{ "type": "Domain", "indicator": "conduct.md", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/conduct.md", "alexa": "http://www.alexa.com/siteinfo/conduct.md", "indicator": "conduct.md", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2658673451, "indicator": "conduct.md", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 31, "pulses": [ { "id": "6a132a7a71682c83e9c17835", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-26T06:44:42.987000", "created": "2026-05-24T16:42:34.355000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1765, "URL": 1325, "hostname": 1489, "FileHash-MD5": 224, "FileHash-SHA1": 268, "IPv4": 152, "domain": 1177, "CIDR": 4, "email": 11, "IPv6": 1, "URI": 3, "CVE": 2, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6425, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13404a015fc885f5edb1c9", "name": "An error occurred: breadcrumb. IpLogger - piggy back on @skocherhan", "description": "[Find out the best IP logging tools and tools at \u00c2\u00a31.5m in the UK, Ireland, Wales, Scotland and Northern Ireland on the website+ here is the full list.]", "modified": "2026-05-24T18:15:38.213000", "created": "2026-05-24T18:15:38.213000", "tags": [ "::keywords_error_main", "sign", "url shortener", "track phone", "tracking pixel", "my ip", "ip counters", "ip generator", "internet", "best ip", "logger", "accept", "pe32", "intel", "ms windows", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "exe32", "compiler", "ltcgc", "ascii text", "redacted for", "postal code", "privacy tech", "stateprovince", "server", "registrar abuse", "registrant name", "domain id", "iana id", "admin country", "date", "key identifier", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "x509v3 subject", "x509v3 key", "delegated", "unverified", "record type", "ttl value", "homenet", "0xf82", "externalnet", "policy ip", "check domain", "tls sni", "high", "informational", "registry keys", "nothing", "mutexes nothing", "parent pid", "full path", "command line", "read files", "apis nothing", "pe file", "performs dns", "network info", "processes extra", "aslr", "sample", "t1055 process", "overview", "mitre attack", "overview zenbox", "defense evasion", "next", "generic cil", "executable", "mono", "win32 dynamic", "link library", "pe32 library", "file type", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "persistence", "info", "Expired certificate", "Drops", "Oa auth abuse [potential]" ], "references": [ "http://iplogger.org/1tnbw7%0Ahttp://gsoftclean.top/ver.txt%0Ahttp://iplogger.org/1z9A57%0Ahttp://gsoftclean.top/main.exe%0Ahttp://gsoftclean.top/aus%0Ahttp://gsoftclean.top/settings.dll%0Ahttp://iplogger.org/1nLz47%0Ahttp://iplogger.org/1z6A57%0Ahttps://iplogger.org/1z6A57%0Ahttp://iplogger.org/1PMX37%0Ahttps://iplogger.org/1nLz47", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779645922&Signature=JwLo32luwQokWOHR7lJz4dmUcLMQf18tKN2sLujlReeuplXL3B7kObdnC6EAKvj0%2FbPufiSY60CcdkPZ0L38f2ezSQ%2FpUd%2B9vwTI0sIkA%2BKOPYbhRV0zr7%2FH0rSo%2Fe1bb7p3YS9o0fzclIJ9iT6lWjLBnyAgZ4ZvwYmLkJk2x9beiNvBoWd5BPX2QLlZXDEzKgUbGKGGjHZQPfSIi3YI3zIRo16YJkaQzjxGBhhyGB4Ao8%2Fr", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646024&Signature=GY3f%2BonWSmAE2r3xAvXp%2F0FLSZV%2B761HeH7MY%2F8jak5D8A6eAtDD6dxfY3qi8RFAYc2JIbh%2BWXZHSBZkxzZskVfm5S22fwOHMoCy9ezLI3%2BUbKxsL0uv64YuKmYd8s9FPp4wHA7tAXPPEMApUtclPZEQeo1AHVK7AN9zQZqAGYGnbfQtD1Ew5Bny5yT6axRterHcQPbXI8aPUvmJjP0131Op%2FKquhhierCzlcA3JIPWrYGomlInU9wZg", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646404&Signature=RAWN3ziUE4nt7cOF13GailGKiIaXg1kyzWnV3ohWPQWImilq1jkY6T9cnu7vh%2F0SwtRBev83RCV6GntS%2BJCyx7SBzUDQfqgPb3FwbcVEKgVziqaqJnxUSRgT0fWVsRCXJCisv9WjaxDGYcpAG8VMSXObs0HpYbgKvL%2FmbwN2wmzCCwSIiyGZj72303oaIQHVyqX9LoYWhs16g1xe%2B%2BXBcJaVerKyva6h3EWLVO9dkwM0cWEidZPw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 200, "domain": 530, "hostname": 84, "FileHash-SHA256": 1090, "FileHash-MD5": 104, "Mutex": 2, "FileHash-SHA1": 97, "IPv4": 58, "email": 1, "CVE": 1 }, "indicator_count": 2167, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a1340485f49d8abce143eea", "name": "An error occurred: breadcrumb. IpLogger - piggy back on @skocherhan", "description": "[Find out the best IP logging tools and tools at \u00c2\u00a31.5m in the UK, Ireland, Wales, Scotland and Northern Ireland on the website+ here is the full list.]", "modified": "2026-05-24T18:15:36.238000", "created": "2026-05-24T18:15:36.238000", "tags": [ "::keywords_error_main", "sign", "url shortener", "track phone", "tracking pixel", "my ip", "ip counters", "ip generator", "internet", "best ip", "logger", "accept", "pe32", "intel", "ms windows", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "exe32", "compiler", "ltcgc", "ascii text", "redacted for", "postal code", "privacy tech", "stateprovince", "server", "registrar abuse", "registrant name", "domain id", "iana id", "admin country", "date", "key identifier", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "x509v3 subject", "x509v3 key", "delegated", "unverified", "record type", "ttl value", "homenet", "0xf82", "externalnet", "policy ip", "check domain", "tls sni", "high", "informational", "registry keys", "nothing", "mutexes nothing", "parent pid", "full path", "command line", "read files", "apis nothing", "pe file", "performs dns", "network info", "processes extra", "aslr", "sample", "t1055 process", "overview", "mitre attack", "overview zenbox", "defense evasion", "next", "generic cil", "executable", "mono", "win32 dynamic", "link library", "pe32 library", "file type", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "persistence", "info", "Expired certificate", "Drops", "Oa auth abuse [potential]" ], "references": [ "http://iplogger.org/1tnbw7%0Ahttp://gsoftclean.top/ver.txt%0Ahttp://iplogger.org/1z9A57%0Ahttp://gsoftclean.top/main.exe%0Ahttp://gsoftclean.top/aus%0Ahttp://gsoftclean.top/settings.dll%0Ahttp://iplogger.org/1nLz47%0Ahttp://iplogger.org/1z6A57%0Ahttps://iplogger.org/1z6A57%0Ahttp://iplogger.org/1PMX37%0Ahttps://iplogger.org/1nLz47", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779645922&Signature=JwLo32luwQokWOHR7lJz4dmUcLMQf18tKN2sLujlReeuplXL3B7kObdnC6EAKvj0%2FbPufiSY60CcdkPZ0L38f2ezSQ%2FpUd%2B9vwTI0sIkA%2BKOPYbhRV0zr7%2FH0rSo%2Fe1bb7p3YS9o0fzclIJ9iT6lWjLBnyAgZ4ZvwYmLkJk2x9beiNvBoWd5BPX2QLlZXDEzKgUbGKGGjHZQPfSIi3YI3zIRo16YJkaQzjxGBhhyGB4Ao8%2Fr", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646024&Signature=GY3f%2BonWSmAE2r3xAvXp%2F0FLSZV%2B761HeH7MY%2F8jak5D8A6eAtDD6dxfY3qi8RFAYc2JIbh%2BWXZHSBZkxzZskVfm5S22fwOHMoCy9ezLI3%2BUbKxsL0uv64YuKmYd8s9FPp4wHA7tAXPPEMApUtclPZEQeo1AHVK7AN9zQZqAGYGnbfQtD1Ew5Bny5yT6axRterHcQPbXI8aPUvmJjP0131Op%2FKquhhierCzlcA3JIPWrYGomlInU9wZg", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646404&Signature=RAWN3ziUE4nt7cOF13GailGKiIaXg1kyzWnV3ohWPQWImilq1jkY6T9cnu7vh%2F0SwtRBev83RCV6GntS%2BJCyx7SBzUDQfqgPb3FwbcVEKgVziqaqJnxUSRgT0fWVsRCXJCisv9WjaxDGYcpAG8VMSXObs0HpYbgKvL%2FmbwN2wmzCCwSIiyGZj72303oaIQHVyqX9LoYWhs16g1xe%2B%2BXBcJaVerKyva6h3EWLVO9dkwM0cWEidZPw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 200, "domain": 530, "hostname": 84, "FileHash-SHA256": 1090, "FileHash-MD5": 104, "Mutex": 2, "FileHash-SHA1": 97, "IPv4": 58, "email": 1, "CVE": 1 }, "indicator_count": 2167, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a7a34bcc860b0e44ffc", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:42:34.350000", "created": "2026-05-24T16:42:34.350000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a7762cac9a1007d9ece", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:42:31.294000", "created": "2026-05-24T16:42:31.294000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a66fa217054f3e57883", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:42:14.218000", "created": "2026-05-24T16:42:14.218000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a577896901b2c0b993b", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:41:59.005000", "created": "2026-05-24T16:41:59.005000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936ce3f3ebd4b76fee29", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T23:45:08.365000", "created": "2026-05-21T05:09:00.942000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 90, "FileHash-SHA256": 1997, "IPv4": 49, "domain": 34, "hostname": 124, "URL": 429, "URI": 1, "CIDR": 16 }, "indicator_count": 2944, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9725b323ae1350c36488", "name": "no comment", "description": "", "modified": "2026-05-21T06:52:08.577000", "created": "2026-05-21T05:24:53.947000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 366, "FileHash-SHA1": 366, "FileHash-SHA256": 5078, "IPv4": 44, "URL": 2414, "domain": 1305, "hostname": 366, "CIDR": 1, "email": 2, "Mutex": 1 }, "indicator_count": 9943, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9725823bc1d6ac78350e", "name": "no comment", "description": "", "modified": "2026-05-21T06:37:36.247000", "created": "2026-05-21T05:24:53.229000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 35, "FileHash-SHA1": 35, "FileHash-SHA256": 679, "IPv4": 15, "URL": 200, "domain": 32, "hostname": 26 }, "indicator_count": 1022, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e935a4a7df45548fe942d", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:21:46.242000", "created": "2026-05-21T05:08:42.394000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 216, "FileHash-SHA1": 122, "FileHash-SHA256": 2487, "IPv4": 19, "domain": 47, "hostname": 73, "URL": 205, "URI": 1, "email": 1 }, "indicator_count": 3171, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936aec67867b0f6d29f3", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:23.417000", "created": "2026-05-21T05:08:58.537000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9368acb77419bf65660d", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:16.005000", "created": "2026-05-21T05:08:56.934000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936b647274be6ed25227", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:13.100000", "created": "2026-05-21T05:08:59.081000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936cb4a9e6db51876ae2", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:12.402000", "created": "2026-05-21T05:09:00.401000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0dad06d8bb37ada19229bc", "name": "Credit:Q.Vashti [Exposing_Malware_in20_Linnux] - clone >post today had related items", "description": "", "modified": "2026-05-20T12:45:58.360000", "created": "2026-05-20T12:45:58.360000", "tags": [ "ipv4", "url http", "expiration", "url https", "eid1338769034", "united", "unknown ns", "present jun", "unknown cname", "name servers", "search", "servers", "showing", "ip address", "creation date", "date", "encrypt", "sha256", "submitted", "passive dns", "urls", "address", "xmpg", "malware", "span", "extgstate", "bbox", "subtypeform", "rlength", "resource", "rfit", "pattern match", "path", "code", "cobalt strike", "false", "cloud", "core", "footer", "meta", "black", "ransomware", "r980", "facebook", "discord", "stream", "form", "contact", "story", "february", "rats", "stack", "defense", "launcher", "trace", "august", "hellokitty", "twitter", "upgrade", "android", "decryptor", "green", "enterprise", "team", "small", "systemd", "service", "python", "shell", "reload", "find", "haiduc", "hybrid", "general", "suspicious", "click", "strings", "iframe", "loader", "tools", "template", "daily", "hypervisor", "capture", "stars", "download", "copy", "cobaltstrike", "install", "madcap", "protect", "shift", "beyond", "leverage", "agent", "info", "xmrig", "attack", "demonbot", "multi", "live", "grep", "pass", "ri falsek", "process", "xobject", "format", "june", "crypto", "close", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "apis", "found" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [], "TLP": "green", "cloned_from": "684690d6dc730b0842d341a7", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 48, "FileHash-SHA256": 67, "domain": 173, "hostname": 110, "URL": 429, "email": 10 }, "indicator_count": 876, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0dacb22ae45efab0266fc2", "name": "Credit:Q.Vashti [Exposing_Malware_in20_Linnux] - clone >post today had related items", "description": "", "modified": "2026-05-20T12:44:34.775000", "created": "2026-05-20T12:44:34.775000", "tags": [ "ipv4", "url http", "expiration", "url https", "eid1338769034", "united", "unknown ns", "present jun", "unknown cname", "name servers", "search", "servers", "showing", "ip address", "creation date", "date", "encrypt", "sha256", "submitted", "passive dns", "urls", "address", "xmpg", "malware", "span", "extgstate", "bbox", "subtypeform", "rlength", "resource", "rfit", "pattern match", "path", "code", "cobalt strike", "false", "cloud", "core", "footer", "meta", "black", "ransomware", "r980", "facebook", "discord", "stream", "form", "contact", "story", "february", "rats", "stack", "defense", "launcher", "trace", "august", "hellokitty", "twitter", "upgrade", "android", "decryptor", "green", "enterprise", "team", "small", "systemd", "service", "python", "shell", "reload", "find", "haiduc", "hybrid", "general", "suspicious", "click", "strings", "iframe", "loader", "tools", "template", "daily", "hypervisor", "capture", "stars", "download", "copy", "cobaltstrike", "install", "madcap", "protect", "shift", "beyond", "leverage", "agent", "info", "xmrig", "attack", "demonbot", "multi", "live", "grep", "pass", "ri falsek", "process", "xobject", "format", "june", "crypto", "close", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "apis", "found" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [], "TLP": "green", "cloned_from": "684690d6dc730b0842d341a7", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 48, "FileHash-SHA256": 67, "domain": 173, "hostname": 110, "URL": 429, "email": 10 }, "indicator_count": 876, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0dacb2971f3103a0dddbcc", "name": "Credit:Q.Vashti [Exposing_Malware_in20_Linnux] - clone >post today had related items", "description": "", "modified": "2026-05-20T12:44:34.547000", "created": "2026-05-20T12:44:34.547000", "tags": [ "ipv4", "url http", "expiration", "url https", "eid1338769034", "united", "unknown ns", "present jun", "unknown cname", "name servers", "search", "servers", "showing", "ip address", "creation date", "date", "encrypt", "sha256", "submitted", "passive dns", "urls", "address", "xmpg", "malware", "span", "extgstate", "bbox", "subtypeform", "rlength", "resource", "rfit", "pattern match", "path", "code", "cobalt strike", "false", "cloud", "core", "footer", "meta", "black", "ransomware", "r980", "facebook", "discord", "stream", "form", "contact", "story", "february", "rats", "stack", "defense", "launcher", "trace", "august", "hellokitty", "twitter", "upgrade", "android", "decryptor", "green", "enterprise", "team", "small", "systemd", "service", "python", "shell", "reload", "find", "haiduc", "hybrid", "general", "suspicious", "click", "strings", "iframe", "loader", "tools", "template", "daily", "hypervisor", "capture", "stars", "download", "copy", "cobaltstrike", "install", "madcap", "protect", "shift", "beyond", "leverage", "agent", "info", "xmrig", "attack", "demonbot", "multi", "live", "grep", "pass", "ri falsek", "process", "xobject", "format", "june", "crypto", "close", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "apis", "found" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [], "TLP": "green", "cloned_from": "684690d6dc730b0842d341a7", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 48, "FileHash-SHA256": 67, "domain": 173, "hostname": 110, "URL": 429, "email": 10 }, "indicator_count": 876, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4442a0b5217c34bbcbd2d", "name": "VirusTotal report\n for install.sh", "description": "", "modified": "2026-05-06T23:07:30.047000", "created": "2026-04-06T23:39:22.105000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 43, "FileHash-SHA1": 45, "FileHash-SHA256": 1421, "URL": 261, "hostname": 73, "domain": 235, "email": 1 }, "indicator_count": 2079, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d44428ad43f231ff43e175", "name": "VirusTotal report\n for install.sh", "description": "", "modified": "2026-05-06T23:07:30.047000", "created": "2026-04-06T23:39:20.767000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 