← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
* ghostware * CAPE Sandbox
WHITE msudosos 2026-05-23 Modified: 2026-05-23
2252
IOCs
HIGH VOLUME
[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. £2.5m.com (€3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, "fired". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe Status Certificate out of its validity period Issuer Apple Inc. Valid From 02:08 PM 04/02/2019 Valid To 02:08 PM 04/02/2024 Algorithm sha256WithRSAEncryption Thumbprint B60CA526B0B84F7FF9B9CACC70702C5C10985B2C Serial Number 6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE
tokeninstance iddaterequestversionstartcallbackindicatesend instanceid tokendefaultcnameacceptshell foldersfoldersgmt ifnonematchcape sandboxbootkitt1055t1542shutdowndefense evasionfilenameuserclasssourceadproviderpaircountnullnewtabresultchrome webfile typefile sizesha1mwdbbazaarsha3384ssdeepvirtual addressadknowledgeguardloadsbacktypeofcatchimpressionnonexmlhttprequestsignaturehzmitre attacknetwork infosigmaprogramoverviewprocesses extraoverview zenboxverdictguest systemultimate filenexthas permissiont1430 locationzenbox androidpersistenceissuer applevalid fromvalidserial numberac a3apple incstatus validthumbprintmac osx executableinfo fileinfoa9 a8
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (63 / 2252 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname URL email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 059f92aacca03ba6b2856d22cb6ff4e7 2026-05-23
FileHash-MD5 64efec9f0dd2955de50c14dacfe76f41 2026-05-23
FileHash-MD5 43e2e0eec7f9a32f628c348a8b47ff80 2026-05-23
FileHash-MD5 047c28befaa6a886e1874c3316680bb7 2026-05-23
FileHash-MD5 00ed3da49820b5af599b88bd1a14def2 2026-05-23
FileHash-MD5 06e54f5fa1f15dd558eaf403cdcacad3 2026-05-23
FileHash-MD5 5138a11848b046d2f5131487f1e8ea8f 2026-05-23
FileHash-MD5 750e2a1c3531ffdc4f759b6891244c8d 2026-05-23
FileHash-MD5 78c2a2d668d3c1896534063b52a93918 2026-05-23
FileHash-MD5 83999898c3b6951fe47deee67a9ff892 2026-05-23
FileHash-MD5 8720d7e50f21604a8ba8c4185406495a 2026-05-23
FileHash-MD5 cff9c2be5f89390331ce6fc9b55dfac2 2026-05-23
FileHash-MD5 db6d4d629a2f4d24611f78b60ead01fa 2026-05-23
FileHash-MD5 e806a8041acd945e65b227241dc3ec71 2026-05-23
FileHash-MD5 f34d5f2d4577ed6d9ceec516c1f5a744 2026-05-23
FileHash-MD5 fdc15310ba8d6d8ee412fbd7cfcb17e7 2026-05-23
FileHash-MD5 1c7f51620292d83ac5106ce5046a73bd 2026-05-23
FileHash-MD5 706ea22753f5c52c57a7883bce0a738f 2026-05-23
FileHash-MD5 dcbd39c7d69a5aebca3a2619f7a623cb 2026-05-23
FileHash-MD5 004b55a66b3a86a1ce0a0b9b69b95976 2026-05-23
FileHash-MD5 0ebe8b59e6798c3f63c2f709ab14ad74 2026-05-23
FileHash-MD5 16b50d3ef4d777c6479f6bbbf5f912f8 2026-05-23
FileHash-MD5 1713f5f860135f4cbfed41bf481bc223 2026-05-23
FileHash-MD5 2031cee7b00b30c8da194b112e0d50e4 2026-05-23
FileHash-MD5 299946fa3683431f42a5fce8c3aa6a61 2026-05-23
FileHash-MD5 3f1d1d8d87177d3d8d897d7e421f84d6 2026-05-23
FileHash-MD5 55d31c7426ee31cf52557386e344cfe4 2026-05-23
FileHash-MD5 722fd2b70f7ade2ec8f8359a80fba60a 2026-05-23
FileHash-MD5 ca0b4008091fc332501ffadf1d4748ae 2026-05-23
FileHash-MD5 f00b1dfd1f8a5753062342f8146ea230 2026-05-23
FileHash-MD5 004b55a66b3a86a1ce0a0b9b69b95976 2026-05-23
FileHash-MD5 0ebe8b59e6798c3f63c2f709ab14ad74 2026-05-23
FileHash-MD5 16b50d3ef4d777c6479f6bbbf5f912f8 2026-05-23
FileHash-MD5 1713f5f860135f4cbfed41bf481bc223 2026-05-23
FileHash-MD5 2031cee7b00b30c8da194b112e0d50e4 2026-05-23
FileHash-MD5 299946fa3683431f42a5fce8c3aa6a61 2026-05-23
FileHash-MD5 3f1d1d8d87177d3d8d897d7e421f84d6 2026-05-23
FileHash-MD5 55d31c7426ee31cf52557386e344cfe4 2026-05-23
FileHash-MD5 722fd2b70f7ade2ec8f8359a80fba60a 2026-05-23
FileHash-MD5 ca0b4008091fc332501ffadf1d4748ae 2026-05-23
FileHash-MD5 f00b1dfd1f8a5753062342f8146ea230 2026-05-23
FileHash-MD5 004b55a66b3a86a1ce0a0b9b69b95976 2026-05-23
FileHash-MD5 0ebe8b59e6798c3f63c2f709ab14ad74 2026-05-23
FileHash-MD5 16b50d3ef4d777c6479f6bbbf5f912f8 2026-05-23
FileHash-MD5 1713f5f860135f4cbfed41bf481bc223 2026-05-23
FileHash-MD5 2031cee7b00b30c8da194b112e0d50e4 2026-05-23
FileHash-MD5 299946fa3683431f42a5fce8c3aa6a61 2026-05-23
FileHash-MD5 3f1d1d8d87177d3d8d897d7e421f84d6 2026-05-23
FileHash-MD5 55d31c7426ee31cf52557386e344cfe4 2026-05-23
FileHash-MD5 722fd2b70f7ade2ec8f8359a80fba60a 2026-05-23
FileHash-MD5 ca0b4008091fc332501ffadf1d4748ae 2026-05-23
FileHash-MD5 f00b1dfd1f8a5753062342f8146ea230 2026-05-23
FileHash-MD5 004b55a66b3a86a1ce0a0b9b69b95976 2026-05-23
FileHash-MD5 0ebe8b59e6798c3f63c2f709ab14ad74 2026-05-23
FileHash-MD5 16b50d3ef4d777c6479f6bbbf5f912f8 2026-05-23
FileHash-MD5 1713f5f860135f4cbfed41bf481bc223 2026-05-23
FileHash-MD5 2031cee7b00b30c8da194b112e0d50e4 2026-05-23
FileHash-MD5 299946fa3683431f42a5fce8c3aa6a61 2026-05-23
FileHash-MD5 3f1d1d8d87177d3d8d897d7e421f84d6 2026-05-23
FileHash-MD5 55d31c7426ee31cf52557386e344cfe4 2026-05-23
FileHash-MD5 722fd2b70f7ade2ec8f8359a80fba60a 2026-05-23
FileHash-MD5 ca0b4008091fc332501ffadf1d4748ae 2026-05-23
FileHash-MD5 f00b1dfd1f8a5753062342f8146ea230 2026-05-23
References (12)
↗ https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW ↗ https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy ↗ https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW ↗ https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2 ↗ https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd ↗ https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr ↗ https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3 ↗ https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4 ↗ https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP ↗ https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX ↗ https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV ↗ https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW