← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
* ghostware * CAPE Sandbox
WHITE msudosos 2026-05-23 Modified: 2026-05-23
2252
IOCs
HIGH VOLUME
[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. £2.5m.com (€3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, "fired". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe Status Certificate out of its validity period Issuer Apple Inc. Valid From 02:08 PM 04/02/2019 Valid To 02:08 PM 04/02/2024 Algorithm sha256WithRSAEncryption Thumbprint B60CA526B0B84F7FF9B9CACC70702C5C10985B2C Serial Number 6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE
tokeninstance iddaterequestversionstartcallbackindicatesend instanceid tokendefaultcnameacceptshell foldersfoldersgmt ifnonematchcape sandboxbootkitt1055t1542shutdowndefense evasionfilenameuserclasssourceadproviderpaircountnullnewtabresultchrome webfile typefile sizesha1mwdbbazaarsha3384ssdeepvirtual addressadknowledgeguardloadsbacktypeofcatchimpressionnonexmlhttprequestsignaturehzmitre attacknetwork infosigmaprogramoverviewprocesses extraoverview zenboxverdictguest systemultimate filenexthas permissiont1430 locationzenbox androidpersistenceissuer applevalid fromvalidserial numberac a3apple incstatus validthumbprintmac osx executableinfo fileinfoa9 a8
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (65 / 2252 total)
All IPv4 FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname URL email
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 989fb9ac631c41e921d541ac17ec4df6d5cc3178 2026-05-23
FileHash-SHA1 9a44ff2f2e2b727eba16dc31e4fc4936429cecc7 2026-05-23
FileHash-SHA1 da33f0088ff73d322559694df0a92b5cb949962d 2026-05-23
FileHash-SHA1 06f4acd416e7d38e29cce55fad888ae69671c917 2026-05-23
FileHash-SHA1 33e47164c7b5a8ab438b307bcb4c23c622f6be83 2026-05-23
FileHash-SHA1 10fb97f4620cf8a35815ae3ca0682a7980dd0828 2026-05-23
FileHash-SHA1 1c3588fb68433c0ddfda19534231121b57071958 2026-05-23
FileHash-SHA1 3139086354b1d4e644e2fd4b3d9ff7e6360f34ba 2026-05-23
FileHash-SHA1 5fe19958c981fdf47399611f3e0ca471144aa873 2026-05-23
FileHash-SHA1 6cfd9f5df3d69d9181fb60a5ec9846cf44b94ca4 2026-05-23
FileHash-SHA1 8e6e884a31d9cf6351d755ffd860d0c25ae9a171 2026-05-23
FileHash-SHA1 951d3dcfba60fb8ac6fd17ea592221101bae8eb6 2026-05-23
FileHash-SHA1 f80ce85e3594acbc0332df512037f7fdbb7a1d87 2026-05-23
FileHash-SHA1 22a1fb533f54163aa7a156fabf3282b9493728a3 2026-05-23
FileHash-SHA1 f8c1de5435167b962e050dab2d6e003c29be780b 2026-05-23
FileHash-SHA1 b60ca526b0b84f7ff9b9cacc70702c5c10985b2c 2026-05-23
FileHash-SHA1 611e5b662c593a08ff58d14ae22452d198df6c60 2026-05-23
FileHash-SHA1 3b166c3b7dc4b751c9fe2afab9135641e388e186 2026-05-23
FileHash-SHA1 0a5e0c020d737c4e68dc5ea767c7a4e74e3ab03c 2026-05-23
FileHash-SHA1 0e80f37c9158fb2ab94aad5f7dd8c5dcf0eb2e74 2026-05-23
FileHash-SHA1 739e7efb32340f620dbe73be3df13bb4dc023630 2026-05-23
FileHash-SHA1 a07aa7e2f298fe795b23d5bcc975ae2c273be0ca 2026-05-23
FileHash-SHA1 c18584ddd35867bb28b0be15ec23ab93ca4ad9aa 2026-05-23
FileHash-SHA1 c3484d65662cd3e2fe483229cc7fc2a467c3d22f 2026-05-23
FileHash-SHA1 dd082d742a5cb751290f1db2bd519c286aa86d95 2026-05-23
FileHash-SHA1 e2b98c594961aae731b0ccee5f9607080ec57197 2026-05-23
FileHash-SHA1 e3c23ea06c203cec8624f9faac6ed69fe69264df 2026-05-23
