← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
applespell VirusTotal Box of Apples Sandbox report
WHITE msudosos 2026-05-21 Modified: 2026-05-21
211
IOCs
HIGH VOLUME
[full report on the Visual Studio Code.app.com malware, published on 19 January, 2024 and published online by the University of South Wales (USA) in the United States.]
applespellgx installeropera gxinstallerip addressvirustotal boxapples sandboxsandbox sha256analysis datescrenshotsupdatermitre attackfile typedropped infoprocesses extraoverview zenboxlinux verdictguest systemultimate fileinfo filezip archivepersistencemaliciousnext
Indicators of Compromise (211)
All FileHash-SHA1 FileHash-SHA256 IPv4 domain hostname URL FileHash-MD5
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 16eec71a93d98426bd4f0adf6f1feee9a29311f6 2026-05-21
FileHash-SHA1 73860e57795d7b199e55275ab90eb2a8027ab7a1 2026-05-21
FileHash-SHA1 dc4c467a0fffeac78ab819a94e98576bac0c3539 2026-05-21
FileHash-SHA256 00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715 2026-05-21
IPv4 107.167.125.189 CC=US ASN=AS21837 opera software americas llc 2026-05-21
IPv4 107.167.96.38 CC=US ASN=AS21837 opera software americas llc 2026-05-21
IPv4 107.167.96.39 CC=US ASN=AS21837 opera software americas llc 2026-05-21
IPv4 17.248.200.64 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.248.200.68 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.248.200.9 CC=US ASN=AS714 apple inc. 2026-05-21
domain data.data 2026-05-21
domain kstextreplacementmodel.mom 2026-05-21
domain mdworker-bundle.sb 2026-05-21
domain tokrulele.data 2026-05-21
IPv4 104.120.129.13 2026-05-21
IPv4 104.120.129.24 2026-05-21
IPv4 104.18.38.233 2026-05-21
IPv4 151.101.3.6 2026-05-21
IPv4 17.253.7.131 2026-05-21
IPv4 17.253.7.141 2026-05-21
IPv4 172.64.149.23 2026-05-21
IPv4 184.28.165.194 2026-05-21
IPv4 23.13.145.132 2026-05-21
IPv4 23.4.43.62 2026-05-21
IPv4 67.195.204.56 2026-05-21
IPv4 8.8.4.4 2026-05-21
hostname autoupdate.geo.opera.com 2026-05-21
hostname autoupdate.opera.com 2026-05-21
hostname c.apple.news 2026-05-21
hostname cacerts.digicert.com 2026-05-21
hostname com.apple.pluginkit.pkd.sb 2026-05-21
hostname desktop-netinstaller-sub.osp.opera.software 2026-05-21
hostname gateway.icloud.com 2026-05-21
hostname na-autoupdate.opera.com 2026-05-21
hostname ocsp.comodoca.com 2026-05-21
hostname ocsp.comodoca.com.cdn.cloudflare.net 2026-05-21
hostname ocsp.usertrust.com 2026-05-21
hostname submit-trn.osp.opera.software 2026-05-21
FileHash-SHA256 1688b7d2c57898e78d0403f7e3ffefdf3ad05f80367985720aa245e61146ce62 2026-05-21
FileHash-SHA256 2fcb1ec6f1dc0ef03367de9fd33a340e2254130936baaeebca8f2b1ba2827f02 2026-05-21
FileHash-SHA256 4a8a33a0cf157579f2dfae11938aa09741d4765525fa7986bf1855910c70d2c6 2026-05-21
FileHash-SHA256 9feea680ad38445f968157136461290e303a060a0a1e4ae30b0a4a0eead4bf8c 2026-05-21
FileHash-SHA256 e47cf3d1dc024b2253db695afb725ff061048cacf694f717b4258a9d40cead4e 2026-05-21
FileHash-SHA256 f2dc2e3324b4b6d38bcd263ed5f34ed9797dd55c68985a8c0016ef977d540e22 2026-05-21
URL http://107.167.96.38 2026-05-21
domain iflyswa.com 2026-05-21
domain cirqueproductions.com 2026-05-21
FileHash-SHA256 147f1d45a48e1f0a56ed5dabfeb9dff28b1779c2ec4a6896fae0a08d89638228 2026-05-21
FileHash-SHA256 1d537ad2ca850565b8f78fc5d27591153c6e12cc959427cc6580274ab158c4ee 2026-05-21
FileHash-SHA256 21b8f30cf78c3290497173eedff407f978fc2734a0f7bb9a021c79f1d0102939 2026-05-21
FileHash-SHA256 255e6b5d0cc530a5a021c1cc4eddb4877efb4ede26af407e83fa7d795b1687ec 2026-05-21
FileHash-SHA256 333a37f9dc7ba2a315888086e8be59380dd887156ad5993d2e739f39a923a651 2026-05-21
FileHash-SHA256 36c217abcb34e64604bf8f6d6024062a63105a00406f6f2e2bd499cb22ba999a 2026-05-21
FileHash-SHA256 41c559bfa0919ca64a953a5f7e006ecbc772912012ce47db2c5ef0e8811b54a4 2026-05-21
FileHash-SHA256 76d4eb93512d59fa3441cc3b6ed47721c1aa341cc0de2ff13108e0bbcab5baee 2026-05-21
FileHash-SHA256 7b8b1962f5796ef552d345f4fec94c52e498aa533f92f78f318b8e9c90f38132 2026-05-21
FileHash-SHA256 82c7c773772e9b5abf0199c9251e763a96447a7cce6532dd240b2b7c8e99af41 2026-05-21
FileHash-SHA256 856b543f1b8b4a93e120b9100e7c0d6ab665706e14ef952f745c65b242537d48 2026-05-21
FileHash-SHA256 8eb31750a7fe0bb988d6afd8e452055d6edf92af4b100edb9eb9f674a5e00ef6 2026-05-21
FileHash-SHA256 a8f2ab253407473dc91bcbf66e6719a58347ef52e921c0f24b7993b98b28826d 2026-05-21
FileHash-SHA256 b49ab7beedec998bcff729f9e9447b83757cafd38ec3dde616ad1e5dc4613be0 2026-05-21
FileHash-SHA256 ba5e3a34a8dc3a95760663503e1b09219b5cb3282aaede6b50d702cd73877736 2026-05-21
FileHash-SHA256 c7b16ca0ee628ef2bf0acdf59691c5c515bfe6fe0aad7976834a67af7f0fa087 2026-05-21
FileHash-SHA256 cce9b0b843dc257f1f40373b2e89e0a5b797415c874e769130a2586eecdef925 2026-05-21
FileHash-SHA256 d423c6a40ef12bbb7a0e414b1c52a667e2445acac1b33cd5a489c563b84d5680 2026-05-21
FileHash-SHA256 ed4c74ea98e6571656006496080d62a900d48c3e291780e34a21457f353becdb 2026-05-21
FileHash-SHA256 fe579505c5b6289d83ffc034732680791b6a3026057d2cd6b217c3ef9cfd99e2 2026-05-21
hostname dev.api.matrix.hvac-engineering.eu 2026-05-21
hostname dev.qcpc.hvac-engineering.eu 2026-05-21
hostname dr-az.theforthnewcastle.co.uk 2026-05-21
hostname fab-preview.qa-nl-f5a-fbmvp-27748-samedayaudiologyie.az.ssdgws.co.uk 2026-05-21
domain fo88.sx 2026-05-21
hostname qa.matrix.hvac-engineering.eu 2026-05-21
domain trust-provider.cn 2026-05-21
hostname vscom.hvac-engineering.eu 2026-05-21
hostname www.admic.com 2026-05-21
hostname www.assurantclaims.com.br 2026-05-21
hostname www.hfszzn.com 2026-05-21
URL http://crl.trust-provider.cn/TrustAsiaECCCodeSigningCAG3.crl0 2026-05-21
URL https://fo88.sx/ 2026-05-21
FileHash-MD5 0d215f7b7f730f8fa3b66094fbd03897 2026-05-21
FileHash-SHA1 edb7dcf30cee22d51998d8427085cebaea7b3c24 2026-05-21
FileHash-SHA256 000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda 2026-05-21
FileHash-SHA256 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 2026-05-21
FileHash-SHA256 164f082a328739bb9db130123e4d9a4dd4cc725adbd95fb503a5e21cb413d93a 2026-05-21
FileHash-SHA256 1f11084582d0246d54542d423f4c430f6fa2c0ed216378d5601216332e068213 2026-05-21
FileHash-SHA256 28330bada7fe2d3a7d46791f703e221bcf348444c6f7065e3004f019f1545a86 2026-05-21
FileHash-SHA256 3b128892f5688463c7e48ae59f042844a61090b7625b1bd58dbcdf2ae37fa744 2026-05-21
FileHash-SHA256 5797cb68fa492bb6403c8211e0ec017a1036caab60de985ba9c9769710d7e13f 2026-05-21
FileHash-SHA256 711199755fc55ac8185e64fe03bcc07aade1d449bd30e4bf7b898436d6eb3685 2026-05-21
FileHash-SHA256 7fa9a5af5fac19ffe2fb27f9351d541f887977368513430f07e4b1acef8f8edb 2026-05-21
FileHash-SHA256 8de0aebd9b8ad20f0e425642c9657963217869536bcc101a7da6640bc956ad94 2026-05-21
FileHash-SHA256 92b8f441e0acdd360c179d1363e5060c70f7d9bb6f75b37a717fbc2dad6fb3b5 2026-05-21
