← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
* No Flags, Drops, MITRE + More. * CAPE Sandbox
WHITE TrojanSpy msudosos 2026-05-11 Modified: 2026-05-22
647
IOCs
HIGH VOLUME
ID OB0012 Created 1 August 2019 Last Modified 27 September 2023 Persistence Today I discovered this {https://github.com/MBCProject/mbc-markdown/blob/3559ac6c87a7e8ea9a1fa01bf1155032d7fcdcac/persistence/shutdown-event.md] <this rep. is likely being used in this malware. I haven't ever used Git so I need to look through this more. Do not run this. Behaviors that enable malware to remain on a system regardless of system events, such as reboots. Bootkit F0013 Component Firmware F0009 Hide Artifacts E1564 Hidden Files and Directories F0005 Hijack Execution Flow F0015 Install Insecure or Malicious Configuration B0047 Kernel Modules and Extensions F0010 Malicious Network Driver B0026 Modify Existing Service F0011 Modify Registry E1112 Registry Run Keys / Startup Folder F0012 Ingress Tool Transfer E1105 Shutdown Event B0035
defaultfile sizemwdbbazaarsha3384ssdeepstronglibraryfile typesha1acceptbootkitshutdowndefense evasionmitre attacknetwork infoprocesses extrasigmaperforms dnsoverviewoverview zenboxverdictguest systemultimate filenextrules notinjectionevasionnot foundmitremediuminfo idsfound sigmafoundfilesdestructioncape sandboxzenboxdetections notfound mitrefraudwiperpdfkit[.net]sandbox evasionshellcode hiding in md5expirednot signed
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (130 / 647 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname domain Mutex
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 063d4491ff8d8146b167ee4b24e304fc 2026-05-11
FileHash-MD5 0b4b831dd3ed4bbb161267c0ce2c9e62 2026-05-11
FileHash-MD5 0fb71a79c1269e2ba50fb92eb92866d6 2026-05-11
FileHash-MD5 10fc635df6263e0df325be5f79cd6767 MD5 of 742c3192e607e424eb4549542be1bbc53e6174e2 2026-05-11
FileHash-MD5 1566e699ee42eaa571700f3ad30b2dba 2026-05-11
FileHash-MD5 1747662ec02985e63c762941539bf920 2026-05-11
FileHash-MD5 1bfe69d191b71933a372a80fe155e5b5 MD5 of 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e 2026-05-11
FileHash-MD5 1d37c081a0fa812f89223c772dbe2d9d 2026-05-11
FileHash-MD5 1e42c7c10c0b9fe1d8c7ae1a43e7490e 2026-05-11
FileHash-MD5 1f994dee745db716e590186e64bad5e4 2026-05-11
FileHash-MD5 21f34ea4900bf04f5aa1c4448d7a87f8 2026-05-11
FileHash-MD5 29cfb77cf3c564d065563e6e57bb8f57 2026-05-11
FileHash-MD5 2af07184f569d978ecd73f706984ea51 2026-05-11
FileHash-MD5 37942958862a06e6bbcfd7ab59c7f23c MD5 of 31f9fc8ba3805986b721ea7295c65b3a44534274 2026-05-11
FileHash-MD5 3cd6df4dd5cd7f6d9966ff94723a5be3 2026-05-11
FileHash-MD5 4193f74685e68bd14aecc468aedfa8b0 2026-05-11
FileHash-MD5 46887e9e6164378e90c1498dfe497ba6 2026-05-11
FileHash-MD5 4899127c2cd1f6d81c63453129fdb458 2026-05-11
FileHash-MD5 497904b0eb8719ac47b0bc11519b74d0 MD5 of d1eb23a46d17d68fd92564c2f1f1601764d8e349 2026-05-11
FileHash-MD5 4aed1054157cbc54509996234909fc5a 2026-05-11
FileHash-MD5 4cbc4d73fe9087c931e6afde387f52bb 2026-05-11
FileHash-MD5 4f0234ad0ee37e3182d35b0ebfafbc3e MD5 of a377d1b1c0538833035211f4083d00fecc414dab 2026-05-11
FileHash-MD5 4f0fdd7de8a2f6a1220fa3b193ef54ac 2026-05-11
FileHash-MD5 4f89da665e512350058c520174611135 2026-05-11
FileHash-MD5 4fdd07e4d42264391e0c3742ead1c6ae MD5 of 8094640eb5a7a1ca119c1fddd59f810263a7fbd1 2026-05-11
FileHash-MD5 51184ae465ed4eb68ee9a43045f4ef4e 2026-05-11
FileHash-MD5 53f9f78f4f86c2e5f98946f6aa5027ad 2026-05-11
FileHash-MD5 556ebef54c1d7c0360c43418bc9649c1 MD5 of 245c97df7514e7cf2df8be72ae957b9e04741e85 2026-05-11
FileHash-MD5 57463222949f553750d9af48c1282d71 2026-05-11
FileHash-MD5 5b40fbbce82078b2ce89368ee0ab98a7 2026-05-11
FileHash-MD5 5c4eb9bfd2bba1afb09472b17fdeccf5 MD5 of abd30d3eecf2d0ba913e208b4c3aebba79b0324c 2026-05-11
FileHash-MD5 5ef3330b14919c4f44f58df982603b6f 2026-05-11
FileHash-MD5 621f258367e0ff8029cb83060e9338da 2026-05-11
FileHash-MD5 68ab67ca330133017706cb5110e47a00 2026-05-11
FileHash-MD5 6c672c9c3881351bbb6f0ccb6c07664d 2026-05-11
FileHash-MD5 71d0a5ff2d59741694bee37d1e5c860b MD5 of 92b46c76e13054e104f230517e6e504d43ab10b5 2026-05-11
FileHash-MD5 7411c7ee779391bb5497e3a02462fc6b 2026-05-11
FileHash-MD5 799952bb2a92bc6afdf42afdd4feb097 MD5 of 27748148bbe67a43cdbfec6c3784862ce134e6ea 2026-05-11
FileHash-MD5 7ebbfa851a712dedf3dd70efd9e56f13 2026-05-11
FileHash-MD5 7f667a71d3eb6978209a51149d83da20 MD5 of be36a4562fb2ee05dbb3d32323adf445084ed656 2026-05-11
FileHash-MD5 80481c3169fe9feadd26e9f3983ce2fd 2026-05-11
FileHash-MD5 828a4c1355efea290c04419fa646bbae 2026-05-11
FileHash-MD5 857cfff5c5663a1d840525e8d02e181e 2026-05-11
FileHash-MD5 8600605479a48e963a2270db7eb671ff 2026-05-11
FileHash-MD5 88033e3609013d342c7dcb58c3a4ad63 2026-05-11
FileHash-MD5 899e0199fdc9127a86da12310bd2784e 2026-05-11
FileHash-MD5 8b941ac6760bbdc878cbadc67addcbd6 2026-05-11
FileHash-MD5 93352c8412864e98d2c9eefec1d34987 2026-05-11
FileHash-MD5 9bd6327addc46fd0a5e2f54da45aa5ab 2026-05-11
FileHash-MD5 9ea7e76f517e21c47ae3a239576d1c79 2026-05-11
FileHash-MD5 a99d51d2a7abfb5d1e9e77a97429c3dd 2026-05-11
FileHash-MD5 a9a059ff9c43d494019481925fd34aad 2026-05-11
FileHash-MD5 acd80ea27bb72ce700dc22724a5f1e92 MD5 of d559a586669b08f46a30a133f8a9ed3d038e2ea8 2026-05-11
FileHash-MD5 afcc8cf12856c42ca783216fa43de3a2 2026-05-11
FileHash-MD5 b071485138d7c073e7292a54fe2eb969 2026-05-11
FileHash-MD5 b0a1db5507cc612f8bfd3b2a91daf7e8 2026-05-11
FileHash-MD5 b8d7d3e2605319d471a3368bda1bc7e8 2026-05-11
FileHash-MD5 bdcd3ae3015940e86af1f7a15868b948 2026-05-11
FileHash-MD5 be954f16012122448ca8bc279602acf5 MD5 of f40042e2e5f7e8ef8189fed15519aece42c3bfa2 2026-05-11
FileHash-MD5 bed4d55c682807a31ba184a502d6914c 2026-05-11
FileHash-MD5 cd23cb4c512cfedeb09ca33e773fb4b3 2026-05-11
FileHash-MD5 cddfaa769d227e9b8c7d78be3169895d 2026-05-11
FileHash-MD5 d2a0791e295c47056672c8a9206e8ab9 2026-05-11
FileHash-MD5 d2bbca5000119761461fa8a34b9328a8 2026-05-11
FileHash-MD5 d444a3810e8afe7bf3b1cf22c6ba3166 2026-05-11
FileHash-MD5 d8f7bce3bcb2b21919e5875dc9877a39 2026-05-11
FileHash-MD5 dadc1792b6d82d49373e72d891891a9f 2026-05-11
FileHash-MD5 dc6d6faf897cdd17332fb5ba9035e9ce MD5 of 7f88cd7223f3c813818c994614a89c99fa3b5247 2026-05-11
FileHash-MD5 dc84b0d741e5beae8070013addcc8c28 2026-05-11
FileHash-MD5 dca9290714dcc8ef440e7945a62b8fce 2026-05-11
FileHash-MD5 dd131ba0ff5f6354a4734e5a5f4d74c5 2026-05-11
FileHash-MD5 dd4a3bd8b9ff61628346391ea9987e1d 2026-05-11
FileHash-MD5 e08e1505a8b50aae5f6f87483c253d3a 2026-05-11
FileHash-MD5 e1c07ea0aabbd4b77b84c228117808a7 MD5 of cdd4eeae6000ac7f40c3802c171e30148030c072 2026-05-11
FileHash-MD5 e6f9a14f9a99160d7ffc55477649f8aa 2026-05-11
FileHash-MD5 e9d0128aca783dc78f466f0683b4553e 2026-05-11
FileHash-MD5 eaafe71fcc406d142452d7c61f815959 2026-05-11
FileHash-MD5 eb1577b40b3c8babae346dd98ead0780 MD5 of 51501fbfce69189d609cfaf140c576755dcc1fdf 2026-05-11
FileHash-MD5 f18cb7d94946eb2bc35e6b65bbb40a0b 2026-05-11
FileHash-MD5 f41fd134eb43fa0493bc662fcae2aa37 2026-05-11
FileHash-MD5 f7848d7bce3453f3f9e1c43c8b1be962 2026-05-11
FileHash-MD5 fcc47fe8518421ce4b6927a1dbb7e206 2026-05-11
FileHash-MD5 2a437a144bdc55c8e8b7107233aa83e6 2026-05-11
FileHash-MD5 cd08e31494f9531f560d64c695473da9 2026-05-11
FileHash-MD5 0cf2eccdc5e032ad8ab8eb6dd11efa2c 2026-05-11
FileHash-MD5 682503992ee0e5dd4468efac5147a5fe 2026-05-11
FileHash-MD5 775ebf2c7b19f12e0abd4fba8b5bb941 2026-05-11
FileHash-MD5 bdc373fc9c9e24e2a66fb477438523cf 2026-05-11
FileHash-MD5 cd08e31494f9531f560d64c695473da9 2026-05-11
FileHash-MD5 5d17c7f86af1a923b76333c969e8ba47 2026-05-22
FileHash-MD5 776211b9cebeff4ff8a06ce4952430b7 2026-05-22
FileHash-MD5 7fa974366048f9c551ef45714595665e 2026-05-22
FileHash-MD5 c732470b0e4adf90418f4c69cfa7075b 2026-05-22
FileHash-MD5 dc7b159bce6a7223f27e7c7dc63ffb50 2026-05-22
FileHash-MD5 5d17c7f86af1a923b76333c969e8ba47 2026-05-22
FileHash-MD5 776211b9cebeff4ff8a06ce4952430b7 2026-05-22
FileHash-MD5 7fa974366048f9c551ef45714595665e 2026-05-22
FileHash-MD5 c732470b0e4adf90418f4c69cfa7075b 2026-05-22
FileHash-MD5 dc7b159bce6a7223f27e7c7dc63ffb50 2026-05-22
FileHash-MD5 40fba3fbfd5e33e0de1ba45472fda66f 2026-05-22
FileHash-MD5 ad5296b280e8f522a8a897c96bab0e1d 2026-05-22
FileHash-MD5 ea777deea782e8b4d7c7c33bbf8a4496 2026-05-22
FileHash-MD5 f3bdbe3bb6f734e357235f4d5898582d 2026-05-22
FileHash-MD5 0cf2eccdc5e032ad8ab8eb6dd11efa2c 2026-05-22
FileHash-MD5 40fba3fbfd5e33e0de1ba45472fda66f 2026-05-22
FileHash-MD5 5d17c7f86af1a923b76333c969e8ba47 2026-05-22
