← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
* No Flags, Drops, MITRE + More. * CAPE Sandbox
WHITE TrojanSpy msudosos 2026-05-11 Modified: 2026-05-22
647
IOCs
HIGH VOLUME
ID OB0012 Created 1 August 2019 Last Modified 27 September 2023 Persistence Today I discovered this {https://github.com/MBCProject/mbc-markdown/blob/3559ac6c87a7e8ea9a1fa01bf1155032d7fcdcac/persistence/shutdown-event.md] <this rep. is likely being used in this malware. I haven't ever used Git so I need to look through this more. Do not run this. Behaviors that enable malware to remain on a system regardless of system events, such as reboots. Bootkit F0013 Component Firmware F0009 Hide Artifacts E1564 Hidden Files and Directories F0005 Hijack Execution Flow F0015 Install Insecure or Malicious Configuration B0047 Kernel Modules and Extensions F0010 Malicious Network Driver B0026 Modify Existing Service F0011 Modify Registry E1112 Registry Run Keys / Startup Folder F0012 Ingress Tool Transfer E1105 Shutdown Event B0035
defaultfile sizemwdbbazaarsha3384ssdeepstronglibraryfile typesha1acceptbootkitshutdowndefense evasionmitre attacknetwork infoprocesses extrasigmaperforms dnsoverviewoverview zenboxverdictguest systemultimate filenextrules notinjectionevasionnot foundmitremediuminfo idsfound sigmafoundfilesdestructioncape sandboxzenboxdetections notfound mitrefraudwiperpdfkit[.net]sandbox evasionshellcode hiding in md5expirednot signed
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (112 / 647 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL hostname domain Mutex
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 0119e81be9a14cd8e22f40ac118c687ecba3f4d8 2026-05-11
FileHash-SHA1 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 2026-05-11
FileHash-SHA1 058243d5b687ecd20d37491e83279b0f6d86cf0c 2026-05-11
FileHash-SHA1 06f1aa330b927b753a40e68cdf22e34bcbef3352 2026-05-11
FileHash-SHA1 07049a8155cf6bbcf83093874d538bc1cda47fdf 2026-05-11
FileHash-SHA1 07e032e020b72c3f192f0628a2593a19a70f069e 2026-05-11
FileHash-SHA1 0a4720b834e50d7dbb850f112e322d6fc64334b1 2026-05-11
FileHash-SHA1 0cc0345b39c4d8ce5a27c38e326607b790937a37 2026-05-11
FileHash-SHA1 109f1caed645bb78b3ea2b94c0697c740733031c 2026-05-11
FileHash-SHA1 14f5b3715f0578d35cbcc2cbf6d7ee9da5ff2a27 2026-05-11
FileHash-SHA1 18f7c1fcc3090203fd5baa2f861a754976c8dd25 2026-05-11
FileHash-SHA1 198eedc23d0eb29070973617e595a045aa211e36 2026-05-11
FileHash-SHA1 1b2525f225117d3b6b865e6a0be25d66c3a57d3b 2026-05-11
FileHash-SHA1 1b511abead59c6ce207077c0bf0e0043b1382612 2026-05-11
FileHash-SHA1 1efe289bde4da968ca93090ed5728bf6c66a4667 2026-05-11