FileHash-SHA1 e7114f8c0b5abc1014ef0dcb6f704f51046fc679 2026-05-23
FileHash-SHA1 f2f55a99971b7f88608851fa6824a7e39c112954 2026-05-23
FileHash-SHA1 0a5e0c020d737c4e68dc5ea767c7a4e74e3ab03c 2026-05-23
FileHash-SHA1 0e80f37c9158fb2ab94aad5f7dd8c5dcf0eb2e74 2026-05-23
FileHash-SHA1 739e7efb32340f620dbe73be3df13bb4dc023630 2026-05-23
FileHash-SHA1 a07aa7e2f298fe795b23d5bcc975ae2c273be0ca 2026-05-23
FileHash-SHA1 a3b333eff1f0428f5a2c87724c542504821cdbd8 2026-05-23
FileHash-SHA1 c18584ddd35867bb28b0be15ec23ab93ca4ad9aa 2026-05-23
FileHash-SHA1 c3484d65662cd3e2fe483229cc7fc2a467c3d22f 2026-05-23
FileHash-SHA1 dd082d742a5cb751290f1db2bd519c286aa86d95 2026-05-23
FileHash-SHA1 e2b98c594961aae731b0ccee5f9607080ec57197 2026-05-23
FileHash-SHA1 e3c23ea06c203cec8624f9faac6ed69fe69264df 2026-05-23
FileHash-SHA1 e7114f8c0b5abc1014ef0dcb6f704f51046fc679 2026-05-23
FileHash-SHA1 f2f55a99971b7f88608851fa6824a7e39c112954 2026-05-23
FileHash-SHA1 0a5e0c020d737c4e68dc5ea767c7a4e74e3ab03c 2026-05-23
FileHash-SHA1 0e80f37c9158fb2ab94aad5f7dd8c5dcf0eb2e74 2026-05-23
FileHash-SHA1 739e7efb32340f620dbe73be3df13bb4dc023630 2026-05-23
FileHash-SHA1 a07aa7e2f298fe795b23d5bcc975ae2c273be0ca 2026-05-23
FileHash-SHA1 a3b333eff1f0428f5a2c87724c542504821cdbd8 2026-05-23
FileHash-SHA1 c18584ddd35867bb28b0be15ec23ab93ca4ad9aa 2026-05-23
FileHash-SHA1 c3484d65662cd3e2fe483229cc7fc2a467c3d22f 2026-05-23
FileHash-SHA1 dd082d742a5cb751290f1db2bd519c286aa86d95 2026-05-23
FileHash-SHA1 e2b98c594961aae731b0ccee5f9607080ec57197 2026-05-23
FileHash-SHA1 e3c23ea06c203cec8624f9faac6ed69fe69264df 2026-05-23
FileHash-SHA1 e7114f8c0b5abc1014ef0dcb6f704f51046fc679 2026-05-23
FileHash-SHA1 f2f55a99971b7f88608851fa6824a7e39c112954 2026-05-23
FileHash-SHA1 0a5e0c020d737c4e68dc5ea767c7a4e74e3ab03c 2026-05-23
FileHash-SHA1 0e80f37c9158fb2ab94aad5f7dd8c5dcf0eb2e74 2026-05-23
FileHash-SHA1 739e7efb32340f620dbe73be3df13bb4dc023630 2026-05-23
FileHash-SHA1 a07aa7e2f298fe795b23d5bcc975ae2c273be0ca 2026-05-23
FileHash-SHA1 a3b333eff1f0428f5a2c87724c542504821cdbd8 2026-05-23
FileHash-SHA1 c18584ddd35867bb28b0be15ec23ab93ca4ad9aa 2026-05-23
FileHash-SHA1 c3484d65662cd3e2fe483229cc7fc2a467c3d22f 2026-05-23
FileHash-SHA1 dd082d742a5cb751290f1db2bd519c286aa86d95 2026-05-23
FileHash-SHA1 e2b98c594961aae731b0ccee5f9607080ec57197 2026-05-23
FileHash-SHA1 e3c23ea06c203cec8624f9faac6ed69fe69264df 2026-05-23
FileHash-SHA1 e7114f8c0b5abc1014ef0dcb6f704f51046fc679 2026-05-23
FileHash-SHA1 f2f55a99971b7f88608851fa6824a7e39c112954 2026-05-23
References (12)
↗ https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW ↗ https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy ↗ https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW ↗ https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2 ↗ https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd ↗ https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr ↗ https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3 ↗ https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4 ↗ https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP ↗ https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX ↗ https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV ↗ https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW