{
  "type": "Domain",
  "indicator": "faganco.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/faganco.com",
    "alexa": "http://www.alexa.com/siteinfo/faganco.com",
    "indicator": "faganco.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 4205308003,
      "indicator": "faganco.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 18,
      "pulses": [
        {
          "id": "69de5661aa69bc26fcc67ca5",
          "name": "VirusTotal report\n                    for document.html",
          "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
          "modified": "2026-05-14T15:08:51.031000",
          "created": "2026-04-14T14:59:45.579000",
          "tags": [
            "thumbprint",
            "server",
            "domain status",
            "not available",
            "combell",
            "fri oct",
            "domain name",
            "mitre attack",
            "network info",
            "performs dns",
            "found",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "guest system",
            "next",
            "cauliflower",
            "ardo",
            "script",
            "green",
            "grey",
            "doctype html",
            "head",
            "ieedge",
            "meta",
            "noscript",
            "generator",
            "title",
            "fri jan",
            "value a",
            "cname",
            "file type",
            "unix",
            "dropped info",
            "linux verdict",
            "persistence",
            "malicious",
            "pe file",
            "pe32",
            "ms windows",
            "crlf line",
            "ascii text",
            "drops pe",
            "intel",
            "json",
            "info",
            "windows sandbox",
            "calls process",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus odigicert",
            "inc cndigicert",
            "global g3",
            "tls ecc"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1064",
              "name": "Scripting",
              "display_name": "T1064 - Scripting"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 581,
            "domain": 706,
            "hostname": 577,
            "URL": 386,
            "FileHash-SHA256": 1620,
            "FileHash-MD5": 537,
            "CVE": 6
          },
          "indicator_count": 4413,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "18 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69de565b32d80c2973c2fd77",
          "name": "VirusTotal report\n                    for document.html",
          "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
          "modified": "2026-05-14T15:08:51.031000",
          "created": "2026-04-14T14:59:39.743000",
          "tags": [
            "thumbprint",
            "server",
            "domain status",
            "not available",
            "combell",
            "fri oct",
            "domain name",
            "mitre attack",
            "network info",
            "performs dns",
            "found",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "guest system",
            "next",
            "cauliflower",
            "ardo",
            "script",
            "green",
            "grey",
            "doctype html",
            "head",
            "ieedge",
            "meta",
            "noscript",
            "generator",
            "title",
            "fri jan",
            "value a",
            "cname",
            "file type",
            "unix",
            "dropped info",
            "linux verdict",
            "persistence",
            "malicious",
            "pe file",
            "pe32",
            "ms windows",
            "crlf line",
            "ascii text",
            "drops pe",
            "intel",
            "json",
            "info",
            "windows sandbox",
            "calls process",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus odigicert",
            "inc cndigicert",
            "global g3",
            "tls ecc"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1064",
              "name": "Scripting",
              "display_name": "T1064 - Scripting"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 154,
            "domain": 367,
            "hostname": 474,
            "URL": 293,
            "FileHash-SHA256": 1010,
            "FileHash-MD5": 119,
            "CVE": 11
          },
          "indicator_count": 2428,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "18 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69de5661607a80dbfa9f35c8",
          "name": "VirusTotal report\n                    for document.html",
          "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
          "modified": "2026-05-14T14:21:14.439000",
          "created": "2026-04-14T14:59:45.223000",
          "tags": [
            "thumbprint",
            "server",
            "domain status",
            "not available",
            "combell",
            "fri oct",
            "domain name",
            "mitre attack",
            "network info",
            "performs dns",
            "found",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "guest system",
            "next",
            "cauliflower",
            "ardo",
            "script",
            "green",
            "grey",
            "doctype html",
            "head",
            "ieedge",
            "meta",
            "noscript",
            "generator",
            "title",
            "fri jan",
            "value a",
            "cname",
            "file type",
            "unix",
            "dropped info",
            "linux verdict",
            "persistence",
            "malicious",
            "pe file",
            "pe32",
            "ms windows",
            "crlf line",
            "ascii text",
            "drops pe",
            "intel",
            "json",
            "info",
            "windows sandbox",
            "calls process",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus odigicert",
            "inc cndigicert",
            "global g3",
            "tls ecc"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1064",
              "name": "Scripting",
              "display_name": "T1064 - Scripting"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 118,
            "domain": 360,
            "hostname": 462,
            "URL": 290,
            "FileHash-SHA256": 968,
            "FileHash-MD5": 83,
            "CVE": 3
          },
          "indicator_count": 2284,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "18 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69de5660177cfb2b911d0416",
          "name": "VirusTotal report\n                    for document.html",
          "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
          "modified": "2026-05-14T14:21:14.439000",
          "created": "2026-04-14T14:59:44.158000",
          "tags": [
            "thumbprint",
            "server",
            "domain status",
            "not available",
            "combell",
            "fri oct",
            "domain name",
            "mitre attack",
            "network info",
            "performs dns",
            "found",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "guest system",
            "next",
            "cauliflower",
            "ardo",
            "script",
            "green",
            "grey",
            "doctype html",
            "head",
            "ieedge",
            "meta",
            "noscript",
            "generator",
            "title",
            "fri jan",
            "value a",
            "cname",
            "file type",
            "unix",
            "dropped info",
            "linux verdict",
            "persistence",
            "malicious",
            "pe file",
            "pe32",
            "ms windows",
            "crlf line",
            "ascii text",
            "drops pe",
            "intel",
            "json",
            "info",
            "windows sandbox",
            "calls process",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "full name",
            "v3 serial",
            "number",
            "cus odigicert",
            "inc cndigicert",
            "global g3",
            "tls ecc"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
            "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
            "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1189",
              "name": "Drive-by Compromise",
              "display_name": "T1189 - Drive-by Compromise"
            },
            {
              "id": "T1064",
              "name": "Scripting",
              "display_name": "T1064 - Scripting"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA1": 118,
            "domain": 361,
            "hostname": 462,
            "URL": 291,
            "FileHash-SHA256": 968,
            "FileHash-MD5": 83,
            "CVE": 3
          },
          "indicator_count": 2286,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "18 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d44e822d2ff4468662199e",
          "name": "Habo Analysis System",
          "description": "The full text of the file: C:\\WINDOWS\\Microsoft.NET.IE5 (C1OS62)  \u00c2\u00a31.3m, or $2.4m.",
          "modified": "2026-05-07T00:00:42.275000",
          "created": "2026-04-07T00:23:30.608000",
          "tags": [
            "tickcount",
            "detail info",
            "behaviour",
            "milliseconds",
            "filename",
            "offset",
            "processid",
            "threadid",
            "startaddress",
            "parameter",
            "window",
            "class",
            "shell",
            "find",
            "open",
            "cname",
            "accept",
            "cape sandbox",
            "t1055",
            "ip address",
            "port",
            "gmt ifnonematch",
            "machine summary",
            "report time",
            "machine name",
            "shutdown",
            "back"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/8067742d1522de2b7ba28e4e74c4b744250fd330f1bb1a8cde417bef9cdafd37_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520837&Signature=Go%2Bka47KzKvakZea0EmagUuP0OWh9V218ewUgZ%2Faw6M7pocMFDFrIDav5VtR9Zio%2FnNGsl99DUwEN14cvVE7xFktf16MgpylRiss4YfSqpp0kXGWU%2BlRKNNAdSzfobegdD5OHqd3hM2tavGxphIP%2BmeX2wwu3XsT%2Bs5Ir3L0x5GzuVkt%2B%2FpARLvo51yBA6wyZOEi%2F6likFEEQ7uFPK%2BbBDFOnHrBEz4y90df8SLfru",
            "https://vtbehaviour.commondatastorage.googleapis.com/e70b290a30880da2be3d60f803d6ae189f8ab46eb3c4dc7f3e6ca177923fbb49_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520941&Signature=h5%2FgwYUpokbT4eHKeAWuE72UbZFEEYsd98oEaFn3qiPxhA3bX3NSlg0zxhcg2C07mStxSFaVptGw5amxMORIQGJ%2FSd7%2FkTZQErlFkVyqI1MyEbDguixd0wuguavTtw0sAESw9gnbksrcvHOaDyKeGXVk42RySgzx%2FN7%2BJ3y8TQdhu89TFSD2%2FMBV%2BYkqiBsjloK7sdemw5o%2BfDb9JssITk1r941iTxSgRRumYz%2F0EiLU"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 314,
            "FileHash-MD5": 2,
            "FileHash-SHA1": 2,
            "hostname": 114,
            "URL": 164,
            "domain": 66
          },
          "indicator_count": 662,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d44e7fab061e3364bdf1bf",
          "name": "Habo Analysis System",
          "description": "The full text of the file: C:\\WINDOWS\\Microsoft.NET.IE5 (C1OS62)  \u00c2\u00a31.3m, or $2.4m.",
          "modified": "2026-05-07T00:00:42.275000",
          "created": "2026-04-07T00:23:27.374000",
          "tags": [
            "tickcount",
            "detail info",
            "behaviour",
            "milliseconds",
            "filename",
            "offset",
            "processid",
            "threadid",
            "startaddress",
            "parameter",
            "window",
            "class",
            "shell",
            "find",
            "open",
            "cname",
            "accept",
            "cape sandbox",
            "t1055",
            "ip address",
            "port",
            "gmt ifnonematch",
            "machine summary",
            "report time",
            "machine name",
            "shutdown",
            "back"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/8067742d1522de2b7ba28e4e74c4b744250fd330f1bb1a8cde417bef9cdafd37_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520837&Signature=Go%2Bka47KzKvakZea0EmagUuP0OWh9V218ewUgZ%2Faw6M7pocMFDFrIDav5VtR9Zio%2FnNGsl99DUwEN14cvVE7xFktf16MgpylRiss4YfSqpp0kXGWU%2BlRKNNAdSzfobegdD5OHqd3hM2tavGxphIP%2BmeX2wwu3XsT%2Bs5Ir3L0x5GzuVkt%2B%2FpARLvo51yBA6wyZOEi%2F6likFEEQ7uFPK%2BbBDFOnHrBEz4y90df8SLfru",
            "https://vtbehaviour.commondatastorage.googleapis.com/e70b290a30880da2be3d60f803d6ae189f8ab46eb3c4dc7f3e6ca177923fbb49_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520941&Signature=h5%2FgwYUpokbT4eHKeAWuE72UbZFEEYsd98oEaFn3qiPxhA3bX3NSlg0zxhcg2C07mStxSFaVptGw5amxMORIQGJ%2FSd7%2FkTZQErlFkVyqI1MyEbDguixd0wuguavTtw0sAESw9gnbksrcvHOaDyKeGXVk42RySgzx%2FN7%2BJ3y8TQdhu89TFSD2%2FMBV%2BYkqiBsjloK7sdemw5o%2BfDb9JssITk1r941iTxSgRRumYz%2F0EiLU"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 314,
            "FileHash-MD5": 2,
            "FileHash-SHA1": 2,
            "hostname": 110,
            "URL": 154,
            "domain": 64
          },
          "indicator_count": 646,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d42f43588284de9e32e039",
          "name": "CAPE Sandbox",
          "description": "notepad.exe",
          "modified": "2026-05-06T22:12:40.990000",
          "created": "2026-04-06T22:10:11.642000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1,
            "FileHash-SHA1": 1,
            "FileHash-SHA256": 177,
            "URL": 46,
            "domain": 32,
            "hostname": 68
          },
          "indicator_count": 325,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d430953d8c82fba007bf6c",
          "name": "CAPE Sandbox - ARCPOINT is the ONLY one picking this up for 2 years",
          "description": "The full text of Google-Edge-Cache, which was sent to Google's servers in the US, has been published online by the firm's parent company, Alphabet, for the first time.",
          "modified": "2026-05-06T22:12:40.990000",
          "created": "2026-04-06T22:15:49.257000",
          "tags": [
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "googleedgecache",
            "sameorigin",
            "gmt age",
            "gmt etag"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 42,
            "FileHash-MD5": 1,
            "FileHash-SHA1": 1,
            "URL": 29,
            "domain": 28,
            "hostname": 50
          },
          "indicator_count": 151,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d4304b2847ab906d59ac4a",
          "name": "CAPE Sandbox - ARCPOINT is the ONLY one picking this up for 2 years",
          "description": "The full text of Google-Edge-Cache, which was sent to Google's servers in the US, has been published online by the firm's parent company, Alphabet, for the first time.",
          "modified": "2026-05-06T22:12:40.990000",
          "created": "2026-04-06T22:14:35.279000",
          "tags": [
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "googleedgecache",
            "sameorigin",
            "gmt age",
            "gmt etag"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 42,
            "FileHash-MD5": 1,
            "FileHash-SHA1": 1,
            "URL": 29,
            "domain": 28,
            "hostname": 50
          },
          "indicator_count": 151,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d42f4343a184708c96fdd8",
          "name": "CAPE Sandbox",
          "description": "notepad.exe",
          "modified": "2026-05-06T22:12:40.990000",
          "created": "2026-04-06T22:10:11.058000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1,
            "FileHash-SHA1": 1,
            "FileHash-SHA256": 177,
            "URL": 46,
            "domain": 32,
            "hostname": 68
          },
          "indicator_count": 325,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d42f42588284de9e32e038",
          "name": "CAPE Sandbox",
          "description": "notepad.exe",
          "modified": "2026-05-06T22:12:40.990000",
          "created": "2026-04-06T22:10:10.555000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1,
            "FileHash-SHA1": 1,
            "FileHash-SHA256": 177,
            "URL": 46,
            "domain": 32,
            "hostname": 68
          },
          "indicator_count": 325,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "25 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0f3013ab8f8fb20d6f6cc",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
          "modified": "2026-05-04T11:07:34.307000",
          "created": "2026-04-04T11:16:17.251000",
          "tags": [
            "log id",
            "gmtn",
            "digicert global",
            "g2 tls",
            "rsa sha256",
            "tls web",
            "full name",
            "digicert inc",
            "florida",
            "terrace",
            "path",
            "false",
            "linkedin",
            "scituate",
            "town",
            "location",
            "plymouth",
            "view erica",
            "souris",
            "erica souris",
            "souris al",
            "erica og",
            "iframe tags",
            "google tag",
            "manager",
            "status code",
            "body length",
            "kb body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 298,
            "FileHash-SHA256": 602,
            "SSLCertFingerprint": 2,
            "hostname": 278,
            "URL": 441,
            "domain": 106,
            "FileHash-SHA1": 29,
            "email": 1,
            "CVE": 1
          },
          "indicator_count": 1758,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "28 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0f2fff74afb88c843c8e2",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
          "modified": "2026-05-04T11:07:34.307000",
          "created": "2026-04-04T11:16:15.970000",
          "tags": [
            "log id",
            "gmtn",
            "digicert global",
            "g2 tls",
            "rsa sha256",
            "tls web",
            "full name",
            "digicert inc",
            "florida",
            "terrace",
            "path",
            "false",
            "linkedin",
            "scituate",
            "town",
            "location",
            "plymouth",
            "view erica",
            "souris",
            "erica souris",
            "souris al",
            "erica og",
            "iframe tags",
            "google tag",
            "manager",
            "status code",
            "body length",
            "kb body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 298,
            "FileHash-SHA256": 602,
            "SSLCertFingerprint": 2,
            "hostname": 278,
            "URL": 441,
            "domain": 106,
            "FileHash-SHA1": 29,
            "email": 1,
            "CVE": 1
          },
          "indicator_count": 1758,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "28 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c7693408df3effbc533a91",
          "name": "CAPE Sandbox",
          "description": "The Cuckoo.com website has been shut down for the second time, but it is not yet known when the service will be switched on or when it will go offline, so it can be seen by the public.",
          "modified": "2026-04-27T05:08:34.646000",
          "created": "2026-03-28T05:37:56.061000",
          "tags": [
            "nothing",
            "registry keys",
            "mutexes nothing",
            "data",
            "datacrashpad",
            "edge",
            "created",
            "parent pid",
            "full path",
            "command line"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/519df6f849283833625e6c64cd9f07019a26b55559012c38d5c0f4c0b1545c22_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774676434&Signature=l3D7oXgV1RWqk9C4xncB%2F8StBcHUq%2BZGmc9MdwV9SAerOE5gxHZ7W3DySw2hHQ56F3PEEU4oN8rxzpWV7eVNlWpblzzVgD39fehlj9jdjpn3NuyRTC4YXOY9Yh%2B8FszkCImyOePxmeQBuH4PAnpjTjD5rWuGivO7NPPuqt%2BbBgOBUfk1de9hCE0LwzLde8NNzneQVfBzpV%2BZMOEe%2FR6CYoJ2mXLdayqjKUj5uCaCds%2FpR2TT"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 68,
            "FileHash-SHA256": 92,
            "domain": 36,
            "URL": 56
          },
          "indicator_count": 252,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "35 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c76932827481a3313e54e4",
          "name": "CAPE Sandbox",
          "description": "The Cuckoo.com website has been shut down for the second time, but it is not yet known when the service will be switched on or when it will go offline, so it can be seen by the public.",
          "modified": "2026-04-27T05:08:34.646000",
          "created": "2026-03-28T05:37:54.911000",
          "tags": [
            "nothing",
            "registry keys",
            "mutexes nothing",
            "data",
            "datacrashpad",
            "edge",
            "created",
            "parent pid",
            "full path",
            "command line"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/519df6f849283833625e6c64cd9f07019a26b55559012c38d5c0f4c0b1545c22_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774676434&Signature=l3D7oXgV1RWqk9C4xncB%2F8StBcHUq%2BZGmc9MdwV9SAerOE5gxHZ7W3DySw2hHQ56F3PEEU4oN8rxzpWV7eVNlWpblzzVgD39fehlj9jdjpn3NuyRTC4YXOY9Yh%2B8FszkCImyOePxmeQBuH4PAnpjTjD5rWuGivO7NPPuqt%2BbBgOBUfk1de9hCE0LwzLde8NNzneQVfBzpV%2BZMOEe%2FR6CYoJ2mXLdayqjKUj5uCaCds%2FpR2TT"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 68,
            "FileHash-SHA256": 92,
            "domain": 36,
            "URL": 56
          },
          "indicator_count": 252,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "35 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69c350c0df870157cd9969de",
          "name": "Relations/Google - research intent",
          "description": "200 referring files\n200 passive DNS, \n185.236.106.200 triggered first\n6.9k subdomains\n1 mil com files-  (Cannot capture all of these)\n200 historical SSL\nmany confirmed windows exe in here.  #google #winexe #clearfake #rootkit #bootkit #oscompromise #trojan #cab #driveby #us #redirect #iframes #hollowroot",
          "modified": "2026-04-24T03:12:56.305000",
          "created": "2026-03-25T03:04:32.874000",
          "tags": [
            "vhash",
            "ssdeep",
            "file type",
            "html internet",
            "magic html",
            "ascii text",
            "trid file",
            "magika html",
            "file size",
            "sign",
            "submission",
            "community score",
            "reanalyze",
            "size",
            "analysis date",
            "join",
            "community",
            "api key",
            "thumbprint",
            "graph summary",
            "date",
            "google llc",
            "server",
            "registrar abuse",
            "ca creation",
            "dnssec",
            "domain name",
            "domain status",
            "us registrant",
            "email",
            "iana id",
            "contact phone",
            "registrar url",
            "registrar whois",
            "registrar",
            "expiration date",
            "registrar iana",
            "admin country",
            "tech country",
            "ca registrar",
            "sameorigin",
            "downlink rtt",
            "self"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 69,
            "FileHash-SHA1": 278,
            "FileHash-SHA256": 569,
            "hostname": 201,
            "URL": 161,
            "domain": 69,
            "email": 1,
            "CVE": 5
          },
          "indicator_count": 1353,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "38 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "69ce1c7b60a3065cc75b7e23",
          "name": "Chance Encounter Clone CREDIT: UCP_GoA23 Public - same watering hole?",
          "description": "",
          "modified": "2026-04-21T05:29:42.247000",
          "created": "2026-04-02T07:36:27.829000",
          "tags": [
            "raspberry pi",
            "hdmi",
            "hdmi mode",
            "uncomment",
            "additional",
            "usb mass",
            "pi02",
            "pi zero",
            "zero",
            "enable drm",
            "program",
            "license",
            "free software",
            "foundation",
            "general public",
            "gnu general",
            "public license",
            "the program",
            "copyright",
            "sections",
            "june",
            "general",
            "april",
            "vice",
            "drivers",
            "analog",
            "digital",
            "video",
            "bus support",
            "media",
            "accelerometers",
            "capacitance",
            "resolver",
            "android",
            "flash",
            "monitoring",
            "codec",
            "loop",
            "light",
            "linear",
            "tools",
            "class",
            "speakup",
            "core support",
            "legacy",
            "kernel",
            "this software",
            "including",
            "but not",
            "limited to",
            "ltd all",
            "redistributions",
            "disclaimer",
            "is provided",
            "damage",
            "info",
            "params",
            "gpio",
            "gpio pin",
            "select",
            "digital volume",
            "load",
            "gpios",
            "compute module",
            "spi bus",
            "front",
            "clock",
            "speed",
            "tiny",
            "kali",
            "oled",
            "systemd",
            "digi",
            "miso",
            "screen",
            "show",
            "global property",
            "bootmenu",
            "label",
            "booting",
            "please",
            "javascript",
            "entity",
            "file list",
            "size first",
            "credits text",
            "readme text",
            "no meaningful",
            "url list",
            "status https",
            "domain list",
            "enom",
            "registrar",
            "ltd dba",
            "com laude",
            "ip address",
            "ip adresses",
            "U of A",
            "GoA",
            "Treaty 6",
            "Treaty 7",
            "Treaty 8",
            "AHS"
          ],
          "references": [
            "cmdline.txt",
            "config.txt",
            "COPYING.linux",
            "config-5.15.44-Re4son-v7+",
            "config-5.15.44-Re4son-v7l+",
            "config-5.15.44-Re4son-v8l+",
            "config-5.15.44-Re4son+",
            "config-5.15.44-Re4son-v8+",
            "grub_background.sh",
            "LICENCE.broadcom",
            "README",
            "theme.txt",
            "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details",
            "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations",
            "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior",
            "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e",
            "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark",
            "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Canada"
          ],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1011",
              "name": "Exfiltration Over Other Network Medium",
              "display_name": "T1011 - Exfiltration Over Other Network Medium"
            },
            {
              "id": "T1050",
              "name": "New Service",
              "display_name": "T1050 - New Service"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1080",
              "name": "Taint Shared Content",
              "display_name": "T1080 - Taint Shared Content"
            },
            {
              "id": "T1211",
              "name": "Exploitation for Defense Evasion",
              "display_name": "T1211 - Exploitation for Defense Evasion"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            }
          ],
          "industries": [
            "Education",
            "Government",
            "Healthcare",
            "Telecommunications",
            "Agriculture",
            "Finance",
            "Transportation"
          ],
          "TLP": "white",
          "cloned_from": "698f07428f6e35876e034e41",
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 812,
            "URL": 2492,
            "hostname": 1171,
            "FileHash-SHA256": 2057,
            "CVE": 2,
            "FileHash-MD5": 14,
            "FileHash-SHA1": 16,
            "email": 2,
            "CIDR": 118
          },
          "indicator_count": 6684,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "41 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "698f07428f6e35876e034e41",
          "name": "Chance Encounter Commuting from U of A to GoA - 02.13.2026",
          "description": "My 1st Graph: Hidden Boots on my Phone ( Chance Encounter Commuting from U of A to GoA - 02.13.2026 ). \nConclusion: U of A and the Governments of Alberta, and those of Treaty 6/7/8 have been victims of crime.\nhttps://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark",
          "modified": "2026-03-15T10:19:15.579000",
          "created": "2026-02-13T11:13:03.870000",
          "tags": [
            "raspberry pi",
            "hdmi",
            "hdmi mode",
            "uncomment",
            "additional",
            "usb mass",
            "pi02",
            "pi zero",
            "zero",
            "enable drm",
            "program",
            "license",
            "free software",
            "foundation",
            "general public",
            "gnu general",
            "public license",
            "the program",
            "copyright",
            "sections",
            "june",
            "general",
            "april",
            "vice",
            "drivers",
            "analog",
            "digital",
            "video",
            "bus support",
            "media",
            "accelerometers",
            "capacitance",
            "resolver",
            "android",
            "flash",
            "monitoring",
            "codec",
            "loop",
            "light",
            "linear",
            "tools",
            "class",
            "speakup",
            "core support",
            "legacy",
            "kernel",
            "this software",
            "including",
            "but not",
            "limited to",
            "ltd all",
            "redistributions",
            "disclaimer",
            "is provided",
            "damage",
            "info",
            "params",
            "gpio",
            "gpio pin",
            "select",
            "digital volume",
            "load",
            "gpios",
            "compute module",
            "spi bus",
            "front",
            "clock",
            "speed",
            "tiny",
            "kali",
            "oled",
            "systemd",
            "digi",
            "miso",
            "screen",
            "show",
            "global property",
            "bootmenu",
            "label",
            "booting",
            "please",
            "javascript",
            "entity",
            "file list",
            "size first",
            "credits text",
            "readme text",
            "no meaningful",
            "url list",
            "status https",
            "domain list",
            "enom",
            "registrar",
            "ltd dba",
            "com laude",
            "ip address",
            "ip adresses",
            "U of A",
            "GoA",
            "Treaty 6",
            "Treaty 7",
            "Treaty 8",
            "AHS"
          ],
          "references": [
            "cmdline.txt",
            "config.txt",
            "COPYING.linux",
            "config-5.15.44-Re4son-v7+",
            "config-5.15.44-Re4son-v7l+",
            "config-5.15.44-Re4son-v8l+",
            "config-5.15.44-Re4son+",
            "config-5.15.44-Re4son-v8+",
            "grub_background.sh",
            "LICENCE.broadcom",
            "README",
            "theme.txt",
            "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details",
            "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations",
            "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior",
            "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e",
            "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark",
            "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Canada"
          ],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1011",
              "name": "Exfiltration Over Other Network Medium",
              "display_name": "T1011 - Exfiltration Over Other Network Medium"
            },
            {
              "id": "T1050",
              "name": "New Service",
              "display_name": "T1050 - New Service"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1080",
              "name": "Taint Shared Content",
              "display_name": "T1080 - Taint Shared Content"
            },
            {
              "id": "T1211",
              "name": "Exploitation for Defense Evasion",
              "display_name": "T1211 - Exploitation for Defense Evasion"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            }
          ],
          "industries": [
            "Education",
            "Government",
            "Healthcare",