FileHash-SHA1 1f24c630cda418ef2069ffad4fdd5f463a1b69aa 2026-05-11
FileHash-SHA1 21c335c35a481e1d0e25849a089d5509a7f5f61d 2026-05-11
FileHash-SHA1 245c97df7514e7cf2df8be72ae957b9e04741e85 2026-05-11
FileHash-SHA1 27748148bbe67a43cdbfec6c3784862ce134e6ea 2026-05-11
FileHash-SHA1 2796bae63f1801e277261ba0d77770028f20eee4 2026-05-11
FileHash-SHA1 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e 2026-05-11
FileHash-SHA1 31f9fc8ba3805986b721ea7295c65b3a44534274 2026-05-11
FileHash-SHA1 36f3ba557172e1419eba358106bb5b0f2eb44f7e 2026-05-11
FileHash-SHA1 37096f87bf729b2de8a97c88bddeafe1898e2f2a 2026-05-11
FileHash-SHA1 3a06eac9981a3ae4631b7c7b9e8382ac5cbbe50e 2026-05-11
FileHash-SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5 2026-05-11
FileHash-SHA1 3b62313ae03e66320597cff7f6ad964757928d44 2026-05-11
FileHash-SHA1 42e0b1fd405472333d91fbb12880745169410d80 2026-05-11
FileHash-SHA1 470c4e246ed16f2475df1ee603b74da9af7eb4ca 2026-05-11
FileHash-SHA1 474076c122cacaaf112469fc62976bb69187aa2b 2026-05-11
FileHash-SHA1 4ce92857c01c33f0bd342331860787ea2d1ee5ae 2026-05-11
FileHash-SHA1 4efc31460c619ecae59c1bce2c008036d94c84b8 2026-05-11
FileHash-SHA1 4f7c94e9e03d6de348095177abc7b3a60c8dd6cb 2026-05-11
FileHash-SHA1 51501fbfce69189d609cfaf140c576755dcc1fdf 2026-05-11
FileHash-SHA1 5c8e0d460dda1bacb1ebbbb9e174de49880814a6 2026-05-11
FileHash-SHA1 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25 2026-05-11
FileHash-SHA1 66655bb1a5d8d0d5d3187d31eaac9d1e616f5e63 2026-05-11
FileHash-SHA1 6694dd50a4eb044ae8e42495ab2cbfc3f40ff334 2026-05-11
FileHash-SHA1 6e47a821b17530d5c5fe7b1646ecc41f925e38d1 2026-05-11
FileHash-SHA1 710133455461954c7e227438508d842b19c0abc9 2026-05-11
FileHash-SHA1 72016938fa719bc7a102329405135ff91d9457c7 2026-05-11
FileHash-SHA1 7292a917707d174f7f98bbcd7e248000ebcfe9e0 2026-05-11
FileHash-SHA1 73a5e64a3bff8316ff0edccc618a906e4eae4d74 2026-05-11
FileHash-SHA1 742c3192e607e424eb4549542be1bbc53e6174e2 2026-05-11
FileHash-SHA1 76d43625352b0324c6a4f682b33f5e926f60300a 2026-05-11
FileHash-SHA1 77ca272a62770be333c272517c41e8231b85e712 2026-05-11
FileHash-SHA1 7b0f360b775f76c94a12ca48445aa2d2a875701c 2026-05-11
FileHash-SHA1 7e04de896a3e666d00e687d33ffad93be83d349e 2026-05-11
FileHash-SHA1 7e8ffa612013b7c36fc9559035ac886aa4375d1c 2026-05-11
FileHash-SHA1 7f88cd7223f3c813818c994614a89c99fa3b5247 2026-05-11
FileHash-SHA1 802f4a6a20cbf157aaf6c4e07e4301578d5936a2 2026-05-11
FileHash-SHA1 8094640eb5a7a1ca119c1fddd59f810263a7fbd1 2026-05-11
FileHash-SHA1 8931805256105dfe881b37e1ba72acb7f12bf3c5 2026-05-11
FileHash-SHA1 8cf427fd790c3ad166068de81e57efbb932272d4 2026-05-11
FileHash-SHA1 8f43288ad272f3103b6fb1428485ea3014c0bcfe 2026-05-11
