Tool: HenBox| Names | HenBox | |
| Category | Malware | |
| Type | Info stealer | |
| Description | (Palo Alto) Once installed, HenBox steals information from the devices from a myriad of sources, including many mainstream chat, communication, and social media apps. The stolen information includes personal and device information. Of note, in addition to tracking the compromised device’s location, HenBox also harvests all outgoing phone numbers with an “86” prefix, which is the country code for the People’s Republic of China (PRC). It can also access the phone’s cameras and microphone. | |
| Information | <https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/apk.henbox> | |
| AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:HenBox> | |
Last change to this tool card: 23 April 2021
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
| Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon |  | 2010-May 2020 | |||
| PKPLUG | | 2016-Mar 2021 | |||
2 groups listed (2 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |