Pulse Detail — Threat Intelligence

PULSE NAME

"don't save her" a continued message * CAPE Sandbox

WHITE msudosos 2026-05-22 Modified: 2026-05-22

669

IOCs

HIGH VOLUME

[sample of the Pigeonhole Sieve malware has been found in the X-Sieve R system, designed to detect and prevent the spread of malicious software, which is currently being used by Microsoft Office.] -pretext

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1018 T1036 T1070 T1082 T1083 T1543

Indicators of Compromise (30 / 669 total)

All IPv4 CIDR FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
IPv4	13.107.253.70	CC=US ASN=AS8068 microsoft corporation	2026-05-22
IPv4	104.97.45.70	CC=US ASN=AS16625 akamai technologies inc.	2026-05-22
IPv4	142.251.184.94	CC=US ASN=AS15169 google llc	2026-05-22
IPv4	154.216.19.192	CC=HK ASN=AS135357 shenzhen katherine heng technology information co. ltd.	2026-05-22
IPv4	168.61.215.74	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	185.234.177.10	CC=UA ASN=AS200000 hosting ukraine ltd	2026-05-22
IPv4	192.229.211.108	CC=US ASN=AS15133 verizon	2026-05-22
IPv4	20.109.210.53	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	20.190.190.129	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	20.190.190.130	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	20.190.190.193	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	20.190.190.196	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	20.3.187.198	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	23.209.25.78	CC=US ASN=AS16625 akamai technologies inc.	2026-05-22
IPv4	40.126.62.129	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	40.126.62.130	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	40.126.62.131	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	40.126.62.132	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	40.83.240.146	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	52.109.0.140	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	52.109.13.124	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	52.111.227.13	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	52.111.229.50	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	52.149.20.212	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	52.183.220.149	CC=US ASN=AS8075 microsoft corporation	2026-05-22
IPv4	1.3.6.1	—	2026-05-22
IPv4	11.64.1.1	—	2026-05-22
IPv4	199.232.210.172	—	2026-05-22
IPv4	199.232.214.172	—	2026-05-22
IPv4	204.79.197.203	—	2026-05-22

References (3)

↗ https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779435695&Signature=UoqeOvA3l0SmZPLGLkJ4n7oue%2FoXBTcyhLy5g1zr97R1z9EBf2vAXrsnA8mHkedBOo0cd7lQhlV4QLek1AiAP4Z%2F9XgN%2FgaAo3L%2FP0tI1NFNb5lJ9mZ4YQ5aVcF1jYBD4bluT9%2BjUQaRIkFHR4w4OIpWVuJOGdkbT7UxU%2BgyPR3o2Ij%2Fli0GfJO%2B%2B2KMpTnBE0mWDM%2BrEThJKW2Ty5flTxONg4m7toLl7%2BspvX1Q ↗ https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779435775&Signature=AkieU7eRCNrzND0lejy10HFR7OdRvNqyswrKIdggTIg6w4naejOYYwut39HnOup0%2BqQcIl4AJ6iCv7BrJuqNoIe3WuL3S3c9To36FuiNd2aOBRNZcN9gHBz7GSvTlAnmNNOt9OIZbdryCE4RnMJA4q7aOGLAd3dJzbXxC1sLLrpBBY0wTeb7cvNcLLEuJzsk9AQw8m9nZ%2BMfQJB8hWxaWNXySZkIl%2Fkufg7NdeYBFT4YXsi2gxWg0UruP%2FFYE8 ↗ https://vtbehaviour.commondatastorage.googleapis.com/0002412eddb6f812afb3e131d7e801536cb4ff8a410a6d6c6bc559fdb3546116_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779436484&Signature=Pr1pfaimFPZRbQFRLBhpICwKcQGlnx4U5y%2FQZiFEs%2BMGp9zOdmylpsondhJ%2FoJg6NIwY9%2Bk2v9SRh8rgNd2aefaWARh%2ByYvcCFEELbz7cf%2F2f128%2FN%2BsNKOuiRC2JFyN37Wq2hSLt9NYUERhB0THMCMQtw1axrtOHh9CLz3YZ%2BdO7E%2B3g1aOrD3sDAwOgmWR9n9pk%2Fj55fIyJqPDU80OB1RXmaU4XNnEIBA69dpnuj57WGWd