FileHash-SHA1 9085ef390ce52d4da25e1c2541bc6b0036de08a2 2026-05-11
FileHash-SHA1 90ff2e96e6fbf93cdf7237bda04d0fa18f3c268b 2026-05-11
FileHash-SHA1 915deac5d1e15e49646b8a94e04e470958c9bb89 2026-05-11
FileHash-SHA1 918fa96d2d22b995d269a6d54cb4d8ede49a34d1 2026-05-11
FileHash-SHA1 925a8f8d2c6d04e0665f596aff22d863e8256f3f 2026-05-11
FileHash-SHA1 92b46c76e13054e104f230517e6e504d43ab10b5 2026-05-11
FileHash-SHA1 9b92e5f73e44382ea91cc13b115f94a548bda73c 2026-05-11
FileHash-SHA1 a377d1b1c0538833035211f4083d00fecc414dab 2026-05-11
FileHash-SHA1 a43489159a520f0d93d032ccaf37e7fe20a8b419 2026-05-11
FileHash-SHA1 a7b661ad74c77dffb44477f900c537e8a133a7d2 2026-05-11
FileHash-SHA1 a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436 2026-05-11
FileHash-SHA1 abd30d3eecf2d0ba913e208b4c3aebba79b0324c SHA1 of eacad3e01b8b0a44ac030c8c169664dbbdde90c153b550c7b4e0609573df796d 2026-05-11
FileHash-SHA1 ace3fda016617d881a0c970c250b77ef1c272cf6 2026-05-11
FileHash-SHA1 ad7e1c28b064ef8f6003402014c3d0e3370eb58a 2026-05-11
FileHash-SHA1 b1bc968bd4f49d622aa89a81f2150152a41d829c 2026-05-11
FileHash-SHA1 b719eff788239f59cec3f0ea4efab4aa5c8cfd28 2026-05-11
FileHash-SHA1 be36a4562fb2ee05dbb3d32323adf445084ed656 2026-05-11
FileHash-SHA1 c2a4515df686352e7505e49223fd4d8df9121284 2026-05-11
FileHash-SHA1 ca15fd35482d5de2286458a67368a2e01e2b6f90 2026-05-11
FileHash-SHA1 cabd2a79a1076a31f21d253635cb039d4329a5e8 2026-05-11
FileHash-SHA1 cd9cae19abb4c8faacdd3ee90352a28848b40217 2026-05-11
FileHash-SHA1 cdd4eeae6000ac7f40c3802c171e30148030c072 2026-05-11
FileHash-SHA1 cfc0a2151af9d468cf88a7a0f3c2601c40eed82e 2026-05-11
FileHash-SHA1 d1eb23a46d17d68fd92564c2f1f1601764d8e349 2026-05-11
FileHash-SHA1 d2b11f53310ad7118b6893c46ea815f9c7bf9ce2 2026-05-11
FileHash-SHA1 d37d4ff2058c8407daad0f300952c08b19197403 2026-05-11
FileHash-SHA1 d4de20d05e66fc53fe1a50882c78db2852cae474 2026-05-11
FileHash-SHA1 d559a586669b08f46a30a133f8a9ed3d038e2ea8 2026-05-11
FileHash-SHA1 d69b561148f01c77c54578c10926df5b856976ad 2026-05-11
FileHash-SHA1 d7178b029828db23a115d224dca3130b7ed9537b 2026-05-11
FileHash-SHA1 dac9024f54d8f6df94935fb1732638ca6ad77c13 2026-05-11
FileHash-SHA1 ddfb16cd4931c973a2037d3fc83a4d7d775d05e4 2026-05-11
FileHash-SHA1 de590f13ac9d7da06654924fb7ec56469a6e3b08 2026-05-11
FileHash-SHA1 deb143ccc2308a469784b5fcf404217f251f1152 2026-05-11
FileHash-SHA1 df22cf8b8c3b46c10d3d5c407561eabeb57f8181 2026-05-11
FileHash-SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4 2026-05-11
FileHash-SHA1 ef7de1bb7b8c274e3a90e98a41bf0bb3ae4f46b0 2026-05-11
FileHash-SHA1 f40042e2e5f7e8ef8189fed15519aece42c3bfa2 2026-05-11
FileHash-SHA1 fee449ee0e3965a5246f000e87fde2a065fd89d4 2026-05-11
