Pulse Detail — Threat Intelligence

PULSE NAME

CAPE Sandbox - 'vzDownloadManagerUI.exe'

WHITE msudosos 2026-03-19 Modified: 2026-04-18

1449

IOCs

HIGH VOLUME

T1129 - Shared Modules dropper T1059 - Command and Scripting Interpreter cmdline_terminate T1542.003 - Bootkit suspicious_iocontrol_codes T1547 - Boot or Logon Autostart Execution persistence_autorun T1547.001 - Registry Run Keys / Startup Folder persistence_autorun T1542.003 - Bootkit suspicious_iocontrol_codes T1564 - Hide Artifacts persistence_ads T1202 - Indirect Command Execution uses_windows_utilities T1036 - Masquerading accesses_public_folder T1055 - Process Injection resumethread_remote_process creates_suspended_process T1112 - Modify Registry persistence_autorun T1548 - Abuse Elevation Control Mechanism accesses_public_folder T1497 - Virtualization/Sandbox Evasion mouse_movement_detect T1564.004 - NTFS File Attributes persistence_ads T1547 - Boot or Logon Autostart Execution persistence_autorun see references for the rest

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1036 T1055 T1057 T1059 T1071 T1082 T1112 T1129 T1202 T1485 T1496 T1497 T1542 T1547 T1548 T1564

Indicators of Compromise (46 / 1449 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://1.0.89.0	—	2026-03-19
URL	http://2.0.0.0	—	2026-03-19
URL	http://8.0.0.0	—	2026-03-19
URL	http://1.0.0.0	—	2026-03-19
URL	http://131.107.255.255	—	2026-03-19
URL	http://3.0.0.0	—	2026-03-19
URL	http://3.5.0.0	—	2026-03-19
URL	http://authrootstl.cab?eb7e93e7481b5487	—	2026-03-19
URL	http://axis.ws.hnmrsp.verizon.com/getMessages	—	2026-03-19
URL	http://disallowedcertstl.cab?7a57c26370f910b6	—	2026-03-19
URL	http://disallowedcertstl.cab?b9e0dcd1273c650d	—	2026-03-19
URL	http://cdp1.public-trust.com/CRL/Omniroot2025.crl	—	2026-03-19
URL	http://crl.omniroot.com/PublicSureCodeSign.crl	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?eb7e93e7481b5487	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7a57c26370f910b6	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b9e0dcd1273c650d	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?57e9f1faa10d4c8c	—	2026-03-19
URL	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsMayxGaRewR3PGR9SvwMg%3D	—	2026-03-19
URL	http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBR0TBEVYklX7A9yLoLD9hqmCWDxFgQU3pGGSLehMVkx8UtfB6nciHnaqHYCEzMAAAAPMyBlN%2B5Crk8AAAAAAA8%3D	—	2026-03-19
URL	http://system.data.sqlite.org/	—	2026-03-19
URL	http://www.sqlite.org/copyright.html	—	2026-03-19
URL	http://www22.verizon.com/foryourhome/ihamc/messagecenterservice.asmx	—	2026-03-19
URL	http://pinrulesstl.cab?57e9f1faa10d4c8c	—	2026-03-19
URL	http://1.0.89.0	—	2026-03-19
URL	http://2.0.0.0	—	2026-03-19
URL	http://8.0.0.0	—	2026-03-19
URL	http://1.0.0.0	—	2026-03-19
URL	http://131.107.255.255	—	2026-03-19
URL	http://3.0.0.0	—	2026-03-19
URL	http://3.5.0.0	—	2026-03-19
URL	http://authrootstl.cab?eb7e93e7481b5487	—	2026-03-19
URL	http://axis.ws.hnmrsp.verizon.com/getMessages	—	2026-03-19
URL	http://cdp1.public-trust.com/CRL/Omniroot2025.crl	—	2026-03-19
URL	http://crl.omniroot.com/PublicSureCodeSign.crl	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?eb7e93e7481b5487	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7a57c26370f910b6	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b9e0dcd1273c650d	—	2026-03-19
URL	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?57e9f1faa10d4c8c	—	2026-03-19
URL	http://disallowedcertstl.cab?7a57c26370f910b6	—	2026-03-19
URL	http://disallowedcertstl.cab?b9e0dcd1273c650d	—	2026-03-19
URL	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsMayxGaRewR3PGR9SvwMg%3D	—	2026-03-19
URL	http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBR0TBEVYklX7A9yLoLD9hqmCWDxFgQU3pGGSLehMVkx8UtfB6nciHnaqHYCEzMAAAAPMyBlN%2B5Crk8AAAAAAA8%3D	—	2026-03-19
URL	http://pinrulesstl.cab?57e9f1faa10d4c8c	—	2026-03-19
URL	http://system.data.sqlite.org/	—	2026-03-19
URL	http://www.sqlite.org/copyright.html	—	2026-03-19
URL	http://www22.verizon.com/foryourhome/ihamc/messagecenterservice.asmx	—	2026-03-19

References (1)

↗