FileHash-SHA256 9445c9277fff4ae4e3ae50e96e8b6e8aec10e2994933f1bdcfb079c7b28c05c8 2026-05-21
FileHash-SHA256 a8d9ea83c0d4ba9b0c6086f10720866dd376871bf8654a284188739023ba2e00 2026-05-21
FileHash-SHA256 c0c518c8cff6be2c9de735abd2773b44f36adcb75200cffaebe079842cefe5f2 2026-05-21
FileHash-SHA256 c247e90af2394e8f4d84f3c530c8d2036eebe118591399ffd25fe181cca2851d 2026-05-21
FileHash-SHA256 c33812effc74dab10e7196205c4a44db57498380ba5d160a1fc5e9bdd5113577 2026-05-21
FileHash-SHA256 c6bc9fb6561de5e44a7234489e131cec3260894a41de277a5884049e65bed5de 2026-05-21
FileHash-SHA256 ce5c7bf4656893dfdf5c5951498f5a393ca9da252e5d2860afa5bc426eb8fbf4 2026-05-21
FileHash-SHA256 e5d2dae0cba9e846dc6724fdbdf9405e386470e66224f305b2d8736395913d1f 2026-05-21
FileHash-SHA256 e6cf512271ccfaf50e7a7e75da479e7627db49c7a1d047158fad3d42bd884c0c 2026-05-21
FileHash-SHA256 f28f82576fa3801d6c9b02cda18cd663747ba057d9d73753a6549415eeaf93d7 2026-05-21
FileHash-SHA256 f90e4173bb18ccd98d00f344378c63a433de662f280e0c6c1ca295c2a4368c8c 2026-05-21
domain bloklama-gayratedin.ru 2026-05-21
hostname durex.gosacynar.site 2026-05-21
hostname farhat.bloklama-gayratedin.ru 2026-05-21
domain godgodgodtm50.ru 2026-05-21
domain gosacynar.site 2026-05-21
domain kelleligodekn1.fun 2026-05-21
domain kingtm.ru 2026-05-21
URL http://durex.gosacynar.site 2026-05-21
URL http://farhat.bloklama-gayratedin.ru 2026-05-21
URL http://kingtm.ru 2026-05-21
URL https://durex.gosacynar.site 2026-05-21
URL https://farhat.bloklama-gayratedin.ru 2026-05-21
URL https://kingtm.ru 2026-05-21
domain p.pk 2026-05-21
hostname code.app.zip 2026-05-21
FileHash-SHA256 0c8538a758dffc8a1735d8497e557458c2c372860e84ccc5daff32c121c3c8ad 2026-05-21
FileHash-SHA256 19a21b1efdd04f91c71be07626c7ff8431997aa6f451fe57c031598791b5c931 2026-05-21
FileHash-SHA256 2843555d77dacb94c520b92ac777f8e9413c3a44a3aac6f1d13cfb5a66f48fc3 2026-05-21
FileHash-SHA256 337754019bde7f9a0f38146098823ad9609178a005ef95b3fdf7a8b84d6e47ad 2026-05-21
FileHash-SHA256 60b6a3c3cc7533519b425e3e63816604a7d1a671b762fa40e82c0d019076a913 2026-05-21
FileHash-SHA256 a8a8ce30428d569263096c2b84afaef39bc719baec03cc0e844dd91d40a32098 2026-05-21
FileHash-SHA256 ac6ad774996f6fcad4a167a44d904569e4636ee8573f1829041e1095a32ef747 2026-05-21
FileHash-SHA256 b63821c029b38765aef1214b7534f9381a1fb194561e140da938acd2f8ac422a 2026-05-21
FileHash-SHA256 be5389a28e952d7ab2d9447c1bdb8eb7d11b24cb02e4b18da367715c2acfdd15 2026-05-21
URL http://crt.trust-provider.cn/TrustAsiaECCCodeSigningCAG3.crt0 2026-05-21
IPv4 104.76.210.81 CC=US ASN=AS20940 akamai international b.v. 2026-05-21
IPv4 17.188.143.125 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.188.143.126 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.188.143.157 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.188.178.2 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.188.178.226 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.188.178.34 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.188.179.2 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.188.179.34 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.248.193.20 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.248.195.71 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.248.195.73 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.36.206.8 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 17.57.144.120 CC=US ASN=AS714 apple inc. 2026-05-21