FileHash-SHA1 aad6c4cede412b9e0618151834b1a80c608fa0a1 2026-05-11
FileHash-SHA1 574b39176f210ca091c54b5eb98054efecc92dc3 2026-05-22
FileHash-SHA1 6d81674a9a83cca2efdfe2eb94f26319a87572db 2026-05-22
FileHash-SHA1 72c5ca3a5d19ad722dcac46d8d7e882cfff581a3 2026-05-22
FileHash-SHA1 b3c3013131806b5f8098943a90017a82a695cdc8 2026-05-22
FileHash-SHA1 574b39176f210ca091c54b5eb98054efecc92dc3 2026-05-22
FileHash-SHA1 6d81674a9a83cca2efdfe2eb94f26319a87572db 2026-05-22
FileHash-SHA1 72c5ca3a5d19ad722dcac46d8d7e882cfff581a3 2026-05-22
FileHash-SHA1 b3c3013131806b5f8098943a90017a82a695cdc8 2026-05-22
FileHash-SHA1 574b39176f210ca091c54b5eb98054efecc92dc3 2026-05-22
FileHash-SHA1 6d81674a9a83cca2efdfe2eb94f26319a87572db 2026-05-22
FileHash-SHA1 72c5ca3a5d19ad722dcac46d8d7e882cfff581a3 2026-05-22
FileHash-SHA1 b3c3013131806b5f8098943a90017a82a695cdc8 2026-05-22
FileHash-SHA1 574b39176f210ca091c54b5eb98054efecc92dc3 2026-05-22
FileHash-SHA1 6d81674a9a83cca2efdfe2eb94f26319a87572db 2026-05-22
FileHash-SHA1 72c5ca3a5d19ad722dcac46d8d7e882cfff581a3 2026-05-22
FileHash-SHA1 b3c3013131806b5f8098943a90017a82a695cdc8 2026-05-22
FileHash-SHA1 915deac5d1e15e49646b8a94e04e470958c9bb89 2026-05-22
References (4)
↗ https://vtbehaviour.commondatastorage.googleapis.com/64d940ed0cdcc62ff7ff0a00c57a486580309773dbf89b94a63339ce97c2792b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778512413&Signature=e%2FOQUFCdl6mG%2FVw1jWUt7JVEvUMDGdL0qTkVuMhleZvju90tDDGBWkN70V6AEMn81ckpNectbzu%2B35Ofrit1gTXkEdOLHigu6qE%2BrT3vIC81BH65xFoYz4vAmE2UdFt21KE9Zas%2BRpTOTqbTAPwoprdoH9KmCcVRpcj2fVn7jij4cQmlFbayz%2FH4AkRMh1EAr9IyxYEcUXUj4bkLvn7%2BMHZIYqsFP65EbtVAws7CxvbFmiF9 ↗ https://vtbehaviour.commondatastorage.googleapis.com/c0df36ccf88d5c8434b13b58f7a55a9715643a126148b9d078a93075d09cad26_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778512494&Signature=IyGjHZi7N286Zz2nRVR3HMmGSVCpdy6tyAKCyI4hGwox9174JLlTx73eEIXC5CkxOw85f%2BvcX%2BiV90DJ2IENlMD5h3mvRRG8Pr63SeXvNFNEDZXEr06GYORqKum94zNlDJsyCtOO1WBS%2B6zVEo2EI%2Bwf7WDs6fF12dXKWZPlqohK7buL36UkZI0%2FKKr0se40JjqaZj%2B2GT%2F7568PBNfUT%2FXydO3FPBN0zTRQRTG72Wyxth7o%2Flc7 ↗ cddfaa769d227e9b8c7d78be3169895d SHA-1 b719eff788239f59cec3f0ea4efab4aa5c8cfd28 SHA-256 64d940ed0cdcc62ff7ff0a00c57a486580309773dbf89b94a63339ce97c2792b Vhash 94005c460c2f34db9d47d4d59c392e7ff SSDEEP 6144:/mkxHzOMbL9Ygyd7fJoHQX3ZSSZACkGSim+trsgGg:PHKM/y1dTWHOZnVk13g TLSH T1524412A4CE47D183DD63D43909A0B192DBD2B1479AC424A93AAC5BE35F01B53EE23DC7 File type PDF document pdf Magic PDF document, version 1.7 (zip deflate encoded) TrID Adobe Portable Document Format (100%) Magika PDF File size 256.84 KB (263001 byt