FileHash-MD5 682503992ee0e5dd4468efac5147a5fe 2026-05-22
FileHash-MD5 775ebf2c7b19f12e0abd4fba8b5bb941 2026-05-22
FileHash-MD5 776211b9cebeff4ff8a06ce4952430b7 2026-05-22
FileHash-MD5 7fa974366048f9c551ef45714595665e 2026-05-22
FileHash-MD5 ad5296b280e8f522a8a897c96bab0e1d 2026-05-22
FileHash-MD5 bdc373fc9c9e24e2a66fb477438523cf 2026-05-22
FileHash-MD5 c732470b0e4adf90418f4c69cfa7075b 2026-05-22
FileHash-MD5 cd08e31494f9531f560d64c695473da9 2026-05-22
FileHash-MD5 dc7b159bce6a7223f27e7c7dc63ffb50 2026-05-22
FileHash-MD5 ea777deea782e8b4d7c7c33bbf8a4496 2026-05-22
FileHash-MD5 f3bdbe3bb6f734e357235f4d5898582d 2026-05-22
FileHash-MD5 5d17c7f86af1a923b76333c969e8ba47 2026-05-22
FileHash-MD5 776211b9cebeff4ff8a06ce4952430b7 2026-05-22
FileHash-MD5 7fa974366048f9c551ef45714595665e 2026-05-22
FileHash-MD5 c732470b0e4adf90418f4c69cfa7075b 2026-05-22
FileHash-MD5 dc7b159bce6a7223f27e7c7dc63ffb50 2026-05-22
FileHash-MD5 40fba3fbfd5e33e0de1ba45472fda66f 2026-05-22
FileHash-MD5 ad5296b280e8f522a8a897c96bab0e1d 2026-05-22
FileHash-MD5 ea777deea782e8b4d7c7c33bbf8a4496 2026-05-22
FileHash-MD5 f3bdbe3bb6f734e357235f4d5898582d 2026-05-22
FileHash-MD5 ea777deea782e8b4d7c7c33bbf8a4496 2026-05-22
FileHash-MD5 f3bdbe3bb6f734e357235f4d5898582d 2026-05-22
FileHash-MD5 ea777deea782e8b4d7c7c33bbf8a4496 2026-05-22
FileHash-MD5 f3bdbe3bb6f734e357235f4d5898582d 2026-05-22
References (4)
↗ https://vtbehaviour.commondatastorage.googleapis.com/64d940ed0cdcc62ff7ff0a00c57a486580309773dbf89b94a63339ce97c2792b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778512413&Signature=e%2FOQUFCdl6mG%2FVw1jWUt7JVEvUMDGdL0qTkVuMhleZvju90tDDGBWkN70V6AEMn81ckpNectbzu%2B35Ofrit1gTXkEdOLHigu6qE%2BrT3vIC81BH65xFoYz4vAmE2UdFt21KE9Zas%2BRpTOTqbTAPwoprdoH9KmCcVRpcj2fVn7jij4cQmlFbayz%2FH4AkRMh1EAr9IyxYEcUXUj4bkLvn7%2BMHZIYqsFP65EbtVAws7CxvbFmiF9 ↗ https://vtbehaviour.commondatastorage.googleapis.com/c0df36ccf88d5c8434b13b58f7a55a9715643a126148b9d078a93075d09cad26_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778512494&Signature=IyGjHZi7N286Zz2nRVR3HMmGSVCpdy6tyAKCyI4hGwox9174JLlTx73eEIXC5CkxOw85f%2BvcX%2BiV90DJ2IENlMD5h3mvRRG8Pr63SeXvNFNEDZXEr06GYORqKum94zNlDJsyCtOO1WBS%2B6zVEo2EI%2Bwf7WDs6fF12dXKWZPlqohK7buL36UkZI0%2FKKr0se40JjqaZj%2B2GT%2F7568PBNfUT%2FXydO3FPBN0zTRQRTG72Wyxth7o%2Flc7 ↗ cddfaa769d227e9b8c7d78be3169895d SHA-1 b719eff788239f59cec3f0ea4efab4aa5c8cfd28 SHA-256 64d940ed0cdcc62ff7ff0a00c57a486580309773dbf89b94a63339ce97c2792b Vhash 94005c460c2f34db9d47d4d59c392e7ff SSDEEP 6144:/mkxHzOMbL9Ygyd7fJoHQX3ZSSZACkGSim+trsgGg:PHKM/y1dTWHOZnVk13g TLSH T1524412A4CE47D183DD63D43909A0B192DBD2B1479AC424A93AAC5BE35F01B53EE23DC7 File type PDF document pdf Magic PDF document, version 1.7 (zip deflate encoded) TrID Adobe Portable Document Format (100%) Magika PDF File size 256.84 KB (263001 byt