IPv4 64.78.200.1 CC=US ASN=AS42 woodynet 2026-05-21
IPv4 64.78.201.1 CC=US ASN=AS42 woodynet 2026-05-21
URL http://104.76.210.81:443 2026-05-21
URL http://107.167.125.189:443 2026-05-21
URL http://107.167.96.38:443 2026-05-21
URL http://107.167.96.39:443 2026-05-21
URL http://17.188.143.125:443 2026-05-21
URL http://17.188.143.126:443 2026-05-21
URL http://17.188.143.157:443 2026-05-21
URL http://17.188.178.226:443 2026-05-21
URL http://17.188.178.2:443 2026-05-21
URL http://17.188.178.34:443 2026-05-21
URL http://17.188.179.2:443 2026-05-21
URL http://17.188.179.34:443 2026-05-21
URL http://17.248.193.20:443 2026-05-21
URL http://17.248.195.71:443 2026-05-21
URL http://17.248.195.73:443 2026-05-21
URL http://17.36.206.8:443 2026-05-21
URL http://17.57.144.120:443 2026-05-21
URL http://17.57.144.120:5223 2026-05-21
URL http://64.78.200.1:443 2026-05-21
URL http://64.78.201.1:443 2026-05-21
hostname 7s74gwj6kxsk7mjfd2m65fvc7j6vu6sg.nv6p4mi.1.0.es364b7q7jhkrgfp5x2n36eaka.xfacahr.dns0.org 2026-05-21
hostname nhaitr5o22dy32wngajgawvxmk7yqinc.l5gkwoy.1.0.gcr7u7ji65fs5uzlvfi2hgyjxe.xu3rgbr.dns0.org 2026-05-21
hostname oyzx3uvrvufyv6tf4zgunudabbfzvm7m.s4a7rua.1.0.dyc2mgfhicfbem26nvzd4xjqty.4ebkqqy.dns0.org 2026-05-21
hostname pqmh6vtpcptol5g3a3libvd3253nfqoy.y3w77py.1.0.7mfn7x2ftoau7gzy6pesw45qfu.94yb3vv.dns0.org 2026-05-21
hostname pug2fywvl24o3zosu3jaelf27do2ujh6.gwyxfdy.1.0.652xr3qqsmbz2k5rfnyzxz7wmy.iu9427u.dns0.org 2026-05-21
hostname puzxzadrdfmv3otiaaytnfjjjbmuxa5h.k2274fi.1.0.c36jn4u3kirjy6szi43ipfchuq.4ebkqqy.dns0.org 2026-05-21
hostname rhat32v2mqqcj4zgsri6zgb2ugvyicbu.tritsrq.1.0.eazdftzh5ugcn5lnp2gsw7gcty.xfacahr.dns0.org 2026-05-21
hostname rhat32v2mqqcj4zgsri6zgb2ugvyicbu.tritsrq.1.0.es364b7q7jhkrgfp5x2n36eaka.xfacahr.dns0.org 2026-05-21
hostname rhat32v2mqqcj4zgsri6zgb2ugvyicbu.tritsrq.1.0.vqqjqm6tk4ta5ui7u22y3blrqm.xfacahr.dns0.org 2026-05-21
IPv4 17.253.5.207 2026-05-21
IPv4 17.253.5.208 2026-05-21
IPv4 17.253.82.113 2026-05-21
IPv4 17.253.82.115 2026-05-21
IPv4 17.253.82.241 2026-05-21
IPv4 17.253.82.245 2026-05-21
IPv4 17.253.83.199 2026-05-21
IPv4 17.253.83.200 2026-05-21
IPv4 23.72.90.11 2026-05-21
IPv4 23.72.90.19 2026-05-21
IPv4 23.72.90.27 2026-05-21
IPv4 23.72.90.28 2026-05-21
IPv4 23.72.90.9 2026-05-21
URL http://104.120.129.13:443 2026-05-21
URL http://104.120.129.24:443 2026-05-21
URL http://104.18.38.233:80 2026-05-21
URL http://151.101.3.6:443 2026-05-21
URL http://17.253.5.207:443 2026-05-21
URL http://17.253.5.208:443 2026-05-21
URL http://17.253.82.113:443 2026-05-21
URL http://17.253.82.115:443 2026-05-21
URL http://17.253.82.241:443 2026-05-21
URL http://17.253.82.245:443 2026-05-21
URL http://17.253.83.199:443 2026-05-21
URL http://17.253.83.200:443 2026-05-21
URL http://172.64.149.23:80 2026-05-21
URL http://184.28.165.194:80 2026-05-21
URL http://23.13.145.132:80 2026-05-21
URL http://23.4.43.62:80 2026-05-21
URL http://23.72.90.11:443 2026-05-21
URL http://23.72.90.19:443 2026-05-21
URL http://23.72.90.27:443 2026-05-21
URL http://23.72.90.28:443 2026-05-21
URL http://23.72.90.9:443 2026-05-21
URL http://67.195.204.56:443 2026-05-21
URL http://8.8.4.4:53 2026-05-21
URL http://8.8.8.8:53 2026-05-21
References (2)
↗ https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9 ↗ https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc