed9a8a2119cb8547782ce115e85759 | — | |
hashca4ee1b33f69a2239efb4568fa0f2da9ee1b11145d12a539bb5db2ce61881023 | — | |
hashd554ec3737d2ce09ab44366b210a0a3ce73af687b0a55047d899913c5932a14c | — | |
hashe61a5f23526315c249997feaa08fbf86c42e584cfd19ab070ce23e9e2ffa0023 | — | |
hasheadcb8d177ef3fe5de6d0999d4f854485f79f832593c375491361b6a3e23d595 | — | |
hashec7e1bb518d6d0a42afc78d33856e1b90a92f110a47cfd92ed9ff23a635ba017 | — |
Threat ID: 68775c90a83201eaacd4c60d
Added to database: 7/16/2025, 8:02:24 AM
Last enriched: 7/16/2025, 8:16:49 AM
Last updated: 8/26/2025, 1:03:03 PM
Views: 33
Related Threats
ThreatFox IOCs for 2025-08-27
MediumFirst AI-Powered Ransomware PromptLock Targets Windows, Linux and macOS
MediumLike PuTTY in Admin's Hands
MediumUnderground Ransomware Being Distributed Worldwide
MediumSpyNote Malware Analysis
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.