{ "type": "Domain", "indicator": "d.ch", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/d.ch", "alexa": "http://www.alexa.com/siteinfo/d.ch", "indicator": "d.ch", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3608236507, "indicator": "d.ch", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6a0daaebfbebe6e44d7c8992", "name": "Public Data - SecondWrite DeepView - 126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270", "description": "Public data sourced thr majority of it flagging red in VT the documents that dont all have mitre findings and process injection, drops, and many other findings. A quick search of cyber concerns and the county would reveal much more.", "modified": "2026-05-21T01:29:58.344000", "created": "2026-05-20T12:36:59.202000", "tags": [ "tj et", "bt f3", "q emc", "bt f2", "bt f1", "default", "bt f11", "font", "extgstate", "rgs8", "stream", "xport", "double", "generic", "enterprise", "matrix", "sandbox", "grease", "strings", "agent", "back", "html", "mitre attack", "network info", "processes extra", "iemobile", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "phishing", "next", "xmpg", "resource", "cmyk", "process", "mediabox", "procset", "core", "false", "recon", "black", "green", "info", "local", "registry keys", "file execution", "update mutex", "instance mutex", "parent pid", "full path", "command line", "files c", "read files", "file type", "united", "json", "com executable", "ascii", "dropped info", "malicious", "norfolk county MA", "Massachusetts", "Zenbox resolver", "offensive security\"\"", "karen read", "courthouse questions", "public corruption", "spyware", "bruno", "julie" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779279949&Signature=yUFvMDVu0XKELIgla7aKuW9HqF0wY7ydblJ4XEeCevmT9bF%2BfncaZGDPf%2FIuVFxbZJeaCtLZMApJZWzSwNo3%2FvV6hohV69sfK7jyEWl8Im63BT7sCB%2FMQ73DyBSDHRRXDhSLQMQmy%2B%2FQ2Mw8Yx46nkVN5fwPvC7ldREeSD4phoi4GQtJsiLtS%2BogdQJANEyJ1K%2FthvbgbLreBNbMgND25%2B%2F%2BaPr%2BkHf7BBo%2FE0U", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280032&Signature=NuU9TdZicu9qB8%2FZuRVmPdfEHzj2idplYEvwmOCjgMsBVxycmti0jLw2eqfw%2Bvk%2FJlbhpE31YAAOm2hPi224ifTrJnut4HKAtdNdc3X7nNj93dPhu5mP%2BDBxDYDscNjNieTGLTm1eX7qNxKHk7xs1rC%2BKHGR1oRouXSEhwFEFl7lwxGAJLZ7Aoa%2ByjD31HOHd35q5uyocwJetVwgfkPgrMZTXeehZ7A0QpJG5d3tmbS%2FjuQbYH8", "https://vtbehaviour.commondatastorage.googleapis.com/6561c9edc5a957bd54719ee8fee435024bd19eed06e60fb03cc846eb12eb770d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280159&Signature=bNLaxE4oslMJkLYehBHM6w9NuktIfUIQhRQR%2BXEtZnUBm9zwBxn8PFn%2FFz%2BRepET76q%2BqYnftTRilGziS742QL%2BA5iXOcTEpzEC0l80MaX3Otpu%2FKgTZTzB2VdwlajaHJ6LAXj%2Fu6ydsiQctCmjpSjeeZkqtZq6GMcic68R3Jt9DsZP0qYiFjN1zEngmLLVUlLIUIFNjB6Y39TkoSNtJKp%2FuCcwU6USx7ccFOr49ckQFQ%2ByfR3Ah", "https://vtbehaviour.commondatastorage.googleapis.com/32cc2182b40a79a96703db955d46dfa0afeee9e4b0651b47bdf75253397d04d3_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280248&Signature=yoiAQ6t7ZbSLgVsFFNim%2FNtxbfU6SE6R8UGgnDEo9jw7sVlmNpEr0DKgLhC9HBQM31HOCzPzT8J3%2FOgem0MTU4ZKV2iVv8AVk0j35pk1R7db0YPw%2FxYthghuER3Ulbkg8j1hjl6ugYaGiObAvXhnJJmnLv%2FeNPN0pPkfI%2BraLFmk7IvosfNigYr32kmWn7X1SMt838OaP7mV0yQ5HnbvTLJ8k0NhuXgTV3%2FPQlBdML%2BewLedwrw", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280360&Signature=yKM1Cn9YEpAGIsXUWGHEAWdYoq8j2cvbkztTzlE%2FvaWqKtMD7sxdyGggtYV%2F6ZWW0D6oILfM8nLabrtQWPXNT%2Fh0UkTqL%2BRmJqxehQnzwMJtl1PhIYh2nz%2FzPoeEO4TlvqVK7THpLHpjPfjt0ov0EI4H8%2BouzX1TMM9NmtZdE8oF5wWuX2DpqMnq46IMqkG1ykDH7UJtLpPp%2FFhF4v3fr%2BjpfsvC05j8Wn4lMQjja%2Bl3", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280491&Signature=t3HWu9nEeJQ36%2Bt8NQxezVipHjZZW6sfll5%2FkSqaSIlcGfyKfCvF5%2FTSM2G8zhAflbz39%2Fw3CGLAc%2BchEzfa%2FW3sBWeTs4xOCQMehLJf%2B4m0FhN4yzp0KUQttNfvUrmON9rQHLOR6L8T263JIfYcD2ZN8H5yjkmwoZwqwQR0f1Uvhs2XjMaVWeKn32%2BUKDJpg6%2FYsyfoOcbPny5AL9dv1Ue7JU0o8JVuJdYE%2BrUSwJXell6msA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 12, "FileHash-SHA256": 246, "IPv4": 91, "email": 1, "URL": 88, "domain": 57, "hostname": 46 }, "indicator_count": 665, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63b580a925bb698985fa83ea", "name": "vendor.bundle.js", "description": "", "modified": "2023-02-03T13:00:02.804000", "created": "2023-01-04T13:35:37.535000", "tags": [ "vxstream", "trojan", "apt", "memoryfile scan", "error", "progresstype", "graytext", "typeof e", "highlight", "bg96gwp", "typeof", "window", "null", "date", "span", "path", "meta", "push", "unknown", "roboto", "scroll", "suspicious", "close", "light", "template", "abcd", "android", "trident", "backspace", "insert", "4096", "void", "legend", "iframe", "webview", "infinity", "ransomware", "malicious", "accept toggle", "voice", "upgrade" ], "references": [ "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "original dropped file discovery url", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 205, "URL": 1340, "FileHash-SHA256": 407, "hostname": 491, "FileHash-MD5": 8, "email": 1, "FileHash-SHA1": 1 }, "indicator_count": 2453, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1213 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6561c9edc5a957bd54719ee8fee435024bd19eed06e60fb03cc846eb12eb770d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280159&Signature=bNLaxE4oslMJkLYehBHM6w9NuktIfUIQhRQR%2BXEtZnUBm9zwBxn8PFn%2FFz%2BRepET76q%2BqYnftTRilGziS742QL%2BA5iXOcTEpzEC0l80MaX3Otpu%2FKgTZTzB2VdwlajaHJ6LAXj%2Fu6ydsiQctCmjpSjeeZkqtZq6GMcic68R3Jt9DsZP0qYiFjN1zEngmLLVUlLIUIFNjB6Y39TkoSNtJKp%2FuCcwU6USx7ccFOr49ckQFQ%2ByfR3Ah", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://vtbehaviour.commondatastorage.googleapis.com/32cc2182b40a79a96703db955d46dfa0afeee9e4b0651b47bdf75253397d04d3_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280248&Signature=yoiAQ6t7ZbSLgVsFFNim%2FNtxbfU6SE6R8UGgnDEo9jw7sVlmNpEr0DKgLhC9HBQM31HOCzPzT8J3%2FOgem0MTU4ZKV2iVv8AVk0j35pk1R7db0YPw%2FxYthghuER3Ulbkg8j1hjl6ugYaGiObAvXhnJJmnLv%2FeNPN0pPkfI%2BraLFmk7IvosfNigYr32kmWn7X1SMt838OaP7mV0yQ5HnbvTLJ8k0NhuXgTV3%2FPQlBdML%2BewLedwrw", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280360&Signature=yKM1Cn9YEpAGIsXUWGHEAWdYoq8j2cvbkztTzlE%2FvaWqKtMD7sxdyGggtYV%2F6ZWW0D6oILfM8nLabrtQWPXNT%2Fh0UkTqL%2BRmJqxehQnzwMJtl1PhIYh2nz%2FzPoeEO4TlvqVK7THpLHpjPfjt0ov0EI4H8%2BouzX1TMM9NmtZdE8oF5wWuX2DpqMnq46IMqkG1ykDH7UJtLpPp%2FFhF4v3fr%2BjpfsvC05j8Wn4lMQjja%2Bl3", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280491&Signature=t3HWu9nEeJQ36%2Bt8NQxezVipHjZZW6sfll5%2FkSqaSIlcGfyKfCvF5%2FTSM2G8zhAflbz39%2Fw3CGLAc%2BchEzfa%2FW3sBWeTs4xOCQMehLJf%2B4m0FhN4yzp0KUQttNfvUrmON9rQHLOR6L8T263JIfYcD2ZN8H5yjkmwoZwqwQR0f1Uvhs2XjMaVWeKn32%2BUKDJpg6%2FYsyfoOcbPny5AL9dv1Ue7JU0o8JVuJdYE%2BrUSwJXell6msA", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280032&Signature=NuU9TdZicu9qB8%2FZuRVmPdfEHzj2idplYEvwmOCjgMsBVxycmti0jLw2eqfw%2Bvk%2FJlbhpE31YAAOm2hPi224ifTrJnut4HKAtdNdc3X7nNj93dPhu5mP%2BDBxDYDscNjNieTGLTm1eX7qNxKHk7xs1rC%2BKHGR1oRouXSEhwFEFl7lwxGAJLZ7Aoa%2ByjD31HOHd35q5uyocwJetVwgfkPgrMZTXeehZ7A0QpJG5d3tmbS%2FjuQbYH8", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "original dropped file discovery url", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779279949&Signature=yUFvMDVu0XKELIgla7aKuW9HqF0wY7ydblJ4XEeCevmT9bF%2BfncaZGDPf%2FIuVFxbZJeaCtLZMApJZWzSwNo3%2FvV6hohV69sfK7jyEWl8Im63BT7sCB%2FMQ73DyBSDHRRXDhSLQMQmy%2B%2FQ2Mw8Yx46nkVN5fwPvC7ldREeSD4phoi4GQtJsiLtS%2BogdQJANEyJ1K%2FthvbgbLreBNbMgND25%2B%2F%2BaPr%2BkHf7BBo%2FE0U" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6a0daaebfbebe6e44d7c8992", "name": "Public Data - SecondWrite DeepView - 126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270", "description": "Public data sourced thr majority of it flagging red in VT the documents that dont all have mitre findings and process injection, drops, and many other findings. A quick search of cyber concerns and the county would reveal much more.", "modified": "2026-05-21T01:29:58.344000", "created": "2026-05-20T12:36:59.202000", "tags": [ "tj et", "bt f3", "q emc", "bt f2", "bt f1", "default", "bt f11", "font", "extgstate", "rgs8", "stream", "xport", "double", "generic", "enterprise", "matrix", "sandbox", "grease", "strings", "agent", "back", "html", "mitre attack", "network info", "processes extra", "iemobile", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "phishing", "next", "xmpg", "resource", "cmyk", "process", "mediabox", "procset", "core", "false", "recon", "black", "green", "info", "local", "registry keys", "file execution", "update mutex", "instance mutex", "parent pid", "full path", "command line", "files c", "read files", "file type", "united", "json", "com executable", "ascii", "dropped info", "malicious", "norfolk county MA", "Massachusetts", "Zenbox resolver", "offensive security\"\"", "karen read", "courthouse questions", "public corruption", "spyware", "bruno", "julie" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779279949&Signature=yUFvMDVu0XKELIgla7aKuW9HqF0wY7ydblJ4XEeCevmT9bF%2BfncaZGDPf%2FIuVFxbZJeaCtLZMApJZWzSwNo3%2FvV6hohV69sfK7jyEWl8Im63BT7sCB%2FMQ73DyBSDHRRXDhSLQMQmy%2B%2FQ2Mw8Yx46nkVN5fwPvC7ldREeSD4phoi4GQtJsiLtS%2BogdQJANEyJ1K%2FthvbgbLreBNbMgND25%2B%2F%2BaPr%2BkHf7BBo%2FE0U", "https://vtbehaviour.commondatastorage.googleapis.com/126475d058c9a5dc1d9caf29cf0c2b20443c659a6b6d9b9676112f755e834270_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280032&Signature=NuU9TdZicu9qB8%2FZuRVmPdfEHzj2idplYEvwmOCjgMsBVxycmti0jLw2eqfw%2Bvk%2FJlbhpE31YAAOm2hPi224ifTrJnut4HKAtdNdc3X7nNj93dPhu5mP%2BDBxDYDscNjNieTGLTm1eX7qNxKHk7xs1rC%2BKHGR1oRouXSEhwFEFl7lwxGAJLZ7Aoa%2ByjD31HOHd35q5uyocwJetVwgfkPgrMZTXeehZ7A0QpJG5d3tmbS%2FjuQbYH8", "https://vtbehaviour.commondatastorage.googleapis.com/6561c9edc5a957bd54719ee8fee435024bd19eed06e60fb03cc846eb12eb770d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280159&Signature=bNLaxE4oslMJkLYehBHM6w9NuktIfUIQhRQR%2BXEtZnUBm9zwBxn8PFn%2FFz%2BRepET76q%2BqYnftTRilGziS742QL%2BA5iXOcTEpzEC0l80MaX3Otpu%2FKgTZTzB2VdwlajaHJ6LAXj%2Fu6ydsiQctCmjpSjeeZkqtZq6GMcic68R3Jt9DsZP0qYiFjN1zEngmLLVUlLIUIFNjB6Y39TkoSNtJKp%2FuCcwU6USx7ccFOr49ckQFQ%2ByfR3Ah", "https://vtbehaviour.commondatastorage.googleapis.com/32cc2182b40a79a96703db955d46dfa0afeee9e4b0651b47bdf75253397d04d3_SecondWrite.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280248&Signature=yoiAQ6t7ZbSLgVsFFNim%2FNtxbfU6SE6R8UGgnDEo9jw7sVlmNpEr0DKgLhC9HBQM31HOCzPzT8J3%2FOgem0MTU4ZKV2iVv8AVk0j35pk1R7db0YPw%2FxYthghuER3Ulbkg8j1hjl6ugYaGiObAvXhnJJmnLv%2FeNPN0pPkfI%2BraLFmk7IvosfNigYr32kmWn7X1SMt838OaP7mV0yQ5HnbvTLJ8k0NhuXgTV3%2FPQlBdML%2BewLedwrw", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280360&Signature=yKM1Cn9YEpAGIsXUWGHEAWdYoq8j2cvbkztTzlE%2FvaWqKtMD7sxdyGggtYV%2F6ZWW0D6oILfM8nLabrtQWPXNT%2Fh0UkTqL%2BRmJqxehQnzwMJtl1PhIYh2nz%2FzPoeEO4TlvqVK7THpLHpjPfjt0ov0EI4H8%2BouzX1TMM9NmtZdE8oF5wWuX2DpqMnq46IMqkG1ykDH7UJtLpPp%2FFhF4v3fr%2BjpfsvC05j8Wn4lMQjja%2Bl3", "https://vtbehaviour.commondatastorage.googleapis.com/0ea8d568d82a432b5fb9fef78cd4b428a6176c0e71d3b952ebb4fc44076e993e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779280491&Signature=t3HWu9nEeJQ36%2Bt8NQxezVipHjZZW6sfll5%2FkSqaSIlcGfyKfCvF5%2FTSM2G8zhAflbz39%2Fw3CGLAc%2BchEzfa%2FW3sBWeTs4xOCQMehLJf%2B4m0FhN4yzp0KUQttNfvUrmON9rQHLOR6L8T263JIfYcD2ZN8H5yjkmwoZwqwQR0f1Uvhs2XjMaVWeKn32%2BUKDJpg6%2FYsyfoOcbPny5AL9dv1Ue7JU0o8JVuJdYE%2BrUSwJXell6msA" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 124, "FileHash-SHA1": 12, "FileHash-SHA256": 246, "IPv4": 91, "email": 1, "URL": 88, "domain": 57, "hostname": 46 }, "indicator_count": 665, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63b580a925bb698985fa83ea", "name": "vendor.bundle.js", "description": "", "modified": "2023-02-03T13:00:02.804000", "created": "2023-01-04T13:35:37.535000", "tags": [ "vxstream", "trojan", "apt", "memoryfile scan", "error", "progresstype", "graytext", "typeof e", "highlight", "bg96gwp", "typeof", "window", "null", "date", "span", "path", "meta", "push", "unknown", "roboto", "scroll", "suspicious", "close", "light", "template", "abcd", "android", "trident", "backspace", "insert", "4096", "void", "legend", "iframe", "webview", "infinity", "ransomware", "malicious", "accept toggle", "voice", "upgrade" ], "references": [ "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d", "This website contains the details of an anti-virus scan conducted by the MetaDefender, which aims to identify and remove malware from websites, websites and social media sites, including Facebook, Twitter and YouTube.", "original dropped file discovery url", "http://lifehacker.com/assets/stylesheets/app-a873b056f0ea955e4ff0abebb210e5a6.css", "Making HTTPS connections using insecure TLS/SSL version details Connection was make using TLSv1.1 [tls.handshake.version: 0x00000302] source Network Traffic relevance 10/10 ATT&CK ID T1573 (Show technique in the MITRE ATT&CK\u2122 matrix)", "https://hybrid-analysis.com/sample/f90162e65235185a24e9f20d855371b8ad7462d50d7a57851d000cfd5116f76d/63aef1a83e3bb16765527bb8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 205, "URL": 1340, "FileHash-SHA256": 407, "hostname": 491, "FileHash-MD5": 8, "email": 1, "FileHash-SHA1": 1 }, "indicator_count": 2453, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1213 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "d.ch", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "d.ch", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780283433.8746545 }