{
  "name": "Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes",
  "slug": "threat-intelligence-disruption-badbox-20-targets-consumer-devices-with-multiple-fraud-schemes",
  "description": "HUMAN's Satori team uncovered and partially disrupted BADBOX 2.0, a complex fraud operation targeting over 1 million low-cost consumer devices worldwide. The scheme involves a backdoor pre-installed on devices or distributed through unofficial app marketplaces, allowing threat actors to conduct various fraudulent activities. These include selling residential proxy services, ad fraud through hidden ads and WebViews, and click fraud. Four main threat actor groups were identified: SalesTracker, MoYu, Lemon, and LongTV. The operation affects Android Open Source Project devices in 222 countries, with Brazil being the most impacted. Disruption efforts involved collaboration with Google and other partners to mitigate the threat's impact.",
  "published": "2025-06-06T18:22:13+00:00",
  "created_at": "2025-06-06T18:22:13+00:00",
  "modified_at": "2025-06-08T17:35:30+00:00",
  "created_at_opencti": "2025-06-06T18:22:13+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-06-06",
    "ad fraud",
    "android",
    "badbox",
    "bb2door",
    "botnet",
    "consumer devices",
    "ctv",
    "iot",
    "residential proxy",
    "vo1d"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "ym.tel-goal.com"
      },
      {
        "id": "",
        "name": "zc.lolagamers.com"
      },
      {
        "id": "",
        "name": "yc.lolagamers.com"
      },
      {
        "id": "",
        "name": "ym.nhaya.fun"
      },
      {
        "id": "",
        "name": "ym.runcel.fun"
      },
      {
        "id": "",
        "name": "yc.h5cloudgame.com"
      },
      {
        "id": "",
        "name": "yc.gamesgoplay.com"
      },
      {
        "id": "",
        "name": "wtg.tingo.fun"
      },
      {
        "id": "",
        "name": "wtg.sinel.fun"
      },
      {
        "id": "",
        "name": "w.sinel.fun"
      },
      {
        "id": "",
        "name": "w.axtun.fun"
      },
      {
        "id": "",
        "name": "vogxu.hairsalonparkerco.com"
      },
      {
        "id": "",
        "name": "ubt.zinko.top"
      },
      {
        "id": "",
        "name": "ubt.sloup.top"
      },
      {
        "id": "",
        "name": "ubt.poping.fun"
      },
      {
        "id": "",
        "name": "ubt.popcar.fun"
      },
      {
        "id": "",
        "name": "ubt.oxhug.fun"
      },
      {
        "id": "",
        "name": "tx.lopub.fun"
      },
      {
        "id": "",
        "name": "ttq1.liveingame.com"
      },
      {
        "id": "",
        "name": "travel.seviotive.com"
      },
      {
        "id": "",
        "name": "travel.cleverinfy.com"
      },
      {
        "id": "",
        "name": "travel.cightingle.com"
      },
      {
        "id": "",
        "name": "totoro040.jzfreegames.com"
      },
      {
        "id": "",
        "name": "totoro029.jzfreegames.com"
      },
      {
        "id": "",
        "name": "stylaxu.trendenclave.com"
      },
      {
        "id": "",
        "name": "teun09.gamesgarden.info"
      },
      {
        "id": "",
        "name": "ss.tinux.fun"
      },
      {
        "id": "",
        "name": "sokida.peelgames.com"
      },
      {
        "id": "",
        "name": "sokida.lopsgame.com"
      },
      {
        "id": "",
        "name": "sokida.games4html5.com"
      },
      {
        "id": "",
        "name": "search.googledouble.top"
      },
      {
        "id": "",
        "name": "s1.digifuseinfo.com"
      },
      {
        "id": "",
        "name": "s.povcar.top"
      },
      {
        "id": "",
        "name": "rw.zlon.fun"
      },
      {
        "id": "",
        "name": "rw.tofix.fun"
      },
      {
        "id": "",
        "name": "rdm.tinux.fun"
      },
      {
        "id": "",
        "name": "rw.axtun.fun"
      },
      {
        "id": "",
        "name": "rw.oxhug.fun"
      },
      {
        "id": "",
        "name": "play.oxhug.fun"
      },
      {