43, "FileHash-SHA1": 45, "FileHash-SHA256": 1421, "URL": 261, "hostname": 73, "domain": 235, "email": 1 }, "indicator_count": 2079, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b097820c1d5791c2e6db33", "name": "CAPE Sandbox - Evil MALWARE", "description": "", "modified": "2026-04-09T22:03:39.319000", "created": "2026-03-10T22:13:22.655000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 109, "FileHash-MD5": 284, "FileHash-SHA1": 299, "FileHash-SHA256": 242, "domain": 16, "email": 2, "hostname": 61 }, "indicator_count": 1013, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "51 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d43faf7160e03036338663", "name": "VirusTotal report\n for hr100xfiles.zip", "description": "The full text of the full set of files compiled by Microsoft, Microsoft and other companies, as well as their own, has been published on the Microsoft website, and here is the complete list:", "modified": "2026-04-06T23:20:15.603000", "created": "2026-04-06T23:20:15.603000", "tags": [ "file type", "php script", "ascii text", "ascii", "html document", "json", "unicode text", "utf8 text", "creates", "mitre attack", "window", "info", "next", "sgml document", "web open", "toggle", "xd0tb xd0tb", "xc7exfc xc7exfc", "x85xc0u x85xc0u", "x85xc0t x85xc0t", "x8bxe5", "xc7a xc7a", "xc7exf8 xc7exf8", "x85xc0 x85xc0", "xc7exf0 xc7exf0", "dynamicloader", "first", "path", "enterprise", "service", "close" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW", "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 30, "FileHash-SHA256": 1018, "domain": 6, "URL": 23, "hostname": 2 }, "indicator_count": 1112, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d43fae5b7c4b40e3c63fb2", "name": "VirusTotal report\n for hr100xfiles.zip", "description": "The full text of the full set of files compiled by Microsoft, Microsoft and other companies, as well as their own, has been published on the Microsoft website, and here is the complete list:", "modified": "2026-04-06T23:20:14.130000", "created": "2026-04-06T23:20:14.130000", "tags": [ "file type", "php script", "ascii text", "ascii", "html document", "json", "unicode text", "utf8 text", "creates", "mitre attack", "window", "info", "next", "sgml document", "web open", "toggle", "xd0tb xd0tb", "xc7exfc xc7exfc", "x85xc0u x85xc0u", "x85xc0t x85xc0t", "x8bxe5", "xc7a xc7a", "xc7exf8 xc7exf8", "x85xc0 x85xc0", "xc7exf0 xc7exf0", "dynamicloader", "first", "path", "enterprise", "service", "close" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW", "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 30, "FileHash-SHA256": 1018, "domain": 6, "URL": 23, "hostname": 2 }, "indicator_count": 1112, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68396d9ae8b96e90ff1848d5", "name": "AcK-U // unenriched - 05.30.25", "description": "Just a quick check", "modified": "2025-07-23T20:11:01.749000", "created": "2025-05-30T08:34:34.215000", "tags": [ "amazon02", "cloudflarenet", "amazonaes", "fastly", "github", "google", "facebook", "namecheapnet", "service", "cdck", "level3", "cloud", "com laude", "ltd dba", "namecheap inc", "gandi sas", "gmbh", "cloudflare", "namecheap", "registrarsafe", "ascio", "tucows", "spaceship", "please", "javascript", "iocs", "threat", "malware unread", "collection", "crowdsourced", "acku new", "share", "updated", "first ioc", "seen", "premium", "entity" ], "references": [ "https://www.virustotal.com/gui/collection/e03439bc07bcb1908764755571e127ec051193d4cc24cf842ec3179557f533cb/iocs", "https://www.virustotal.com/graph/embed/g36d8fc13d786418ab1d0a75cc331f0eb5bca28d4a4fe4666a84f23e25fb6600b?theme=dark", "https://www.virustotal.com/gui/collection/e03439bc07bcb1908764755571e127ec051193d4cc24cf842ec3179557f533cb/summary", "https://report.netcraft.com/submission/iduhE4oNTsMOSAeOeBjzZdIfCLtefF3P - 07.23.25 - see notes on references*" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 91, "domain": 204, "hostname": 192, "URL": 731, "FileHash-SHA256": 27, "email": 1 }, "indicator_count": 1246, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "311 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "684690d6dc730b0842d341a7", "name": "Exposing_Malware_in20Linux-Based_Multi-Cloud_Environments_R1Final.pdf", "description": "Falcon Sandbox: \nRansomware/Banking\nDetected indicator that file is ransomware\ndetails\n\"5 | Exposing Malware in Linux-Based Multi-Cloud Environments Ransomware and cryptominers Ransomware The impact of a ransomware attack can range from being a nuisance (e.g., having to restore data from backups and clean up the network) to being devastating (e.g., having to pay large sums of money to regain access to key assets). Unfortunately, when talking about cloud environments, the results tend to be more on the devastating side. Recently, cybercriminals have started calculating the damage they might cause to the valuation of a company going through a financial event to make the potential impact of their attack clear and incentivize ransom payments.5 At the same time, they\\x2122ve been honing their tactics with increasingly sophisticated techniques to target victim organizations\u2026more: https://www.hybrid-analysis.com/sample/92c1ca86f4d025e72acb94ae3cbdd3c6435aaa1b5e3fc3dcb06f8501b5dd3bb7/62e7fdd19a99ce4fa32e6d64", "modified": "2025-07-09T07:03:10.726000", "created": "2025-06-09T07:44:22.507000", "tags": [ "ipv4", "url http", "expiration", "url https", "eid1338769034", "united", "unknown ns", "present jun", "unknown cname", "name servers", "search", "servers", "showing", "ip address", "creation date", "date", "encrypt", "sha256", "submitted", "passive dns", "urls", "address", "xmpg", "malware", "span", "extgstate", "bbox", "subtypeform", "rlength", "resource", "rfit", "pattern match", "path", "code", "cobalt strike", "false", "cloud", "core", "footer", "meta", "black", "ransomware", "r980", "facebook", "discord", "stream", "form", "contact", "story", "february", "rats", "stack", "defense", "launcher", "trace", "august", "hellokitty", "twitter", "upgrade", "android", "decryptor", "green", "enterprise", "team", "small", "systemd", "service", "python", "shell", "reload", "find", "haiduc", "hybrid", "general", "suspicious", "click", "strings", "iframe", "loader", "tools", "template", "daily", "hypervisor", "capture", "stars", "download", "copy", "cobaltstrike", "install", "madcap", "protect", "shift", "beyond", "leverage", "agent", "info", "xmrig", "attack", "demonbot", "multi", "live", "grep", "pass", "ri falsek", "process", "xobject", "format", "june", "crypto", "close", "learn", "ck id", "name tactics", "informative", "adversaries", "command", "defense evasion", "apis", "found" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1489", "name": "Service Stop", "display_name": "T1489 - Service Stop" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1530", "name": "Data from Cloud Storage Object", "display_name": "T1530 - Data from Cloud Storage Object" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 48, "FileHash-SHA256": 67, "domain": 173, "hostname": 110, "URL": 429, "email": 10 }, "indicator_count": 876, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "326 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66f235b9a7a94a6a61acd651", "name": "n0paste - Show paste: \\\"No Problems\\\" - dos meses del URLscan", "description": "This pulse represents a 'scattered sample' of data extracted from 'submissions of interest' made to virustotal, filescan_itsec, HybridAnalysis, anyrun_app, DynamiteLab, and triage (over a period of two months) which were submitted to urlscanio & subsequently GreyNoiseIO (which I've come across both from live samples and also those from offlined data). I don't particularly anticipate this will correlate w. anything specific - but at least will be put in one more place for further analysis & increased visibility.", "modified": "2025-03-07T08:38:08.584000", "created": "2024-09-24T03:44:57.902000", "tags": [ "geoip", "public url", "as16509", "amazon02", "as20940", "akamaiasn1", "as8075", "as15169", "google", "akamaias", "facebook", "telecom", "twitter", "media", "win64", "level3", "mini", "ukraine", "proton", "ghost", "win32", "cuba", "mexico", "indonesia", "seznam", "as3359", "as852" ], "references": [ "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1", "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://n0paste.eu/UH6n5pD/" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Anguilla", "Poland", "Aruba", "Australia", "Barbados", "Costa Rica", "Guatemala", "Philippines", "Panama", "Sint Maarten (Dutch part)", "Saint Martin (French part)", "Cayman Islands", "Cura\u00e7ao", "Mexico", "Saint Vincent and the Grenadines", "Saint Kitts and Nevis", "Tanzania, United Republic of", "Netherlands", "Ukraine", "Trinidad and Tobago", "Japan", "Bahamas", "United Kingdom of Great Britain and Northern Ireland", "Georgia" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Technology", "Government", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 29, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1, "CIDR": 1186, "CVE": 4, "FileHash-MD5": 29, "FileHash-SHA1": 3, "URL": 25493, "domain": 5396, "email": 10, "hostname": 10770 }, "indicator_count": 42892, "is_author": false, "is_subscribing": null, "subscriber_count": 149, "modified_text": "450 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67127cfd194972b2b7a01965", "name": "Discord", "description": "Discord W11 Sample Device\nC:\\ProgramData*\\Discord", "modified": "2024-11-17T15:01:49.122000", "created": "2024-10-18T15:21:33.350000", "tags": [ "Discord" ], "references": [ "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/community", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/iocs", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/summary", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/graph" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 80, "FileHash-SHA256": 357, "URL": 472, "domain": 413, "hostname": 153 }, "indicator_count": 1555, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "559 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "652e35b4659a1cac6a6cc7a5", "name": "MinIO Storage System Exploited", "description": "", "modified": "2023-11-16T07:01:26.974000", "created": "2023-10-17T07:20:20.982000", "tags": [ "evil minio", "cve202328434", "this line", "xhandler", "global backdoor", "normal", "minio", "sign", "search", "github", "strong", "code issues", "pull", "verifyhandler", "advisory", "miniominio", "star", "critical", "patched", "impact", "date", "footer", "linuxmacos", "handler", "object storage", "security joes", "minio instance", "python", "linux", "remote desktop", "figure", "python script", "storage", "china chopper", "service", "evil", "webshell", "execution", "ruby", "icmp", "prometheus" ], "references": [ "September 05th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3175 - MinIO Storage System Exploited.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1100", "name": "Web Shell", "display_name": "T1100 - Web Shell" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1136", "name": "Create Account", "display_name": "T1136 - Create Account" }, { "id": "T1190", "name": "Exploit Public-Facing Application", "display_name": "T1190 - Exploit Public-Facing Application" }, { "id": "T1499", "name": "Endpoint Denial of Service", "display_name": "T1499 - Endpoint Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA1": 7, "domain": 7, "hostname": 2, "email": 1, "FileHash-MD5": 4, "FileHash-SHA256": 12 }, "indicator_count": 35, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "927 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64ffc7f2521362ddc3bd798d", "name": "Phishing wave targets Facebook business accounts", "description": "A round-up of security tips and links from the news in the tech world, as well as the latest updates for Microsoft, Google, MGM Resorts, Facebook, Microsoft and other companies.", "modified": "2023-09-12T02:07:46.513000", "created": "2023-09-12T02:07:46.513000", "tags": [ "guardio labs", "facebook", "messenger", "telegram", "guardio", "rarzip archive", "github", "zip archive", "discord bot", "scale", "april", "linux", "cyber security news", "cyber news", "cyber security news today", "cyber security updates", "cyber updates", "hacker news", "hacking news", "software vulnerability", "cyber attacks", "data breach", "ransomware malware", "how to hack", "network security", "information security", "the hacker news", "computer security", "vietnam", "withsecure", "oleg zaytsev", "mrtonyscam", "cmd file", "discord api", "indonesia", "twitter", "duckport", "userprofile", "appdata", "import", "user data", "temp", "zippath", "dropper", "dark", "attack", "small", "python", "mozilla", "stats", "license", "malverposting", "zip file", "end point", "seagate", "over", "facebook ads", "fuel", "campaign11 min", "meta", "stealer", "loader", "gap malverposting" ], "references": [ "https://www.bleepingcomputer.com/news/security/facebook-messenger-phishing-wave-targets-100k-business-accounts-per-week/", "https://thehackernews.com/2023/09/vietnamese-hackers-deploy-python-based.html", "https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d", "https://github.com/facebook/malware-detection/tree/main/indicators", "https://labs.guard.io/malverposting-with-over-500k-estimated-infections-facebook-ads-fuel-this-evolving-stealer-54b03d24b349" ], "public": 1, "adversary": "Gap Malverposting", "targeted_countries": [ "Australia", "Japan", "Viet Nam", "United States of America", "Canada", "France", "Germany", "Indonesia", "Nepal", "Spain", "Philippines" ], "malware_families": [ { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "Duckport", "display_name": "Duckport", "target": null } ], "attack_ids": [ { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1124", "name": "System Time Discovery", "display_name": "T1124 - System Time Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 41, "FileHash-SHA1": 41, "FileHash-SHA256": 133, "domain": 59, "hostname": 7 }, "indicator_count": 281, "is_author": false, "is_subscribing": null, "subscriber_count": 501, "modified_text": "992 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "629a4f79c41f8ed509fb02bd", "name": "CYB 303-Final", "description": "HI DAN!!!", "modified": "2022-06-03T18:14:17.636000", "created": "2022-06-03T18:14:17.636000", "tags": [ "mirai", "forks", "yara", "iocs", "tools ioc", "openioc", "compromise", "awesome iocs", "yara signatures", "formats iocs", "code", "purposes", "malware", "trojan" ], "references": [ "https://github.com/sroberts/awesome-iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Forks", "display_name": "Forks", "target": null }, { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bman2100", "id": "188508", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 4, "URL": 31, "hostname": 4 }, "indicator_count": 39, "is_author": false, "is_subscribing": null, "subscriber_count": 34, "modified_text": "1457 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "61eecf2493a0a21363baa565", "name": "wordpress iOS 3rd party acknowledgment file yet running as generic blog No extras", "description": "I dont have or use mozilla!!! \nJust 1 iPhone with the wordpress app using wordpress.com blog. No Domain, Nothing installed all default. NO use if gestures or any accessibility. NO features. NO Fu.king FACEBOOK Account!!!", "modified": "2022-01-24T16:09:08.461000", "created": "2022-01-24T16:09:08.461000", "tags": [ "foundation", "alamofire", "afnetworking", "jon shier", "kevin", "http networking", "os x", "oauth", "code", "conduct", "noon", "protect", "swift", "copyright", "general public", "license version", "june", "free software", "franklin street", "fifth floor", "boston", "ma 021101301", "vicent mart", "public software", "group", "berlin", "germany", "commonmark spec", "john macfarlane", "commons ccbysa", "software", "mattt thompson", "gnomovision", "absolutely no", "warranty", "license", "form", "source code", "version", "contributor", "public license", "kanvas mozilla", "definitions", "contributions", "automattic", "permission", "work", "licensor", "source form", "source", "object form", "legal entity", "contribution", "mit license", "program", "gnu general", "terms and", "conditions how", "april", "vice", "facebook", "january", "dalton cherry", "terms", "conditions for", "reproduction", "paul williamson", "isc license", "frank denis", "mozilla public", "code form", "license notice", "license file", "licenses notice", "section", "larger work", "date", "libreplanet", "march", "join", "compliance lab", "bulletin", "share", "new year", "find", "the program", "sections", "charge", "general", "zendesk", "created", "zendesk mobile", "zendesk master", "api license", "agreement https", "mobile sdk", "as is", "fitness", "a particular", "warranties of", "in no", "event shall", "whether in", "august", "1.11. \u00e2\u20ac\u0153Patent Claims\u00e2\u20ac\u009d of a Contributor means any patent clai", "Starscream Apache License ", "SVProgressHUD MIT License Copyright (c) 2011-2018 Sam Vermette", "You may add additional accurate notices of copyright ownership. ", "CropViewController The MIT License (MIT) Copyright (c) 2015-20" ], "references": [ "http://fsf.org/ - Storing Bitcoin Address??? via licence file", "1.11. \u00e2\u20ac\u0153Patent Claims\u00e2\u20ac\u009d of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. \u00e2\u20ac\u0153Secondary License\u00e2\u20ac\u009d means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Ve", "WordPress-Editor-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the", "WordPress-Aztec-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the ", "Starscream Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ Copyright (c) 2014-2016 Dalton Cherry. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION Definitions", "Sodium ISC License Copyright (c) 2014-2020, Frank Denis Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.", "Sentry The MIT License (MIT) Copyright (c) 2015 Sentry Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright ", "Reachability Copyright (c) 2011, Tony Million. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials p", "RNScreens The MIT License (MIT) Copyright (c) 2018 Krzysztof Magiera Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The ab", "RNSVG The MIT License (MIT) Copyright (c) [2015-2016] [Horcrux] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "RNReanimated The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "RNGestureHandler The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "RNCClipboard MIT License Copyright (c) 2015-present, Facebook, Inc.", "RCT-Folly Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION", "NSURL+IDN Copyright (c) 2009-2013 Automattic, http://automattic.com Permission is hereby granted, free of charge,", "NSObject-SafeExpectations Copyright (c) 2013 Jorge Bernal", "MRProgress The MIT License (MIT) Copyright (c) 2013 Marius Rackwitz", "You may add additional accurate notices of copyright ownership. Exhibit B - \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d Notice This Source Code Form is \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d, as defined by the Mozilla Public License, v. 2.0.", "2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: for any code that a Contributor has removed from Covered Software; or for infringements caused by: (i) Your and any other third party\u00e2\u20ac\u2122s modifications of Covered Software, or (ii) ", "Kanvas Mozilla Public License Version 2.0 Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor\u00e2\u20ac\u2122s Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the initial Contrib", "Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands show w' and show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than show w' and show c'; they could even be mouse-clicks or menu items--whatever suits your", "Gutenberg GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "Gridicons The GNU General Public License, Version 2, June 1991 (GPLv2) Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and cha", "Gifu The MIT License (MIT) Copyright (c) 2014-2018 Reda Lemeden.", "GTMSessionFetcher Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION", "FormatterKit Copyright (c) 2011\u00e2\u20ac\u201c2019 Mattt Thompson (http://mattt.me/) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "FSInteractiveMap Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "FBReactNativeSpec GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "The normalization code in runtests.py was derived from the markdowntest project, Copyright 2013 Karl Dubost: The MIT License (MIT) Copyright (c) 2013 Karl Dubost", "The test software in test/ is Copyright (c) 2014, John MacFarlane All rights reserved.", "The CommonMark spec (test/spec.txt) is Copyright (C) 2014-15 John MacFarlane Released under the Creative Commons CC-BY-SA 4.0 license: http://creativecommons.org/licenses/by-sa/4.0/.", "utf8.c and utf8.c are derived from utf8proc (http://www.public-software-group.org/utf8proc), (C) 2009 Public Software Group e. V., Berlin, Germany.", "buffer.h, buffer.c, chunk.h are derived from code (C) 2012 Github, Inc.", "houdini.h, houdini_href_e.c, houdini_html_e.c, houdini_html_u.c, html_unescape.gperf, html_unescape.h derive from https://github.com/vmg/houdini (with some modifications) Copyright (C) 2012 Vicent Mart\u00c3\u00ad", "cmark Copyright (c) 2014, John MacFarlane All rights reserved", "Down The MIT License (MIT) Copyright (c) 2016 Rob Phillips.", "DoubleConversion Copyright 2006-2011, the V8 project authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation a", "CocoaLumberjack BSD 3-Clause License Copyright (c) 2010-2021, Deusty, LLC All rights reserved.", "Copyright 2016 Daniel Cohen Gindi & Philipp Jahoda", "Charts Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "BVLinearGradient MIT License Copyright (c) 2016 React Native Community", "Automattic-Tracks-iOS GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., http://fsf.org/ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble T", "AppAuth Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "AlamofireNetworkActivityIndicator Copyright (c) 2016 Alamofire Software Foundation (http://alamofire.org/)", "AlamofireImage Copyright (c) 2015-2018 Alamofire Software Foundation (http://alamofire.org/)", "http://alamofire.org/", "AMScrollingNavbar The MIT License (MIT) Copyright (c) 2013 Andrea Mazzini" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 6, "URL": 32, "FileHash-SHA256": 67, "domain": 11, "email": 2, "BitcoinAddress": 1 }, "indicator_count": 119, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1587 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779645922&Signature=JwLo32luwQokWOHR7lJz4dmUcLMQf18tKN2sLujlReeuplXL3B7kObdnC6EAKvj0%2FbPufiSY60CcdkPZ0L38f2ezSQ%2FpUd%2B9vwTI0sIkA%2BKOPYbhRV0zr7%2FH0rSo%2Fe1bb7p3YS9o0fzclIJ9iT6lWjLBnyAgZ4ZvwYmLkJk2x9beiNvBoWd5BPX2QLlZXDEzKgUbGKGGjHZQPfSIi3YI3zIRo16YJkaQzjxGBhhyGB4Ao8%2Fr", "Gifu The MIT License (MIT) Copyright (c) 2014-2018 Reda Lemeden.", "buffer.h, buffer.c, chunk.h are derived from code (C) 2012 Github, Inc.", "AMScrollingNavbar The MIT License (MIT) Copyright (c) 2013 Andrea Mazzini", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "Starscream Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ Copyright (c) 2014-2016 Dalton Cherry. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION Definitions", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "http://alamofire.org/", "https://n0paste.eu/UH6n5pD/", "The normalization code in runtests.py was derived from the markdowntest project, Copyright 2013 Karl Dubost: The MIT License (MIT) Copyright (c) 2013 Karl Dubost", "AlamofireImage Copyright (c) 2015-2018 Alamofire Software Foundation (http://alamofire.org/)", "RNCClipboard MIT License Copyright (c) 2015-present, Facebook, Inc.", "https://github.com/sroberts/awesome-iocs", "http://iplogger.org/1tnbw7%0Ahttp://gsoftclean.top/ver.txt%0Ahttp://iplogger.org/1z9A57%0Ahttp://gsoftclean.top/main.exe%0Ahttp://gsoftclean.top/aus%0Ahttp://gsoftclean.top/settings.dll%0Ahttp://iplogger.org/1nLz47%0Ahttp://iplogger.org/1z6A57%0Ahttps://iplogger.org/1z6A57%0Ahttp://iplogger.org/1PMX37%0Ahttps://iplogger.org/1nLz47", "https://report.netcraft.com/submission/iduhE4oNTsMOSAeOeBjzZdIfCLtefF3P - 07.23.25 - see notes on references*", "You may add additional accurate notices of copyright ownership. Exhibit B - \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d Notice This Source Code Form is \u00e2\u20ac\u0153Incompatible With Secondary Licenses\u00e2\u20ac\u009d, as defined by the Mozilla Public License, v. 2.0.", "FormatterKit Copyright (c) 2011\u00e2\u20ac\u201c2019 Mattt Thompson (http://mattt.me/) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "September 05th, 2023 - CryptoGen Cyber Threat Intelligence Advisory #3175 - MinIO Storage System Exploited.pdf", "Copyright 2016 Daniel Cohen Gindi & Philipp Jahoda", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "NSObject-SafeExpectations Copyright (c) 2013 Jorge Bernal", "https://labs.guard.io/mrtonyscam-botnet-of-facebook-users-launch-high-intent-messenger-phishing-attack-on-business-3182cfb12f4d", "Down The MIT License (MIT) Copyright (c) 2016 Rob Phillips.", "houdini.h, houdini_href_e.c, houdini_html_e.c, houdini_html_u.c, html_unescape.gperf, html_unescape.h derive from https://github.com/vmg/houdini (with some modifications) Copyright (C) 2012 Vicent Mart\u00c3\u00ad", "CocoaLumberjack BSD 3-Clause License Copyright (c) 2010-2021, Deusty, LLC All rights reserved.", "https://www.bleepingcomputer.com/news/security/facebook-messenger-phishing-wave-targets-100k-business-accounts-per-week/", "DoubleConversion Copyright 2006-2011, the V8 project authors. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation a", "Charts Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k", "https://labs.guard.io/malverposting-with-over-500k-estimated-infections-facebook-ads-fuel-this-evolving-stealer-54b03d24b349", "WordPress-Editor-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646024&Signature=GY3f%2BonWSmAE2r3xAvXp%2F0FLSZV%2B761HeH7MY%2F8jak5D8A6eAtDD6dxfY3qi8RFAYc2JIbh%2BWXZHSBZkxzZskVfm5S22fwOHMoCy9ezLI3%2BUbKxsL0uv64YuKmYd8s9FPp4wHA7tAXPPEMApUtclPZEQeo1AHVK7AN9zQZqAGYGnbfQtD1Ew5Bny5yT6axRterHcQPbXI8aPUvmJjP0131Op%2FKquhhierCzlcA3JIPWrYGomlInU9wZg", "GTMSessionFetcher Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION", "utf8.c and utf8.c are derived from utf8proc (http://www.public-software-group.org/utf8proc), (C) 2009 Public Software Group e. V., Berlin, Germany.", "RNSVG The MIT License (MIT) Copyright (c) [2015-2016] [Horcrux] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:", "Sodium ISC License Copyright (c) 2014-2020, Frank Denis Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.", "http://fsf.org/ - Storing Bitcoin Address??? via licence file", "WordPress-Aztec-iOS Mozilla Public License Version 2.0 1. Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor's Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the ", "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/iocs", "Sentry The MIT License (MIT) Copyright (c) 2015 Sentry Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright ", "Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands show w' and show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than show w' and show c'; they could even be mouse-clicks or menu items--whatever suits your", "https://www.virustotal.com/gui/collection/e03439bc07bcb1908764755571e127ec051193d4cc24cf842ec3179557f533cb/summary", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/summary", "Gutenberg GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/graph", "https://www.virustotal.com/graph/embed/g36d8fc13d786418ab1d0a75cc331f0eb5bca28d4a4fe4666a84f23e25fb6600b?theme=dark", "1.11. \u00e2\u20ac\u0153Patent Claims\u00e2\u20ac\u009d of a Contributor means any patent claim(s), including without limitation, method, process, and apparatus claims, in any patent Licensable by such Contributor that would be infringed, but for the grant of the License, by the making, using, selling, offering for sale, having made, import, or transfer of either its Contributions or its Contributor Version. 1.12. \u00e2\u20ac\u0153Secondary License\u00e2\u20ac\u009d means either the GNU General Public License, Version 2.0, the GNU Lesser General Public License, Ve", "FSInteractiveMap Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "FBReactNativeSpec GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA", "RNScreens The MIT License (MIT) Copyright (c) 2018 Krzysztof Magiera Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The ab", "RCT-Folly Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION", "Gridicons The GNU General Public License, Version 2, June 1991 (GPLv2) Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and cha", "2.3. Limitations on Grant Scope The licenses granted in this Section 2 are the only rights granted under this License. No additional rights or licenses will be implied from the distribution or licensing of Covered Software under this License. Notwithstanding Section 2.1(b) above, no patent license is granted by a Contributor: for any code that a Contributor has removed from Covered Software; or for infringements caused by: (i) Your and any other third party\u00e2\u20ac\u2122s modifications of Covered Software, or (ii) ", "https://mwdb.cert.pl/file/efb45096e24a61b488eb809bd8edf874d15bb498dd75ced8b888b020c87e5c6c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "NSURL+IDN Copyright (c) 2009-2013 Automattic, http://automattic.com Permission is hereby granted, free of charge,", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646404&Signature=RAWN3ziUE4nt7cOF13GailGKiIaXg1kyzWnV3ohWPQWImilq1jkY6T9cnu7vh%2F0SwtRBev83RCV6GntS%2BJCyx7SBzUDQfqgPb3FwbcVEKgVziqaqJnxUSRgT0fWVsRCXJCisv9WjaxDGYcpAG8VMSXObs0HpYbgKvL%2FmbwN2wmzCCwSIiyGZj72303oaIQHVyqX9LoYWhs16g1xe%2B%2BXBcJaVerKyva6h3EWLVO9dkwM0cWEidZPw", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "The CommonMark spec (test/spec.txt) is Copyright (C) 2014-15 John MacFarlane Released under the Creative Commons CC-BY-SA 4.0 license: http://creativecommons.org/licenses/by-sa/4.0/.", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "The test software in test/ is Copyright (c) 2014, John MacFarlane All rights reserved.", "RNReanimated The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "RNGestureHandler The MIT License (MIT) Copyright (c) 2016 Krzysztof Magiera", "AlamofireNetworkActivityIndicator Copyright (c) 2016 Alamofire Software Foundation (http://alamofire.org/)", "https://metadefender.com/results/file/bzI1MDMwMVFWaXRDS0hpWElYcnV0QllCYlB1", "AppAuth Apache License Version 2.0, January 2004 http://www.apache.org/licenses/", "Reachability Copyright (c) 2011, Tony Million. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials p", "https://github.com/facebook/malware-detection/tree/main/indicators", "BVLinearGradient MIT License Copyright (c) 2016 React Native Community", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "Automattic-Tracks-iOS GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., http://fsf.org/ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble T", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://thehackernews.com/2023/09/vietnamese-hackers-deploy-python-based.html", "Kanvas Mozilla Public License Version 2.0 Definitions 1.1. \u00e2\u20ac\u0153Contributor\u00e2\u20ac\u009d means each individual or legal entity that creates, contributes to the creation of, or owns Covered Software. 1.2. \u00e2\u20ac\u0153Contributor Version\u00e2\u20ac\u009d means the combination of the Contributions of others (if any) used by a Contributor and that particular Contributor\u00e2\u20ac\u2122s Contribution. 1.3. \u00e2\u20ac\u0153Contribution\u00e2\u20ac\u009d means Covered Software of a particular Contributor. 