← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CAPE Sandbox- Very Evasive and Aggressive 'bot?'.......
WHITE msudosos 2026-04-15 Modified: 2026-05-15
561
IOCs
HIGH VOLUME
A full report on the Microsoft Office malware, published on 3 February 2026, has been published online by the University of California, Los Angeles, and the National Security Agency (NSA) in New York.> This is malicious.
settingsfirst counterdefaulttoolspanosemwdbbazaarsha3384ssdeepfile sizembisslshortacceptbridgeinfodatelightagentshutdownrootperforms dnsextra infoattack networkinfo droppedinfo processeszenbox verdictguest systemultimate fileinfo fileascii textmaliciousnextmitre attacknetwork infoprocesses extraoverviewoverview zenboxverdictunknown
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (84 / 561 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname email domain
TYPEINDICATORDESCRIPTIONCREATED
URL http://4.0.0.0 2026-04-15
URL https://assets.knak.io 2026-04-15
URL https://assets.knak.io/custom-fonts/Arial/Ari= 2026-04-15
URL https://client-data.knak.io/pr= 2026-04-15
URL https://client-data.knak.io/productio= 2026-04-15
URL https://client-data.knak.io/production/= 2026-04-15
URL https://client-data.knak.io/production/ema= 2026-04-15
URL https://client-data.knak.io/production/email_assets/61797405328db/grjMl= 2026-04-15
URL https://production.k-trk.com/ktrack/?k=3D693b47b80= 2026-04-15
URL https://client-data.knak.io/production/email_assets/641a08182fdeb/gjR331RA= 2026-04-15
URL https://go.ubteam.com/rs/u= 2026-04-15
URL https://go.ubteam.com/rs/ubtmarketingptyltd/images/QU31VtBBTL5ZLpXrFIbqCjj= 2026-04-15
URL https://ubt.halopsa.com/api/attachment/image?token= 2026-04-15
URL http://131.107.255.255 2026-04-15
URL http://3.0.0.0 2026-04-15
URL http://disallowedcertstl.cab?b3d1711afb9003a4 2026-04-15
URL http://disallowedcertstl.cab?c383efd4ba1e0321 2026-04-15
URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b3d1711afb9003a4 2026-04-15
URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c383efd4ba1e0321 2026-04-15
URL http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?1ebd2acff8a75a55 2026-04-15
URL http://e6.c.lencr.org/109.crl 2026-04-15
URL http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D 2026-04-15
URL http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D 2026-04-15
URL http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D 2026-04-15
URL http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEA%2FPa5YZ3wKyNKM%2Bidb8%2BGI%3D 2026-04-15
URL http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEAoMG68xwLYAWWA10rHs8IM%3D 2026-04-15
URL http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAt6aP5CERqiepoA%2F8VaDYg%3D 2026-04-15
URL http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D 2026-04-15
URL http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D 2026-04-15
URL http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D 2026-04-15
URL http://x1.c.lencr.org/ 2026-04-15
URL https://api.office.net 2026-04-15
URL https://hubblecontent.osi.office.net/ 2026-04-15
URL https://hubblecontent.osi.office.net/contentsvc/api/telemetry 2026-04-15
URL https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1 2026-04-15
URL https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1 2026-04-15
URL https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1 2026-04-15
URL https://hubblecontent.osi.office.net/contentsvc/microsofticon 2026-04-15
URL https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing 2026-04-15
URL https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt 2026-04-15
URL https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook 2026-04-15
URL https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr 2026-04-15
URL https://insertmedia.bing.office.net/odc/insertmedia 2026-04-15
URL https://o15.officeredir.microsoft.com/r 2026-04-15
URL https://ocsa.office.microsoft.com/client/15/help/clvupd 2026-04-15
URL https://ocsa.office.microsoft.com/client/15/help/template 2026-04-15
URL https://onedrive.live.com 2026-04-15
URL https://storage.live.com/clientlogs/uploadlocation 2026-04-15
URL https://support.microsoft.com/ems/clients/inapp 2026-04-15
URL https://support.office.microsoft.com/client/results 2026-04-15
URL https://word-edit.officeapps.live.com/we/rrdiscovery.ashx 2026-04-15
URL http://pinrulesstl.cab?1ebd2acff8a75a55 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfx= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrnUqgnQBhofHJnFTYTQll= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrnZPrz9KArpK-poalJ= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrnhNRE_4Tmx769CLjjli= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrniuDv3LGlkrRz0Ws58X4SgTULTteL= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrniuDv3LGlkrRz0Ws58X= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrnoLPP8APvrDSSOt9-6X1= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrnoztGEr1DWYTY_HUckD= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrnqJpyIGelY1e29b3EZn= 2026-04-15
URL https://go.lumen.com/OTI2LUhZVi03NDAAAAGfxDmrnsUzx10ELdv_8TEdKLe= 2026-04-15
URL https://www.lumen.com/en-us/home.html 2026-04-15
URL https://app.smartsheet.com/b/form/7735201af6d64fb3aeb9e= 2026-04-15
URL https://app.smartsheet.com/b/form/7735201af= 2026-04-15
URL https://linkprotect.cudasvc.com 2026-04-15
URL https://linkprotect.cudasvc.com/url?a=3Dhttp%3a%2f%2fwww.un= 2026-04-15
URL https://ubteam.zoom.us/j/97386484915 2026-04-15
URL https://ubteam.zoom.us/j/97386484= 2026-04-15
URL https://ubteam.zoom.us/j/97= 2026-04-15
URL https://ubteam.zoom.us/j/9= 2026-04-15
URL https://ubteam.zoom.us/u/ab= 2026-04-15
URL https://ubteam.zoom.us/u/abDIfbgf7c 2026-04-15
URL http://hq.swiftlier.com/ 2026-04-15
URL https://researchportal.canaccord.com/Analyst/Detail/1186 2026-04-15
URL https://mail.gov.mt/ 2026-04-15
URL http://snow-is.sn.six-group.net/ 2026-04-15
URL http://teams.ucol.ac.nz 2026-04-15
URL https://oauth2.admin.evd-2.int.aks.lightops.cloud.slb-ds.com/lightops-auth/callback&response_type=code&scope=openid+email+profile&state=zHnNC_zFSjGJwJvEi8fZqrntnVTIrK2SXYOnIryEQc8: 2026-04-15
URL https://student.ucol.ac.nz 2026-04-15
URL http://lowtrap.mom/api/bot/heartbeat 2026-04-15
URL https://dl.isready26.online/image/ldk4945jfds.gif 2026-04-15
URL http://www.dragonboss.com/contact 2026-04-15
URL https://www.chromnius.com/download/installer/64.exe%3Ftime%3D27012024121310 2026-04-15
References (4)
↗ https://vtbehaviour.commondatastorage.googleapis.com/930fd5e980c675c0eeb55d1c3c4b462dae4e9add472228ef9d9d3941d8603c48_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776246714&Signature=jA8ZNQzdLZfCMA%2BeZdzBjB3xA0B7xKtgmBMmVGhpCsbkEU53LPuuNVLyugFpe7diOUDoR55j7HbDl9qcOHkMPamkpv3i44NiD46yJbU4LSQkaP1qPkrF0YTWKn4PkEnuUYIAEr6z6J76c33VYseiQzUFAb%2F2EmiSrP2P0B%2BTV3lvRclFr%2FAxEVTCCZcmWffeMujO3jhC9czl3rYy9DQH1v23x4tcX0%2BcVcRjvTPUjfACcx8trhtm ↗ https://vtbehaviour.commondatastorage.googleapis.com/7ee979e976acf8f47699717010a1a0259a991b62d6690571d8b68dd16b294b2b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776246777&Signature=yNFSBGy%2Bm8tg5Sl9XzqsISl5kfgoB4%2Fnf%2FJn6WTRwmAZFUp51dt85ONZCzDMwEPqIoiUXlYybE4s09saW5RxfASOPh2spHs6dyCMsXnDPX%2Bk97XShYdomVvaBJsmRZDzDF1inptzQCRTtdDSe9IeE0ZE0Sr7AlXrkR1sVf151d4nyK3gdcwxaojAALetWrh%2Fx%2BjcpJYEo7D5hlba1zTfWJ57CQVjWvixx1vFyzw%2B8s59JIuuvTK25JI2 ↗ https://vtbehaviour.commondatastorage.googleapis.com/930fd5e980c675c0eeb55d1c3c4b462dae4e9add472228ef9d9d3941d8603c48_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776246967&Signature=Ir5y9DGvGgNLFUDY8U6XR53N35ujwlwfUYKT1GK9MfB1XTAtJk8qVigh7fO1EPVnJQP%2BkVNsUCkx1JjW9L03u0PfThYXwIBYbjulP7glaB%2BqBIqGVjsKq%2BlOwN0MLlSG408dZWbdUekl6p8wKR8L4Y1wXpN5UU%2F6gKv2dm9WFA9aHsBZd3K33gYAJ0cjsJEz%2BY4WITcbYvW0eJDyk7JGmMa1c4VaL6Wqud26xKwdeyOExz3D472vYkEAROfQ ↗ https://vtbehaviour.commondatastorage.googleapis.com/930fd5e980c675c0eeb55d1c3c4b462dae4e9add472228ef9d9d3941d8603c48_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776246921&Signature=X1jzLW3418s%2FQ18Krko%2B307kskS6d2hv1BEZN918A03%2BgNR7LtEHC48e5%2F3mRCz0n3H1wrLvbc3pB9GFSEcPI1iYWIN2YZa8TRUv8pk%2BTsrfc0GlUPG1JwElP67v80tNQVAvFXYkI00vaXUyTEIAWltRkZnJCH1iOD%2BnGOcmzDsQ28fJBY6ZXAoee8pz1CL%2B95j7wn8%2FdET4YQdhduJj0x3M%2BM5oon%2FgzuHLI70rvQ