        "id": "",
        "name": "play.kimgame.com"
      },
      {
        "id": "",
        "name": "play.hot9game.com"
      },
      {
        "id": "",
        "name": "play.h5gameapp.com"
      },
      {
        "id": "",
        "name": "play.funforge.site"
      },
      {
        "id": "",
        "name": "play.fun-goal.com"
      },
      {
        "id": "",
        "name": "play.echoloot.pro"
      },
      {
        "id": "",
        "name": "play.ashgame.top"
      },
      {
        "id": "",
        "name": "play.arking.fun"
      },
      {
        "id": "",
        "name": "ph.fofopub.fun"
      },
      {
        "id": "",
        "name": "opt.fofopub.fun"
      },
      {
        "id": "",
        "name": "ob.windjoy.fun"
      },
      {
        "id": "",
        "name": "ob.povcar.top"
      },
      {
        "id": "",
        "name": "ns.ai-goal.com"
      },
      {
        "id": "",
        "name": "nszc.rokiread.com"
      },
      {
        "id": "",
        "name": "np.tinux.fun"
      },
      {
        "id": "",
        "name": "nk.wishself.com"
      },
      {
        "id": "",
        "name": "nk.woffty.fun"
      },
      {
        "id": "",
        "name": "np.acruy.fun"
      },
      {
        "id": "",
        "name": "nk.vastjoy.fun"
      },
      {
        "id": "",
        "name": "nk.tinux.fun"
      },
      {
        "id": "",
        "name": "nk.tingo.fun"
      },
      {
        "id": "",
        "name": "nk.sloup.top"
      },
      {
        "id": "",
        "name": "nk.povcar.top"
      },
      {
        "id": "",
        "name": "nk.tel-goal.com"
      },
      {
        "id": "",
        "name": "nk.luno.fun"
      },
      {
        "id": "",
        "name": "nk.poping.fun"
      },
      {
        "id": "",
        "name": "nk.fun-goal.com"
      },
      {
        "id": "",
        "name": "nk.destinyjoy.fun"
      },
      {
        "id": "",
        "name": "nk.crazyjoy.fun"
      },
      {
        "id": "",
        "name": "nk.bluejoy.fun"
      },
      {
        "id": "",
        "name": "nk.axtun.fun"
      },
      {
        "id": "",
        "name": "news.healthute.com"
      },
      {
        "id": "",
        "name": "news.aimoongames.com"
      },
      {
        "id": "",
        "name": "nc.tel-goal.com"
      },
      {
        "id": "",
        "name": "nc.sloup.top"
      },
      {
        "id": "",
        "name": "nc.nhaya.fun"
      },
      {
        "id": "",
        "name": "nc.fofopub.fun"
      },
      {
        "id": "",
        "name": "nc.acruy.fun"
      },
      {
        "id": "",
        "name": "led06.gamesgarden.info"
      },
      {
        "id": "",
        "name": "invest.fincoin.top"
      },
      {
        "id": "",
        "name": "insurance.quixoteinfo.com"
      },
      {
        "id": "",
        "name": "how.tel-goal.com"
      },
      {
        "id": "",
        "name": "hot.calfgames.com"
      },
      {
        "id": "",
        "name": "hd04.gamesgarden.info"
      },
      {
        "id": "",
        "name": "hhm.lolagamers.com"
      },
      {
        "id": "",
        "name": "health.troquerde.com"
      },
      {
        "id": "",
        "name": "gpdz.jzfreegames.com"
      },
      {
        "id": "",
        "name": "gym.zingoinfo.com"
      },
      {
        "id": "",
        "name": "gphb.ravergames.com"
      },
      {
        "id": "",
        "name": "goodac.dailynewscome.com"
      },
      {
        "id": "",
        "name": "gfun.ai-goal.com"
      },
      {
        "id": "",
        "name": "get.minigame.cool"
      },
      {
        "id": "",
        "name": "ge.opyaon.fun"
      },
      {
        "id": "",
        "name": "gas.sinel.fun"
      },
      {
        "id": "",
        "name": "game02.chipandgames.com"
      },
      {
        "id": "",
        "name": "game01.chipandgames.com"
      },
      {
        "id": "",
        "name": "game.zhengxuitnews.com"
      },
      {
        "id": "",
        "name": "game.tuusonit.com"
      },
      {
        "id": "",
        "name": "game.snookershow.com"
      },
      {
        "id": "",
        "name": "game.smartgamey.com"
      },
      {
        "id": "",
        "name": "game.sereneevoke.com"
      },
      {
        "id": "",
        "name": "game.rnalaler.com"
      },
      {
        "id": "",
        "name": "game.returnlitnews.com"
      },
      {
        "id": "",
        "name": "game.playbuzz.online"
      },
      {
        "id": "",
        "name": "game.noclemoon.com"
      },
      {
        "id": "",
        "name": "game.newsavenuey.com"
      },
      {
        "id": "",
        "name": "game.mindflexa.com"
      },
      {
        "id": "",
        "name": "game.legendgamey.com"
      },
      {
        "id": "",
        "name": "game.knighzgame.com"
      },
      {
        "id": "",
        "name": "game.hexwin.fun"
      },
      {
        "id": "",
        "name": "game.fernetari.com"
      },
      {
        "id": "",
        "name": "game.echoloot.pro"
      },
      {
        "id": "",
        "name": "game.dromeling.com"
      },
      {
        "id": "",
        "name": "game.brighugame.com"
      },
      {
        "id": "",
        "name": "game.cactiapi.com"
      },
      {
        "id": "",
        "name": "game.boomgamef.com"
      },
      {
        "id": "",
        "name": "game.aialeek.com"
      },
      {
        "id": "",
        "name": "game.bliscanemon.com"
      },
      {
        "id": "",
        "name": "g1.toolol.top"
      },
      {
        "id": "",
        "name": "g1.h5game1.com"
      },
      {
        "id": "",
        "name": "fun.biugames.com"
      },
      {
        "id": "",
        "name": "food.vibrantews.com"
      },
      {
        "id": "",
        "name": "finance.quixoteinfo.com"
      },
      {
        "id": "",
        "name": "finance.phriao.com"
      },
      {
        "id": "",
        "name": "finance.misffgame.com"
      },
      {
        "id": "",
        "name": "finance.insightivetip.com"
      },
      {
        "id": "",
        "name": "fashion.firenzeire.com"
      },
      {
        "id": "",
        "name": "film.minigame.vip"
      },
      {
        "id": "",
        "name": "f.swiftflexa.com"
      },
      {
        "id": "",
        "name": "f.gameleb.com"
      },
      {
        "id": "",
        "name": "erp.onceisnotenough.ca"
      },
      {
        "id": "",
        "name": "extra.minigame.vip"
      },
      {
        "id": "",
        "name": "electricvehiclefans.faberk.com"
      },
      {
        "id": "",
        "name": "dwz.zinko.top"
      },
      {
        "id": "",
        "name": "e06zh.merifall.com"
      },
      {
        "id": "",
        "name": "dwz.wishself.com"
      },
      {
        "id": "",
        "name": "dwz.povcar.top"
      },
      {
        "id": "",
        "name": "dwz.poping.fun"
      },
      {
        "id": "",
        "name": "dwz.popcar.fun"
      },
      {
        "id": "",
        "name": "dwz.opyaon.fun"
      },
      {
        "id": "",
        "name": "dwz.naxru.top"
      },
      {
        "id": "",
        "name": "dwz.cocolans.fun"
      },
      {
        "id": "",
        "name": "des.luno.fun"
      },
      {
        "id": "",
        "name": "des.fun-goal.com"
      },
      {
        "id": "",
        "name": "de.registrea.com"
      },
      {
        "id": "",
        "name": "cdn.ai-goal.com"
      },
      {
        "id": "",
        "name": "c.misffgame.com"
      },
      {
        "id": "",
        "name": "bsc.ai-goal.com"
      },
      {
        "id": "",
        "name": "brand.minigame.vip"
      },
      {
        "id": "",
        "name": "bg.tingo.fun"
      },
      {
        "id": "",
        "name": "bg.netplay.fun"
      },
      {
        "id": "",
        "name": "ax.runcel.fun"
      },
      {
        "id": "",
        "name": "aug26h.liveingame.com"
      },
      {
        "id": "",
        "name": "as.tingo.fun"
      },
      {
        "id": "",
        "name": "anc.fun-goal.com"
      },
      {
        "id": "",
        "name": "arcade.funforge.site"
      },
      {
        "id": "",