1.4. \u00e2\u20ac\u0153Covered Software\u00e2\u20ac\u009d means Source Code Form to which the initial Contrib", "MRProgress The MIT License (MIT) Copyright (c) 2013 Marius Rackwitz", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub", "https://www.virustotal.com/gui/collection/e03439bc07bcb1908764755571e127ec051193d4cc24cf842ec3179557f533cb/iocs", "https://www.virustotal.com/gui/collection/ab283165c61c702e1aed28375718dd2674179c61c517d93baabc2219becf081a/community", "cmark Copyright (c) 2014, John MacFarlane All rights reserved" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Gap Malverposting" ], "malware_families": [ "Cobalt strike", "Linux", "Duckport", "Mirai", "Forks", "Norwell" ], "industries": [ "Healthcare", "Technology", "Telecommunications", "Education", "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 31, "pulses": [ { "id": "6a132a7a71682c83e9c17835", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-26T06:44:42.987000", "created": "2026-05-24T16:42:34.355000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1765, "URL": 1325, "hostname": 1489, "FileHash-MD5": 224, "FileHash-SHA1": 268, "IPv4": 152, "domain": 1177, "CIDR": 4, "email": 11, "IPv6": 1, "URI": 3, "CVE": 2, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6425, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13404a015fc885f5edb1c9", "name": "An error occurred: breadcrumb. IpLogger - piggy back on @skocherhan", "description": "[Find out the best IP logging tools and tools at \u00c2\u00a31.5m in the UK, Ireland, Wales, Scotland and Northern Ireland on the website+ here is the full list.]", "modified": "2026-05-24T18:15:38.213000", "created": "2026-05-24T18:15:38.213000", "tags": [ "::keywords_error_main", "sign", "url shortener", "track phone", "tracking pixel", "my ip", "ip counters", "ip generator", "internet", "best ip", "logger", "accept", "pe32", "intel", "ms windows", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "exe32", "compiler", "ltcgc", "ascii text", "redacted for", "postal code", "privacy tech", "stateprovince", "server", "registrar abuse", "registrant name", "domain id", "iana id", "admin country", "date", "key identifier", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "x509v3 subject", "x509v3 key", "delegated", "unverified", "record type", "ttl value", "homenet", "0xf82", "externalnet", "policy ip", "check domain", "tls sni", "high", "informational", "registry keys", "nothing", "mutexes nothing", "parent pid", "full path", "command line", "read files", "apis nothing", "pe file", "performs dns", "network info", "processes extra", "aslr", "sample", "t1055 process", "overview", "mitre attack", "overview zenbox", "defense evasion", "next", "generic cil", "executable", "mono", "win32 dynamic", "link library", "pe32 library", "file type", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "persistence", "info", "Expired certificate", "Drops", "Oa auth abuse [potential]" ], "references": [ "http://iplogger.org/1tnbw7%0Ahttp://gsoftclean.top/ver.txt%0Ahttp://iplogger.org/1z9A57%0Ahttp://gsoftclean.top/main.exe%0Ahttp://gsoftclean.top/aus%0Ahttp://gsoftclean.top/settings.dll%0Ahttp://iplogger.org/1nLz47%0Ahttp://iplogger.org/1z6A57%0Ahttps://iplogger.org/1z6A57%0Ahttp://iplogger.org/1PMX37%0Ahttps://iplogger.org/1nLz47", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779645922&Signature=JwLo32luwQokWOHR7lJz4dmUcLMQf18tKN2sLujlReeuplXL3B7kObdnC6EAKvj0%2FbPufiSY60CcdkPZ0L38f2ezSQ%2FpUd%2B9vwTI0sIkA%2BKOPYbhRV0zr7%2FH0rSo%2Fe1bb7p3YS9o0fzclIJ9iT6lWjLBnyAgZ4ZvwYmLkJk2x9beiNvBoWd5BPX2QLlZXDEzKgUbGKGGjHZQPfSIi3YI3zIRo16YJkaQzjxGBhhyGB4Ao8%2Fr", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646024&Signature=GY3f%2BonWSmAE2r3xAvXp%2F0FLSZV%2B761HeH7MY%2F8jak5D8A6eAtDD6dxfY3qi8RFAYc2JIbh%2BWXZHSBZkxzZskVfm5S22fwOHMoCy9ezLI3%2BUbKxsL0uv64YuKmYd8s9FPp4wHA7tAXPPEMApUtclPZEQeo1AHVK7AN9zQZqAGYGnbfQtD1Ew5Bny5yT6axRterHcQPbXI8aPUvmJjP0131Op%2FKquhhierCzlcA3JIPWrYGomlInU9wZg", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646404&Signature=RAWN3ziUE4nt7cOF13GailGKiIaXg1kyzWnV3ohWPQWImilq1jkY6T9cnu7vh%2F0SwtRBev83RCV6GntS%2BJCyx7SBzUDQfqgPb3FwbcVEKgVziqaqJnxUSRgT0fWVsRCXJCisv9WjaxDGYcpAG8VMSXObs0HpYbgKvL%2FmbwN2wmzCCwSIiyGZj72303oaIQHVyqX9LoYWhs16g1xe%2B%2BXBcJaVerKyva6h3EWLVO9dkwM0cWEidZPw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 200, "domain": 530, "hostname": 84, "FileHash-SHA256": 1090, "FileHash-MD5": 104, "Mutex": 2, "FileHash-SHA1": 97, "IPv4": 58, "email": 1, "CVE": 1 }, "indicator_count": 2167, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a1340485f49d8abce143eea", "name": "An error occurred: breadcrumb. IpLogger - piggy back on @skocherhan", "description": "[Find out the best IP logging tools and tools at \u00c2\u00a31.5m in the UK, Ireland, Wales, Scotland and Northern Ireland on the website+ here is the full list.]", "modified": "2026-05-24T18:15:36.238000", "created": "2026-05-24T18:15:36.238000", "tags": [ "::keywords_error_main", "sign", "url shortener", "track phone", "tracking pixel", "my ip", "ip counters", "ip generator", "internet", "best ip", "logger", "accept", "pe32", "intel", "ms windows", "win16 ne", "icons library", "os2 executable", "pe32 compiler", "exe32", "compiler", "ltcgc", "ascii text", "redacted for", "postal code", "privacy tech", "stateprovince", "server", "registrar abuse", "registrant name", "domain id", "iana id", "admin country", "date", "key identifier", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "x509v3 subject", "x509v3 key", "delegated", "unverified", "record type", "ttl value", "homenet", "0xf82", "externalnet", "policy ip", "check domain", "tls sni", "high", "informational", "registry keys", "nothing", "mutexes nothing", "parent pid", "full path", "command line", "read files", "apis nothing", "pe file", "performs dns", "network info", "processes extra", "aslr", "sample", "t1055 process", "overview", "mitre attack", "overview zenbox", "defense evasion", "next", "generic cil", "executable", "mono", "win32 dynamic", "link library", "pe32 library", "file type", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "persistence", "info", "Expired certificate", "Drops", "Oa auth abuse [potential]" ], "references": [ "http://iplogger.org/1tnbw7%0Ahttp://gsoftclean.top/ver.txt%0Ahttp://iplogger.org/1z9A57%0Ahttp://gsoftclean.top/main.exe%0Ahttp://gsoftclean.top/aus%0Ahttp://gsoftclean.top/settings.dll%0Ahttp://iplogger.org/1nLz47%0Ahttp://iplogger.org/1z6A57%0Ahttps://iplogger.org/1z6A57%0Ahttp://iplogger.org/1PMX37%0Ahttps://iplogger.org/1nLz47", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779645922&Signature=JwLo32luwQokWOHR7lJz4dmUcLMQf18tKN2sLujlReeuplXL3B7kObdnC6EAKvj0%2FbPufiSY60CcdkPZ0L38f2ezSQ%2FpUd%2B9vwTI0sIkA%2BKOPYbhRV0zr7%2FH0rSo%2Fe1bb7p3YS9o0fzclIJ9iT6lWjLBnyAgZ4ZvwYmLkJk2x9beiNvBoWd5BPX2QLlZXDEzKgUbGKGGjHZQPfSIi3YI3zIRo16YJkaQzjxGBhhyGB4Ao8%2Fr", "https://vtbehaviour.commondatastorage.googleapis.com/e920fc67e098b7a6f3a13d99935239edc4c6c799bbaf2126c28da9b6e77fcf6f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646024&Signature=GY3f%2BonWSmAE2r3xAvXp%2F0FLSZV%2B761HeH7MY%2F8jak5D8A6eAtDD6dxfY3qi8RFAYc2JIbh%2BWXZHSBZkxzZskVfm5S22fwOHMoCy9ezLI3%2BUbKxsL0uv64YuKmYd8s9FPp4wHA7tAXPPEMApUtclPZEQeo1AHVK7AN9zQZqAGYGnbfQtD1Ew5Bny5yT6axRterHcQPbXI8aPUvmJjP0131Op%2FKquhhierCzlcA3JIPWrYGomlInU9wZg", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779646404&Signature=RAWN3ziUE4nt7cOF13GailGKiIaXg1kyzWnV3ohWPQWImilq1jkY6T9cnu7vh%2F0SwtRBev83RCV6GntS%2BJCyx7SBzUDQfqgPb3FwbcVEKgVziqaqJnxUSRgT0fWVsRCXJCisv9WjaxDGYcpAG8VMSXObs0HpYbgKvL%2FmbwN2wmzCCwSIiyGZj72303oaIQHVyqX9LoYWhs16g1xe%2B%2BXBcJaVerKyva6h3EWLVO9dkwM0cWEidZPw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 200, "domain": 530, "hostname": 84, "FileHash-SHA256": 1090, "FileHash-MD5": 104, "Mutex": 2, "FileHash-SHA1": 97, "IPv4": 58, "email": 1, "CVE": 1 }, "indicator_count": 2167, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a7a34bcc860b0e44ffc", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:42:34.350000", "created": "2026-05-24T16:42:34.350000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a7762cac9a1007d9ece", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:42:31.294000", "created": "2026-05-24T16:42:31.294000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a66fa217054f3e57883", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:42:14.218000", "created": "2026-05-24T16:42:14.218000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a132a577896901b2c0b993b", "name": "Fastly: find your muse + keep them on your radar * CAPE Sandbox", "description": "Optics at Altitude is a commercial drone photography and videography service based out of the South Shore, Massachusetts, and beyond, which provides high-quality imagery for a wide-variety of industries and needs.-443 Certificate Caissuers\thttp://secure.globalsign.com/cacert/cloudsslsha2g3.crt\n443 Certificate Ocsp\thttp://ocsp2.globalsign.com/cloudsslsha2g3\n443 Certificate Serialnumber\t0C3B770C982FCBFC7B00B74A\n443 Certificate Notafter\tApr 14 16:28:35 2019 GMT\n443 Certificate Version\t3\n443 Certificate Subject\tUS\n443 Certificate Subject\tCalifornia\n443 Certificate Subject\tSan Francisco\n443 Certificate Subject\tFastly, Inc\n443 Certificate Issuer\tBE\n443 Certificate Issuer\tGlobalSign nv-sa", "modified": "2026-05-24T16:41:59.005000", "created": "2026-05-24T16:41:59.005000", "tags": [ "ip address", "status code", "body length", "kb body", "sha256", "csv text", "altitude", "south shore", "uas imagery", "massachusetts", "marshfield", "scituate", "hingham", "norwell", "hanover", "pembroke", "epub document", "structure ebook", "zip document", "epub", "nigel poulton", "docker deep", "nielson book", "docker", "single book", "anna", "dive", "dive zero", "deep dive", "zero", "script", "ieedge", "squarespace", "drones", "title", "secchuamodel", "link", "static", "supporte", "marshfield ldap", "marshfield ssl", "certificate", "common name", "issued", "charter", "llc united", "statesunited", "new london", "diesel", "comcast ip", "derry village", "ssl certificate", "encrypt", "comcast cable", "communications", "boston", "key identifier", "x509v3 subject", "full name", "cus odigicert", "inc cndigicert", "global g2", "tls rsa", "ca1 validity", "cus stnew", "range", "cidr", "network name", "type", "status", "whois server", "entity squar30", "handle", "net198", "net1980000", "squar30", "varick st", "city", "new york", "stateprov", "postalcode", "orgtechhandle", "orgtechref", "orgabusehandle", "orgabuseref", "orgnochandle", "orgnocref", "p version", "address range", "span", "google public", "form", "doctype html", "google", "public dns", "head", "public", "footer", "body", "file type", "ascii text", "python script", "python", "writes shell", "unicode text", "utf8 text", "ascii", "writes", "sample", "persistence", "defense evasion", "info", "next", "performs dns", "united", "urls", "found", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "phishing", "headers age", "homenet", "et info", "file hosting", "service domain", "domain", "dns lookup", "clientendpoint", "perimeter", "high", "informational", "domain related", "as54113", "top source", "top destination", "source source", "status domain", "tcp include", "udp include", "country united", "unique", "ja3 clients", "destination ip", "dest port", "ja3 ja3", "digest", "cache", "california", "san francisco", "fastly", "globalsign", "title pypi", "package", "a domains", "accept", "showing", "entries", "previous", "domains show", "search", "amazon ec2", "orgnocemail", "net75", "net750000", "amazon web", "services", "ip routing", "nethandle", "amazo4", "aws rpki", "historical ssl", "certificates", "first", "thumbprint", "graph summary", "algorithm", "number", "issuer", "cus cnlet", "x3 olet", "subject public", "key info", "key algorithm", "pdf document", "adobe portable", "document format", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "sha1", "acrongl integ", "adc4240758", "shutdown", "sqlite version", "sqlite rollback", "utf8", "json", "creates", "journal", "malicious", "resolutions", "date", "detection", "hostmaster", "amazon legal", "dept", "amazon", "code", "email", "icann whois", "nv admin", "phone", "stateprovince", "tech", "gatsby", "golf", "hrhrhr" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779636742&Signature=0Jmd8OZhEoMcSIRjjLwJ25yOqQqGciJ%2Bi7fIHdY6hAZ943%2BagmRX%2BVjBhTYlLgakIWK9x6Xl42tsN8Zxr1F8%2B9UsiTGouw2FhmIYb0m%2BVstAqLsFZfxFVME005klDDValb5ctckQfmbabxNIeSo3vmrY3IDcc%2FGfcbCW6Iqp9O8UhbCjMEW208ycLJ%2FpHTi1oEgnBzteXKkR%2F6bkcgsXuMmv2zPR5aFV%2FRoRKG4d00Gf", "https://vtbehaviour.commondatastorage.googleapis.com/92be0ca27d8a8501a9e3647d71d4aa3cf9cc36c64f4a20f1af181c424cb18a4e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638452&Signature=W7GSOCee0L88oD17mS9F7ugbL5UuvCROQTEX3x6zxE6iy%2Fq7d4R2VgKW6vrIVn5INn9P%2Bd4nE9bdDm9hFZfYZtWp2fA8kLWCXUIn9yyEalW3TZiqc3F0VaXhxyOt1z8RxWxNkSJ4q%2FiKIW0UIBNzP3Xb%2BS4HiU1ygKuUsKMrM94faA%2B%2FLvWo8blWHNZjcwJxB6tZER0I70vtmS%2BQUms49SUXQukji6eyu2GeJXt%2BrsVoCx", "https://vtbehaviour.commondatastorage.googleapis.com/8ed092fba4497e2cdde226956c589a21ccfb01c1a23305c029746d6f3f8441f2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638734&Signature=xtQED2V3PJ2BlKWGnzpYaInFIj0LtQ5HvUiHwVUnjQrf3nkdgTSOmKHoM8bt07LdXE2gP38gtUEORx1kvCz9WwS2vbQug9jFenQquTV1ymmuBzpRJ3ScOedOXYRUZ0xlMHMSKlEl7EDyuv5oI%2BbysetFZM7njE1QyFexdSfTFnaQLLOfOVYSrLignovntUHgLGqW%2B3pvMPXRK31YQ8G2uah9wKhgHX%2BvBuMBpVk%2Fu%2FB3k9m8DUZK", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779638904&Signature=sNLoXHL%2FJqR%2FKpCUpZ3xk1M3w2ix%2F0EztNMcyqjmOrRnpEfN2KtvqN%2BbjjNSOJZ60nF%2Blqn8e%2FCMW1hKcoVai1M%2BJhJchZCA5HTt9I%2FRxELce8C4AtkLuiJkLUydTO2Og2t9T5LjutTKwPeMWArNq9V2OX3NPY4my9NOxSl4azNDj3g2x0Bh%2B4cWRwh2kvoZOqEwQDfwSn1CPloWhsxGvXRWqmxgA5Qg0noBBB4dJGxNwoRKsOWF", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639054&Signature=EEV1EitssGhRiArTQwwI46vPKgz7UanaRN35lG8rZ3aqSaByMgJMG4F%2BBZ3gxHg87k8HJ5ajkCxPtTqsKEvG4C7b9cxkNALabAkhAdOiUgQJcMsP2RYCOcgI%2BpyVmB2ibfAqUo8ZBKCEmQhHPScOb9P3ccZc4cKW7Y%2Fstw5FecP4ddOC%2FimKqWnvBdvueQ0MDbsW20AXvNupNpXm0o09LG91CjzmrHeBMEC%2FTNDhCblMEN2x5oRkK%2Fz7VX", "https://vtbehaviour.commondatastorage.googleapis.com/4ac26c6b9045057df857c6994504138c0f11842f2f8cf54baa43830266dcd8fa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779639078&Signature=tzu4uNt492zFP%2BWaTxQzmPFHxea44DCMQdndQBcAY4YqVoVJ1UV6gsEPg8jB8shQPteUVKvm%2B46kCJpXntnbaegaLcNPwSYtTzGgpwWp13I2RzIYaaQoSBbQRNBF6y8v8Ql3l1FJLbz8vtarUjxrF%2BvvS6LwjT0BzLTAjR%2F5uVviAMddfZphJ1s1wKmfLrEmnZaXomiR8PkhX2nYZMc4jLxkJa%2BomaUKKKMggdRFFCcCLLoe%2Bo", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640480&Signature=q34riu0M3M72fz%2FxMMZS6FzxbC%2B8Z1WiO4MLyitIqJjdW95CvaeHBdE50%2BQk2P%2BSgNInq83S55ECox7wveKcpQLScNK4nfIaUO2jJIzkPNEFvO%2F%2BE%2F5CuRCW2H4HWji84nlyWZ7rlT9tvRWINFyCeI0sMYjD2gCovuOfhbEz717%2BUcycH2xU64CcOUIB0JH5kJzclp2AK1E0qdtDf12RLMD5z9Xgy0Wv8ElKSr75JpXomp", "https://vtbehaviour.commondatastorage.googleapis.com/1ea6d01132210234b1da26f181bdcefa423f883ed5b15bd42915b19f68e0604f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779640501&Signature=wQUBsRErARJ4flqai%2Fy45lWPUEVVpsxKIVhMiqVCcX3pSfwLxIUQD2aoderkcyUwUNFvaqQQ8jFN2XcbZcQZd2mYBvhNZQ8AxNhD%2BczvWObNrnN9MXmL7Yigcrf1ZfADDnHyk3ReVhUWSr5VW35SrWmrWcksCRf5egYC7hfcS0hqmYx%2F5%2B0iF7zlvKAWT9Iad4FU3zmas1Bri4p8csHlAX5zWpTWHflEQU5H2BddZyie8hc9vloTzOlLZTqmpy" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Norwell", "display_name": "Norwell", "target": null } ], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1686, "URL": 1309, "hostname": 1474, "FileHash-MD5": 166, "FileHash-SHA1": 204, "IPv4": 152, "domain": 1177, "CIDR": 3, "email": 11, "IPv6": 1, "URI": 1, "CVE": 1, "SSLCertFingerprint": 2, "Mutex": 2 }, "indicator_count": 6189, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936ce3f3ebd4b76fee29", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T23:45:08.365000", "created": "2026-05-21T05:09:00.942000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 90, "FileHash-SHA256": 1997, "IPv4": 49, "domain": 34, "hostname": 124, "URL": 429, "URI": 1, "CIDR": 16 }, "indicator_count": 2944, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9725b323ae1350c36488", "name": "no comment", "description": "", "modified": "2026-05-21T06:52:08.577000", "created": "2026-05-21T05:24:53.947000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 366, "FileHash-SHA1": 366, "FileHash-SHA256": 5078, "IPv4": 44, "URL": 2414, "domain": 1305, "hostname": 366, "CIDR": 1, "email": 2, "Mutex": 1 }, "indicator_count": 9943, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9725823bc1d6ac78350e", "name": "no comment", "description": "", "modified": "2026-05-21T06:37:36.247000", "created": "2026-05-21T05:24:53.229000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 35, "FileHash-SHA1": 35, "FileHash-SHA256": 679, "IPv4": 15, "URL": 200, "domain": 32, "hostname": 26 }, "indicator_count": 1022, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "conduct.md", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "conduct.md", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780237961.0473497 }