            "Telecommunications",
            "Agriculture",
            "Finance",
            "Transportation"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "UCP_GoA23",
            "id": "382539",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 812,
            "URL": 2492,
            "hostname": 1171,
            "FileHash-SHA256": 2057,
            "CVE": 2,
            "FileHash-MD5": 14,
            "FileHash-SHA1": 16,
            "email": 2,
            "CIDR": 118
          },
          "indicator_count": 6684,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 20,
          "modified_text": "78 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "LICENCE.broadcom",
        "COPYING.linux",
        "config-5.15.44-Re4son-v8+",
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
        "config-5.15.44-Re4son-v7l+",
        "config.txt",
        "README",
        "config-5.15.44-Re4son-v7+",
        "config-5.15.44-Re4son+",
        "https://vtbehaviour.commondatastorage.googleapis.com/8067742d1522de2b7ba28e4e74c4b744250fd330f1bb1a8cde417bef9cdafd37_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520837&Signature=Go%2Bka47KzKvakZea0EmagUuP0OWh9V218ewUgZ%2Faw6M7pocMFDFrIDav5VtR9Zio%2FnNGsl99DUwEN14cvVE7xFktf16MgpylRiss4YfSqpp0kXGWU%2BlRKNNAdSzfobegdD5OHqd3hM2tavGxphIP%2BmeX2wwu3XsT%2Bs5Ir3L0x5GzuVkt%2B%2FpARLvo51yBA6wyZOEi%2F6likFEEQ7uFPK%2BbBDFOnHrBEz4y90df8SLfru",
        "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e/iocs",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3",
        "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/relations",
        "https://www.virustotal.com/graph/embed/g24019548c37d405da58015e7220072ab73c17ac93ac14e538e1f4535dda6c615?theme=dark",
        "config-5.15.44-Re4son-v8l+",
        "https://vtbehaviour.commondatastorage.googleapis.com/e70b290a30880da2be3d60f803d6ae189f8ab46eb3c4dc7f3e6ca177923fbb49_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520941&Signature=h5%2FgwYUpokbT4eHKeAWuE72UbZFEEYsd98oEaFn3qiPxhA3bX3NSlg0zxhcg2C07mStxSFaVptGw5amxMORIQGJ%2FSd7%2FkTZQErlFkVyqI1MyEbDguixd0wuguavTtw0sAESw9gnbksrcvHOaDyKeGXVk42RySgzx%2FN7%2BJ3y8TQdhu89TFSD2%2FMBV%2BYkqiBsjloK7sdemw5o%2BfDb9JssITk1r941iTxSgRRumYz%2F0EiLU",
        "theme.txt",
        "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/details",
        "cmdline.txt",
        "https://vtbehaviour.commondatastorage.googleapis.com/519df6f849283833625e6c64cd9f07019a26b55559012c38d5c0f4c0b1545c22_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774676434&Signature=l3D7oXgV1RWqk9C4xncB%2F8StBcHUq%2BZGmc9MdwV9SAerOE5gxHZ7W3DySw2hHQ56F3PEEU4oN8rxzpWV7eVNlWpblzzVgD39fehlj9jdjpn3NuyRTC4YXOY9Yh%2B8FszkCImyOePxmeQBuH4PAnpjTjD5rWuGivO7NPPuqt%2BbBgOBUfk1de9hCE0LwzLde8NNzneQVfBzpV%2BZMOEe%2FR6CYoJ2mXLdayqjKUj5uCaCds%2FpR2TT",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
        "grub_background.sh",
        "https://www.virustotal.com/gui/file/4b2f7e790d88a330808e6b2a81c8ea81268f69eb6c10ad4beccf2063158d0423/behavior",
        "https://www.virustotal.com/gui/collection/cd709a94571c706f4c86a2432508b5fa9e3618a4ba42f5773306208a431ae01e"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [
            "Healthcare",
            "Finance",
            "Agriculture",
            "Transportation",
            "Telecommunications",
            "Government",
            "Education"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 18,
  "pulses": [
    {
      "id": "69de5661aa69bc26fcc67ca5",
      "name": "VirusTotal report\n                    for document.html",
      "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
      "modified": "2026-05-14T15:08:51.031000",
      "created": "2026-04-14T14:59:45.579000",
      "tags": [
        "thumbprint",
        "server",
        "domain status",
        "not available",
        "combell",
        "fri oct",
        "domain name",
        "mitre attack",
        "network info",
        "performs dns",
        "found",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "guest system",
        "next",
        "cauliflower",
        "ardo",
        "script",
        "green",
        "grey",
        "doctype html",
        "head",
        "ieedge",
        "meta",
        "noscript",
        "generator",
        "title",
        "fri jan",
        "value a",
        "cname",
        "file type",
        "unix",
        "dropped info",
        "linux verdict",
        "persistence",
        "malicious",
        "pe file",
        "pe32",
        "ms windows",
        "crlf line",
        "ascii text",
        "drops pe",
        "intel",
        "json",
        "info",
        "windows sandbox",
        "calls process",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus odigicert",
        "inc cndigicert",
        "global g3",
        "tls ecc"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1189",
          "name": "Drive-by Compromise",
          "display_name": "T1189 - Drive-by Compromise"
        },
        {
          "id": "T1064",
          "name": "Scripting",
          "display_name": "T1064 - Scripting"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 581,
        "domain": 706,
        "hostname": 577,
        "URL": 386,
        "FileHash-SHA256": 1620,
        "FileHash-MD5": 537,
        "CVE": 6
      },
      "indicator_count": 4413,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "18 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69de565b32d80c2973c2fd77",
      "name": "VirusTotal report\n                    for document.html",
      "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
      "modified": "2026-05-14T15:08:51.031000",
      "created": "2026-04-14T14:59:39.743000",
      "tags": [
        "thumbprint",
        "server",
        "domain status",
        "not available",
        "combell",
        "fri oct",
        "domain name",
        "mitre attack",
        "network info",
        "performs dns",
        "found",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "guest system",
        "next",
        "cauliflower",
        "ardo",
        "script",
        "green",
        "grey",
        "doctype html",
        "head",
        "ieedge",
        "meta",
        "noscript",
        "generator",
        "title",
        "fri jan",
        "value a",
        "cname",
        "file type",
        "unix",
        "dropped info",
        "linux verdict",
        "persistence",
        "malicious",
        "pe file",
        "pe32",
        "ms windows",
        "crlf line",
        "ascii text",
        "drops pe",
        "intel",
        "json",
        "info",
        "windows sandbox",
        "calls process",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus odigicert",
        "inc cndigicert",
        "global g3",
        "tls ecc"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1189",
          "name": "Drive-by Compromise",
          "display_name": "T1189 - Drive-by Compromise"
        },
        {
          "id": "T1064",
          "name": "Scripting",
          "display_name": "T1064 - Scripting"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 154,
        "domain": 367,
        "hostname": 474,
        "URL": 293,
        "FileHash-SHA256": 1010,
        "FileHash-MD5": 119,
        "CVE": 11
      },
      "indicator_count": 2428,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "18 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69de5661607a80dbfa9f35c8",
      "name": "VirusTotal report\n                    for document.html",
      "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
      "modified": "2026-05-14T14:21:14.439000",
      "created": "2026-04-14T14:59:45.223000",
      "tags": [
        "thumbprint",
        "server",
        "domain status",
        "not available",
        "combell",
        "fri oct",
        "domain name",
        "mitre attack",
        "network info",
        "performs dns",
        "found",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "guest system",
        "next",
        "cauliflower",
        "ardo",
        "script",
        "green",
        "grey",
        "doctype html",
        "head",
        "ieedge",
        "meta",
        "noscript",
        "generator",
        "title",
        "fri jan",
        "value a",
        "cname",
        "file type",
        "unix",
        "dropped info",
        "linux verdict",
        "persistence",
        "malicious",
        "pe file",
        "pe32",
        "ms windows",
        "crlf line",
        "ascii text",
        "drops pe",
        "intel",
        "json",
        "info",
        "windows sandbox",
        "calls process",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus odigicert",
        "inc cndigicert",
        "global g3",
        "tls ecc"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1189",
          "name": "Drive-by Compromise",
          "display_name": "T1189 - Drive-by Compromise"
        },
        {
          "id": "T1064",
          "name": "Scripting",
          "display_name": "T1064 - Scripting"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 118,
        "domain": 360,
        "hostname": 462,
        "URL": 290,
        "FileHash-SHA256": 968,
        "FileHash-MD5": 83,
        "CVE": 3
      },
      "indicator_count": 2284,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "18 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69de5660177cfb2b911d0416",
      "name": "VirusTotal report\n                    for document.html",
      "description": "The full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, will be published on 23 June.. and will appear on BBC One.",
      "modified": "2026-05-14T14:21:14.439000",
      "created": "2026-04-14T14:59:44.158000",
      "tags": [
        "thumbprint",
        "server",
        "domain status",
        "not available",
        "combell",
        "fri oct",
        "domain name",
        "mitre attack",
        "network info",
        "performs dns",
        "found",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "guest system",
        "next",
        "cauliflower",
        "ardo",
        "script",
        "green",
        "grey",
        "doctype html",
        "head",
        "ieedge",
        "meta",
        "noscript",
        "generator",
        "title",
        "fri jan",
        "value a",
        "cname",
        "file type",
        "unix",
        "dropped info",
        "linux verdict",
        "persistence",
        "malicious",
        "pe file",
        "pe32",
        "ms windows",
        "crlf line",
        "ascii text",
        "drops pe",
        "intel",
        "json",
        "info",
        "windows sandbox",
        "calls process",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "full name",
        "v3 serial",
        "number",
        "cus odigicert",
        "inc cndigicert",
        "global g3",
        "tls ecc"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177598&Signature=3OaXWi9Bxykp1wiOQNdwBhSVh8X4mMPRcbHBESETUx1dPXdeEb1wMVgkjjvnvvnZ14XzPuL4vMeT%2BM6%2B8cU0CciC2%2B%2BGT%2Fb9mRX1cN%2FXaafCIMjd8vWaqZtK1dawDuh8iKwPBAcYgi6vCnMgp28hPTUgniT1p0WNyIRU3CJvLwPSEU28quYE2LfQp6%2FL8YplQb8mVS%2FgoyB71aRRbadnyiAysuNsHN1pdEaY402DuI5QYpc9B1odu5",
        "https://vtbehaviour.commondatastorage.googleapis.com/c171805ee886339a1f5ee75f7ebfbb030d316f6ada7dd2dc6c795c0de6000a34_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776177637&Signature=BUiivmwCPsrCikfAjB28LBQHMVx%2FgTbehNpsMuz2VuoKMd%2FiRN1rhKYa8lS%2BTYZ1RNXXVqAR3ISVvI%2FmBIiPXTCg267f4DupHMvxLnZmQ7N0KqABTuh43x9kfuureCni9NLunQFSSWJwdt0KNQS3%2F57kVbeEOIzP7%2BcwyvyzuUpwFQR0d5Z6FniQUM0OXkWdAQwOXY3K%2FZlOIpXUtbyYLoXFI2SxAVG0cSF%2F5LRfI%2BqV",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178045&Signature=hfNfMWMWKlkR0dmNZ4tTVvmgM0aQ3daOKDfK8yNihejr3kujfb37wAq3LmH7qtp%2BoiIbsDP06zGcG8dlexlRIuv37dwHofiSildpsN54e2zZ%2F%2Fn25cvnS2OqCOrlkZKLS4HfUQG4uDxTT6nCFFjtk1d88D7GRghUOiDYdLgbVfBW5DFTJ5bmDWA%2F%2FQn7%2BGjfOnnJonkxYfKJ0NAUYmESIbbNs2z4ZohntfXj28HJ8ofBVh09Vk",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178084&Signature=l9VaaMtAu36gwPzacEQuEKIUtylRuocPeqapPjRJQlHLBAGzVaxtTG4tKKub3yjMoWmZ2pKMlpvNWm3hp0Fnvoj9c1RoQqis7Bza5ZkPbTWPic23pN64nADTtHu%2FpwsHeBc5e7ODzJiPCloc2E7y8Fc0OyaCv%2BRvL9Cp746CDgls39HfPWI4ukTSy5F2TsRUo36dz76PT%2FubK3HFHzUNnsFLj%2BZ8iif%2BgE9FpwabJT5WlgvUiqpqna6tcVHl",
        "https://vtbehaviour.commondatastorage.googleapis.com/b5cbc5fb20fb38eeec1be1b9befddfb1fb4e74ebd6393c5a284600b4fd8edd72_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776178098&Signature=uIxrV8sFHqQAjkRjYKVDQ1S%2FeWLsS9K%2F9PqMGOdk9nETeHOFarhSPqnYVH3z5vORlVnlvKrk10heyaF9Ks%2BfMnudJoqDG6UjXULyT5HbpHKXvdQItgfeAH6ZSHI%2FRRvWIw%2BEJoYnPVIn3gczV1o5LnA5flIbFyXVb%2BwulQMPJnSdhvsQx7PFkAY%2Bukjs4CYlC%2FrL3k8ouSPhJezZgJX3oMBL%2Bgxl15NF20wkj3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1189",
          "name": "Drive-by Compromise",
          "display_name": "T1189 - Drive-by Compromise"
        },
        {
          "id": "T1064",
          "name": "Scripting",
          "display_name": "T1064 - Scripting"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA1": 118,
        "domain": 361,
        "hostname": 462,
        "URL": 291,
        "FileHash-SHA256": 968,
        "FileHash-MD5": 83,
        "CVE": 3
      },
      "indicator_count": 2286,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "18 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d44e822d2ff4468662199e",
      "name": "Habo Analysis System",
      "description": "The full text of the file: C:\\WINDOWS\\Microsoft.NET.IE5 (C1OS62)  \u00c2\u00a31.3m, or $2.4m.",
      "modified": "2026-05-07T00:00:42.275000",
      "created": "2026-04-07T00:23:30.608000",
      "tags": [
        "tickcount",
        "detail info",
        "behaviour",
        "milliseconds",
        "filename",
        "offset",
        "processid",
        "threadid",
        "startaddress",
        "parameter",
        "window",
        "class",
        "shell",
        "find",
        "open",
        "cname",
        "accept",
        "cape sandbox",
        "t1055",
        "ip address",
        "port",
        "gmt ifnonematch",
        "machine summary",
        "report time",
        "machine name",
        "shutdown",
        "back"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/8067742d1522de2b7ba28e4e74c4b744250fd330f1bb1a8cde417bef9cdafd37_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520837&Signature=Go%2Bka47KzKvakZea0EmagUuP0OWh9V218ewUgZ%2Faw6M7pocMFDFrIDav5VtR9Zio%2FnNGsl99DUwEN14cvVE7xFktf16MgpylRiss4YfSqpp0kXGWU%2BlRKNNAdSzfobegdD5OHqd3hM2tavGxphIP%2BmeX2wwu3XsT%2Bs5Ir3L0x5GzuVkt%2B%2FpARLvo51yBA6wyZOEi%2F6likFEEQ7uFPK%2BbBDFOnHrBEz4y90df8SLfru",
        "https://vtbehaviour.commondatastorage.googleapis.com/e70b290a30880da2be3d60f803d6ae189f8ab46eb3c4dc7f3e6ca177923fbb49_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520941&Signature=h5%2FgwYUpokbT4eHKeAWuE72UbZFEEYsd98oEaFn3qiPxhA3bX3NSlg0zxhcg2C07mStxSFaVptGw5amxMORIQGJ%2FSd7%2FkTZQErlFkVyqI1MyEbDguixd0wuguavTtw0sAESw9gnbksrcvHOaDyKeGXVk42RySgzx%2FN7%2BJ3y8TQdhu89TFSD2%2FMBV%2BYkqiBsjloK7sdemw5o%2BfDb9JssITk1r941iTxSgRRumYz%2F0EiLU"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 314,
        "FileHash-MD5": 2,
        "FileHash-SHA1": 2,
        "hostname": 114,
        "URL": 164,
        "domain": 66
      },
      "indicator_count": 662,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "25 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d44e7fab061e3364bdf1bf",
      "name": "Habo Analysis System",
      "description": "The full text of the file: C:\\WINDOWS\\Microsoft.NET.IE5 (C1OS62)  \u00c2\u00a31.3m, or $2.4m.",
      "modified": "2026-05-07T00:00:42.275000",
      "created": "2026-04-07T00:23:27.374000",
      "tags": [
        "tickcount",
        "detail info",
        "behaviour",
        "milliseconds",
        "filename",
        "offset",
        "processid",
        "threadid",
        "startaddress",
        "parameter",
        "window",
        "class",
        "shell",
        "find",
        "open",
        "cname",
        "accept",
        "cape sandbox",
        "t1055",
        "ip address",
        "port",
        "gmt ifnonematch",
        "machine summary",
        "report time",
        "machine name",
        "shutdown",
        "back"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/8067742d1522de2b7ba28e4e74c4b744250fd330f1bb1a8cde417bef9cdafd37_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520837&Signature=Go%2Bka47KzKvakZea0EmagUuP0OWh9V218ewUgZ%2Faw6M7pocMFDFrIDav5VtR9Zio%2FnNGsl99DUwEN14cvVE7xFktf16MgpylRiss4YfSqpp0kXGWU%2BlRKNNAdSzfobegdD5OHqd3hM2tavGxphIP%2BmeX2wwu3XsT%2Bs5Ir3L0x5GzuVkt%2B%2FpARLvo51yBA6wyZOEi%2F6likFEEQ7uFPK%2BbBDFOnHrBEz4y90df8SLfru",
        "https://vtbehaviour.commondatastorage.googleapis.com/e70b290a30880da2be3d60f803d6ae189f8ab46eb3c4dc7f3e6ca177923fbb49_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775520941&Signature=h5%2FgwYUpokbT4eHKeAWuE72UbZFEEYsd98oEaFn3qiPxhA3bX3NSlg0zxhcg2C07mStxSFaVptGw5amxMORIQGJ%2FSd7%2FkTZQErlFkVyqI1MyEbDguixd0wuguavTtw0sAESw9gnbksrcvHOaDyKeGXVk42RySgzx%2FN7%2BJ3y8TQdhu89TFSD2%2FMBV%2BYkqiBsjloK7sdemw5o%2BfDb9JssITk1r941iTxSgRRumYz%2F0EiLU"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 314,
        "FileHash-MD5": 2,
        "FileHash-SHA1": 2,
        "hostname": 110,
        "URL": 154,
        "domain": 64
      },
      "indicator_count": 646,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "25 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d42f43588284de9e32e039",
      "name": "CAPE Sandbox",
      "description": "notepad.exe",
      "modified": "2026-05-06T22:12:40.990000",
      "created": "2026-04-06T22:10:11.642000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1,
        "FileHash-SHA1": 1,
        "FileHash-SHA256": 177,
        "URL": 46,
        "domain": 32,
        "hostname": 68
      },
      "indicator_count": 325,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "25 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d430953d8c82fba007bf6c",
      "name": "CAPE Sandbox - ARCPOINT is the ONLY one picking this up for 2 years",
      "description": "The full text of Google-Edge-Cache, which was sent to Google's servers in the US, has been published online by the firm's parent company, Alphabet, for the first time.",
      "modified": "2026-05-06T22:12:40.990000",
      "created": "2026-04-06T22:15:49.257000",
      "tags": [
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "googleedgecache",
        "sameorigin",
        "gmt age",
        "gmt etag"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 42,
        "FileHash-MD5": 1,
        "FileHash-SHA1": 1,
        "URL": 29,
        "domain": 28,
        "hostname": 50
      },
      "indicator_count": 151,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "25 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d4304b2847ab906d59ac4a",
      "name": "CAPE Sandbox - ARCPOINT is the ONLY one picking this up for 2 years",
      "description": "The full text of Google-Edge-Cache, which was sent to Google's servers in the US, has been published online by the firm's parent company, Alphabet, for the first time.",
      "modified": "2026-05-06T22:12:40.990000",
      "created": "2026-04-06T22:14:35.279000",
      "tags": [
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "googleedgecache",
        "sameorigin",
        "gmt age",
        "gmt etag"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 42,
        "FileHash-MD5": 1,
        "FileHash-SHA1": 1,
        "URL": 29,
        "domain": 28,
        "hostname": 50
      },
      "indicator_count": 151,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "25 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d42f4343a184708c96fdd8",
      "name": "CAPE Sandbox",
      "description": "notepad.exe",
      "modified": "2026-05-06T22:12:40.990000",
      "created": "2026-04-06T22:10:11.058000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1,
        "FileHash-SHA1": 1,
        "FileHash-SHA256": 177,
        "URL": 46,
        "domain": 32,
        "hostname": 68
      },
      "indicator_count": 325,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "25 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "faganco.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "faganco.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780342297.3722234
}