        "name": "anc.fofopub.fun"
      },
      {
        "id": "",
        "name": "am.popcar.fun"
      },
      {
        "id": "",
        "name": "am.tingo.fun"
      },
      {
        "id": "",
        "name": "am.oxhug.fun"
      },
      {
        "id": "",
        "name": "am.fofopub.fun"
      },
      {
        "id": "",
        "name": "aft.lopub.fun"
      },
      {
        "id": "",
        "name": "aft.fofopub.fun"
      },
      {
        "id": "",
        "name": "abs.fun-goal.com"
      },
      {
        "id": "",
        "name": "ab.wishself.com"
      },
      {
        "id": "",
        "name": "ab.tingo.fun"
      },
      {
        "id": "",
        "name": "ab.oxhug.fun"
      },
      {
        "id": "",
        "name": "8aa1ba05.rushquiz.com"
      },
      {
        "id": "",
        "name": "8085.read.newszop.com"
      },
      {
        "id": "",
        "name": "8083.play.quizzop.com"
      },
      {
        "id": "",
        "name": "zontime.com"
      },
      {
        "id": "",
        "name": "zlon.fun"
      },
      {
        "id": "",
        "name": "zippygamez.com"
      },
      {
        "id": "",
        "name": "zinko.top"
      },
      {
        "id": "",
        "name": "zinkgame.top"
      },
      {
        "id": "",
        "name": "zhidagame.com"
      },
      {
        "id": "",
        "name": "zesttipsz.com"
      },
      {
        "id": "",
        "name": "zentrixinfo.com"
      },
      {
        "id": "",
        "name": "zentraxtips.com"
      },
      {
        "id": "",
        "name": "zeldagame.top"
      },
      {
        "id": "",
        "name": "yuyibld.com"
      },
      {
        "id": "",
        "name": "yummyeats888.top"
      },
      {
        "id": "",
        "name": "yongo.fun"
      },
      {
        "id": "",
        "name": "yummybooks.top"
      },
      {
        "id": "",
        "name": "yintao02.com"
      },
      {
        "id": "",
        "name": "xylofy.com"
      },
      {
        "id": "",
        "name": "xqbdh66.com"
      },
      {
        "id": "",
        "name": "xenicgames.top"
      },
      {
        "id": "",
        "name": "wowenjoys.com"
      },
      {
        "id": "",
        "name": "workingusa.net"
      },
      {
        "id": "",
        "name": "wonderfulgames.top"
      },
      {
        "id": "",
        "name": "wokgamer.com"
      },
      {
        "id": "",
        "name": "wooolgame.com"
      },
      {
        "id": "",
        "name": "wishself.com"
      },
      {
        "id": "",
        "name": "wociyu.com"
      },
      {
        "id": "",
        "name": "woffty.fun"
      },
      {
        "id": "",
        "name": "wirelessgame.top"
      },
      {
        "id": "",
        "name": "wisdomgames.top"
      },
      {
        "id": "",
        "name": "windjoy.fun"
      },
      {
        "id": "",
        "name": "weaponscuriosa.com"
      },
      {
        "id": "",
        "name": "widegames.top"
      }
    ],
    "attack_patterns": [
      {
        "id": "9c5a20d1-0df9-4e99-bcc5-0b731a78b5d1",
        "name": "T1608"
      },
      {
        "id": "16e26db7-7376-40c1-b8a9-23d56c44f7ee",
        "name": "T1571"
      },
      {
        "id": "c9ee9b30-ba84-4c24-95e9-e8242d42af3f",
        "name": "T1071.001"
      },
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Colombia"
      },
      {
        "id": "",
        "name": "Argentina"
      },
      {
        "id": "",
        "name": "Mexico"
      },
      {
        "id": "",
        "name": "Brazil"
      },
      {
        "id": "",
        "name": "United States of America"
      },
      {
        "id": "",
        "name": "Technology"
      },
      {
        "id": "",
        "name": "Media"
      },
      {
        "id": "",
        "name": "Telecommunications"
      }
    ]
  },
  "external_refs": [
    "https://www.humansecurity.com/wp-content/uploads/2025/03/BADBOX-2-H5-Domain-List.csv",
    "https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0",
    "https://otx.alienvault.com/pulse/68434df5a7a61c7583cdec3f"
  ]
}