← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CAPE Sandbox - Aurora like Flo.
WHITE msudosos 2026-05-06 Modified: 2026-05-06
408
IOCs
HIGH VOLUME
[This research pulse identifies a file exhibiting high-frequency network activity with minimal local file system impact. The sample bypasses common detection signatures, relying on encrypted communications and rapid DNS resolution to establish external connections.Technical Analysis & MITRE ATT&CKCommand and Control (T1071.001): The sample utilizes standard Web Protocols (HTTP/DNS) for external communication.Reconnaissance (T1589): High volume of unique IP connections (17) and DNS queries (6) suggests automated environmental scanning or identity gathering.Protocol Obfuscation: The presence of 11 unique JA3 fingerprints indicates a sophisticated rotating encryption strategy for SSL/TLS traffic to evade traditional network inspection.Indicators of Compromise (IoCs)File Hash (SHA-256): df8f1674d7034cb48fcd0651304833febfcaf1814c8294839246e9db1d269b1dNetwork Activity with Nextron:HTTP Requests: 5DNS Queries: 6Unique IP Connections: 17Encrypted Traffic: 11 JA3 SSL/TLS fingerprints observed.
html internethtml documentascii textcodedateicann whoisserverregistrar abusewhois statusnoticednssecregistrant nametech emailformtechhandleaddress rangecidrnetwork nameallocation typeallocated pastatuswhois serverentity scipmntnextronshowreadt seriestextroneuropenextron productbrandstransportationtaiwan
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16 / 408 total)
All URL hostname domain FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 email CIDR CVE
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 049957775a1abaccbc114e8b2e37b05c 2026-05-06
FileHash-MD5 66889f9642fd1041e3019e81698eb114 2026-05-06
FileHash-MD5 cd15390277a0d0b6eb193d810bc89c9b 2026-05-06
FileHash-MD5 b2754006224e227aa24f537c2b5ed674 2026-05-06
FileHash-MD5 ce233907f9210d049f0888d392b25580 2026-05-06
FileHash-MD5 7b8805d79e463f582488d32f7aa51b65 MD5 of 4883bc271c8d9bdba656eca7b087562362ee1c4883b1c4809430842d8662e31e 2026-05-06
FileHash-MD5 90121979e1f1b5f5b847139e55504d1d MD5 of 4e0e76f70bc4f3f445e22fd00e6741d93e2c82bbc365b20fee78b6bd918f344b 2026-05-06
FileHash-MD5 9f19f88c7a89e46a5c9c7ea7e3587367 2026-05-06
FileHash-MD5 091f51a7a1c3a4504a224cc081ce9cee 2026-05-06
FileHash-MD5 147903bc7024177e2b3ee7d83bf5bc9b 2026-05-06
FileHash-MD5 2adcdafa97aee3dffbdd6009c545f4be 2026-05-06
FileHash-MD5 3b5c55356366e5153fa4268ffd3290a9 2026-05-06
FileHash-MD5 46f5131e766d248db0248a86c494b71c 2026-05-06
FileHash-MD5 5919f6108f098e14c2f37619021ebd4d 2026-05-06
FileHash-MD5 750b23760bc7f7f0a9bee958c0f0365c 2026-05-06
FileHash-MD5 83a271f4555052daf0bec38e71d39b73 2026-05-06