{ "type": "Domain", "indicator": "cyys87.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/cyys87.com", "alexa": "http://www.alexa.com/siteinfo/cyys87.com", "indicator": "cyys87.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4358563975, "indicator": "cyys87.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "6a0fde205095bd98f11dcd2e", "name": "Research part 2 * CAPE Sandbox", "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].", "modified": "2026-05-22T04:40:00.363000", "created": "2026-05-22T04:40:00.363000", "tags": [ "new roman", "hebrew", "arabic", "vietnamese", "greek", "baltic", "times new", "roman", "calibri", "light", "default", "strong", "cname", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "accept", "shutdown", "guard", "pe file", "windows", "sample", "reads", "performs dns", "network info", "processes extra", "pe32", "intel", "delphi", "code", "persistence", "malicious", "next", "member", "p11778505315", "p2404", "host", "library", "thrown", "class", "null", "example", "loop", "syst", "none rticon", "address virtual", "sha1", "locale", "download" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC", "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni", "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko", "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL", "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 365, "FileHash-SHA1": 113, "FileHash-SHA256": 302, "IPv4": 324, "URL": 261, "domain": 214, "hostname": 464 }, "indicator_count": 2043, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0fde1e9d38578f83f2f07a", "name": "Research part 2 * CAPE Sandbox", "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].", "modified": "2026-05-22T04:39:58.097000", "created": "2026-05-22T04:39:58.097000", "tags": [ "new roman", "hebrew", "arabic", "vietnamese", "greek", "baltic", "times new", "roman", "calibri", "light", "default", "strong", "cname", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "accept", "shutdown", "guard", "pe file", "windows", "sample", "reads", "performs dns", "network info", "processes extra", "pe32", "intel", "delphi", "code", "persistence", "malicious", "next", "member", "p11778505315", "p2404", "host", "library", "thrown", "class", "null", "example", "loop", "syst", "none rticon", "address virtual", "sha1", "locale", "download" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC", "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni", "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko", "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL", "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 365, "FileHash-SHA1": 113, "FileHash-SHA256": 302, "IPv4": 324, "URL": 261, "domain": 214, "hostname": 464 }, "indicator_count": 2043, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0fde1b366253c296281156", "name": "Research part 2 * CAPE Sandbox", "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].", "modified": "2026-05-22T04:39:55.100000", "created": "2026-05-22T04:39:55.100000", "tags": [ "new roman", "hebrew", "arabic", "vietnamese", "greek", "baltic", "times new", "roman", "calibri", "light", "default", "strong", "cname", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "accept", "shutdown", "guard", "pe file", "windows", "sample", "reads", "performs dns", "network info", "processes extra", "pe32", "intel", "delphi", "code", "persistence", "malicious", "next", "member", "p11778505315", "p2404", "host", "library", "thrown", "class", "null", "example", "loop", "syst", "none rticon", "address virtual", "sha1", "locale", "download" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC", "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni", "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko", "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL", "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 365, "FileHash-SHA1": 113, "FileHash-SHA256": 302, "IPv4": 324, "URL": 261, "domain": 214, "hostname": 464 }, "indicator_count": 2043, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a04e84167efe8b5fa43e0ca", "name": "cve-2020-0601 + spoof signing", "description": "CVE2020-0601 is a Curveball vulnerability that could allow attackers to spoof signatures and is a high cryptographic validation flaw. Per NIST, \"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability',\".", "modified": "2026-05-14T01:04:28.762000", "created": "2026-05-13T21:08:17.669000", "tags": [ "indicators show", "search", "type indicator", "role title", "added active", "related pulses", "instagram", "identifier", "cve-2020-0601" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 51, "hostname": 147, "FileHash-SHA1": 4, "domain": 119, "URL": 169, "IPv4": 282, "FileHash-MD5": 3, "FileHash-SHA256": 283 }, "indicator_count": 1058, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a04e8423bba51f1e0ff3030", "name": "cve-2020-0601 + spoof signing", "description": "CVE2020-0601 is a Curveball vulnerability that could allow attackers to spoof signatures and is a high cryptographic validation flaw. Per NIST, \"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability',\".", "modified": "2026-05-13T22:50:49.596000", "created": "2026-05-13T21:08:18.159000", "tags": [ "indicators show", "search", "type indicator", "role title", "added active", "related pulses", "instagram", "identifier", "cve-2020-0601" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 51, "hostname": 147, "FileHash-SHA1": 4, "domain": 119, "URL": 169, "IPv4": 281, "FileHash-MD5": 3, "FileHash-SHA256": 283 }, "indicator_count": 1057, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a04e83b9a762101e54d6a4f", "name": "cve-2020-0601 + spoof signing", "description": "CVE2020-0601 is a Curveball vulnerability that could allow attackers to spoof signatures and is a high cryptographic validation flaw. Per NIST, \"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability',\".", "modified": "2026-05-13T22:50:48.345000", "created": "2026-05-13T21:08:11.231000", "tags": [ "indicators show", "search", "type indicator", "role title", "added active", "related pulses", "instagram", "identifier", "cve-2020-0601" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 53, "hostname": 147, "FileHash-SHA1": 24, "domain": 119, "URL": 167, "IPv4": 281, "FileHash-MD5": 15, "FileHash-SHA256": 469, "Mutex": 2 }, "indicator_count": 1277, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL", "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B", "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko", "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni", "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "6a0fde205095bd98f11dcd2e", "name": "Research part 2 * CAPE Sandbox", "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].", "modified": "2026-05-22T04:40:00.363000", "created": "2026-05-22T04:40:00.363000", "tags": [ "new roman", "hebrew", "arabic", "vietnamese", "greek", "baltic", "times new", "roman", "calibri", "light", "default", "strong", "cname", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "accept", "shutdown", "guard", "pe file", "windows", "sample", "reads", "performs dns", "network info", "processes extra", "pe32", "intel", "delphi", "code", "persistence", "malicious", "next", "member", "p11778505315", "p2404", "host", "library", "thrown", "class", "null", "example", "loop", "syst", "none rticon", "address virtual", "sha1", "locale", "download" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC", "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni", "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko", "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL", "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 365, "FileHash-SHA1": 113, "FileHash-SHA256": 302, "IPv4": 324, "URL": 261, "domain": 214, "hostname": 464 }, "indicator_count": 2043, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0fde1e9d38578f83f2f07a", "name": "Research part 2 * CAPE Sandbox", "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].", "modified": "2026-05-22T04:39:58.097000", "created": "2026-05-22T04:39:58.097000", "tags": [ "new roman", "hebrew", "arabic", "vietnamese", "greek", "baltic", "times new", "roman", "calibri", "light", "default", "strong", "cname", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "accept", "shutdown", "guard", "pe file", "windows", "sample", "reads", "performs dns", "network info", "processes extra", "pe32", "intel", "delphi", "code", "persistence", "malicious", "next", "member", "p11778505315", "p2404", "host", "library", "thrown", "class", "null", "example", "loop", "syst", "none rticon", "address virtual", "sha1", "locale", "download" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC", "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni", "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko", "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL", "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 365, "FileHash-SHA1": 113, "FileHash-SHA256": 302, "IPv4": 324, "URL": 261, "domain": 214, "hostname": 464 }, "indicator_count": 2043, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0fde1b366253c296281156", "name": "Research part 2 * CAPE Sandbox", "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].", "modified": "2026-05-22T04:39:55.100000", "created": "2026-05-22T04:39:55.100000", "tags": [ "new roman", "hebrew", "arabic", "vietnamese", "greek", "baltic", "times new", "roman", "calibri", "light", "default", "strong", "cname", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "accept", "shutdown", "guard", "pe file", "windows", "sample", "reads", "performs dns", "network info", "processes extra", "pe32", "intel", "delphi", "code", "persistence", "malicious", "next", "member", "p11778505315", "p2404", "host", "library", "thrown", "class", "null", "example", "loop", "syst", "none rticon", "address virtual", "sha1", "locale", "download" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC", "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni", "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko", "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL", "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 365, "FileHash-SHA1": 113, "FileHash-SHA256": 302, "IPv4": 324, "URL": 261, "domain": 214, "hostname": 464 }, "indicator_count": 2043, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a04e84167efe8b5fa43e0ca", "name": "cve-2020-0601 + spoof signing", "description": "CVE2020-0601 is a Curveball vulnerability that could allow attackers to spoof signatures and is a high cryptographic validation flaw. Per NIST, \"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability',\".", "modified": "2026-05-14T01:04:28.762000", "created": "2026-05-13T21:08:17.669000", "tags": [ "indicators show", "search", "type indicator", "role title", "added active", "related pulses", "instagram", "identifier", "cve-2020-0601" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 51, "hostname": 147, "FileHash-SHA1": 4, "domain": 119, "URL": 169, "IPv4": 282, "FileHash-MD5": 3, "FileHash-SHA256": 283 }, "indicator_count": 1058, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a04e8423bba51f1e0ff3030", "name": "cve-2020-0601 + spoof signing", "description": "CVE2020-0601 is a Curveball vulnerability that could allow attackers to spoof signatures and is a high cryptographic validation flaw. Per NIST, \"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability',\".", "modified": "2026-05-13T22:50:49.596000", "created": "2026-05-13T21:08:18.159000", "tags": [ "indicators show", "search", "type indicator", "role title", "added active", "related pulses", "instagram", "identifier", "cve-2020-0601" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 51, "hostname": 147, "FileHash-SHA1": 4, "domain": 119, "URL": 169, "IPv4": 281, "FileHash-MD5": 3, "FileHash-SHA256": 283 }, "indicator_count": 1057, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a04e83b9a762101e54d6a4f", "name": "cve-2020-0601 + spoof signing", "description": "CVE2020-0601 is a Curveball vulnerability that could allow attackers to spoof signatures and is a high cryptographic validation flaw. Per NIST, \"A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability',\".", "modified": "2026-05-13T22:50:48.345000", "created": "2026-05-13T21:08:11.231000", "tags": [ "indicators show", "search", "type indicator", "role title", "added active", "related pulses", "instagram", "identifier", "cve-2020-0601" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 53, "hostname": 147, "FileHash-SHA1": 24, "domain": 119, "URL": 167, "IPv4": 281, "FileHash-MD5": 15, "FileHash-SHA256": 469, "Mutex": 2 }, "indicator_count": 1277, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "cyys87.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "cyys87.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780247374.8590882 }