{ "type": "Domain", "indicator": "geomax-positioning.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/geomax-positioning.com", "alexa": "http://www.alexa.com/siteinfo/geomax-positioning.com", "indicator": "geomax-positioning.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4294799553, "indicator": "geomax-positioning.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 22, "pulses": [ { "id": "6a0050a3b1d71cc50840286e", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-29T19:06:32.951000", "created": "2026-05-10T09:32:19.100000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 669, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 131, "IPv4": 285, "URL": 346, "domain": 286, "hostname": 274, "CIDR": 2, "email": 2 }, "indicator_count": 2119, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1e3701bff1800614838dc", "name": "wireshark", "description": "", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T07:38:24.668000", "tags": [ "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 707, "FileHash-MD5": 281, "FileHash-SHA1": 271, "URL": 123, "domain": 69, "hostname": 608, "email": 1 }, "indicator_count": 2060, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f52e424e1151ddd9c696", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:06.864000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 714, "FileHash-MD5": 128, "FileHash-SHA1": 152, "URL": 692, "hostname": 456, "domain": 121, "email": 2, "YARA": 5 }, "indicator_count": 2270, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f53e6b3e17deca1277b7", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:22.034000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 686, "FileHash-MD5": 96, "FileHash-SHA1": 136, "URL": 562, "hostname": 313, "domain": 105, "email": 2, "YARA": 1 }, "indicator_count": 1901, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f540aa36f336eb92ff53", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:24.517000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 860, "FileHash-MD5": 180, "FileHash-SHA1": 224, "URL": 639, "hostname": 362, "domain": 107, "email": 2 }, "indicator_count": 2374, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f540bec93625fc7c7466", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:24.226000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 686, "FileHash-MD5": 96, "FileHash-SHA1": 136, "URL": 561, "hostname": 316, "domain": 105, "email": 2 }, "indicator_count": 1902, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05ac967057c13623229fa4", "name": "Eternal Romance. InfinityRedRatLokiMeteorDownDropRemPetDCometRevenBRabbit[Ilu/txt> vbs]CAPE Sandbox", "description": "[A report on the discovery of a malicious script on a server at the University of California, Los Angeles, has been published by GRAMMERSoft Group, a security firm based in the Philippines.] s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader JavaDropper Remcos Petya DarkComet RevengeRAT BadRabbit Iloveyou[txt]vbs.\nMalware like this is almost never unintentional.", "modified": "2026-05-15T10:49:24.586000", "created": "2026-05-14T11:05:58.600000", "tags": [ "vbcrlf", "error resume", "next dim", "page", "loveletter", "script", "createobject", "html", "meta", "name", "title", "body", "iloveyou", "generator", "philippines", "loop", "extra info", "next", "vbs script", "program", "attack network", "info processes", "zenbox verdict", "guest system", "ultimate file", "info file", "defense evasion", "windows sandbox", "calls clear", "next ur", "file type", "ascii text", "crlf line", "ms windows", "pe32", "drops pe", "intel", "yara", "sigma", "njrat", "malicious", "darkcomet", "code", "delphi", "dbatloader", "loader", "fraud", "notpetya", "killmbr", "trojanransom", "ransomware", "initial access", "settings", "default", "parent pid", "full path", "command line", "mwdb", "bazaar", "sha3384", "ssdeep", "format", "shell", "payload", "kevin", "accept", "revengerat", "shutdown", "aspack", "vmprotect", "meteorite", "petya", "infinitylock", "redline", "remcos", "javadropper", "lokibot", "guard", "mono", "eternalromance", "exploit", "badrabbit", "s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader Java" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778755991&Signature=xjEd%2BfezTG%2Bhf9CMiLVkvgMjqq3uWY0btw2QhhcAqvYLh%2BdAJB5d1xHA9O3DAxXep3iyDgqVU01VvCAb%2BKefQNSVhuEaACn6Vg0Hh1CHnNc3GMCXSMdTRZFYYSzniYpYsmeZX%2F0ez%2Fvlig7VA40maOBDvb%2B3HADaVl1jboeClkaL2NCfDYCQYRK2vZ5yX7ggUG%2FM2b0scFtssuydGnlFONW5Ebr6b3RuXJRvMFO9SQ%2BJ", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756062&Signature=1qwcsdiF0JPfNYSk7RDQXO4pZXvL%2Fj1JyEUevcp%2B6HlCDqJ6UKeuGEjU%2FtfcS8Y2I%2B%2FIkWQ7I%2FrKwePXyPYnyKs%2F5BGxqLLSdyj6hlP6mspza3lBQCmI8D%2B%2F%2BIcbUB4s1UZP6cZ3bieHVI%2BUt7YDDau3vsnsQBE3cIa48fIcZYKmsJp7P%2FETHpk%2FGfCZlLU4fOjXvbexeI%2Fjw%2FLOBcq3zipo%2BwQyGxHTmnK%2F", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756107&Signature=qcKaJdEe1%2F0Ewg9HU1LOWWYUSa1AX6o24coccdj5tLucnjjA7oPNFtU1%2FnPf1MngS%2B8Re5bUyuY%2FpE%2FwiXxMY9hSNotJ6H1BkH1IoOGDT8ucHEnRnac1I9XLmxmVOBdHXBoIYAF6cQu1wHM6n7kGPEnerHpqMASVuGIVJqeq9p3f7K8RNeiAlAzFQHPWjKuVRpePEo0aeNddEvVPmacL3C3Jjat%2B8lUZN4JAbvRXfPBU", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756213&Signature=nT2GPVh7JliXkCSmMglFnpxTqzjwGedv4d2km9l3nSbMaMVXff1erDdvDEzPK%2BiZmnXCBqjGhLu0pehbVPaA%2FuFCZI%2FNWrrMXl07NM2A8A0aQwuI5lwt6CpefiJaPgbeNJ%2FYSGyoPLGwLQTA1Upga8%2F1GeMvooHMu1noElIuYrvsfuC3bzCdwW7rC2t4C9bKa0%2FBKK%2BQHVrZA2NIAsBNIRplsBOqZybAuDBKBxb8Liqs580KbDsCQU4%", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756397&Signature=GrgrzQyGr0qFGDnfG3rlbCv4hrrrTPOM0ZaqFW%2FWxF%2BZW62aUsSeXENHRday%2B2le7YUbRKI20ywbl8yvmeRJ1iO5haWVNYFoq7Gt1zljmR%2F5ZveJp80cYWagPzIcSu2W0NzvR8T49UkZukCRr2yTn4Y77ivK4HZ%2FyE3ZL9Au3TqjZg0PaQSZhsub%2BtP7IMgeCTGCevf0UvRrEE6aka8%2FNMFwhtH5Pi7CX8SD%2F4Q%2Bd34I" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 36, "FileHash-MD5": 245, "FileHash-SHA1": 109, "FileHash-SHA256": 224, "URL": 269, "domain": 51, "email": 3, "hostname": 189, "Mutex": 4 }, "indicator_count": 1130, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05ac72028bf99f635f0ded", "name": "Eternal Romance. InfinityRedRatLokiMeteorDownDropRemPetDCometRevenBRabbit[Ilu/txt> vbs]CAPE Sandbox", "description": "[A report on the discovery of a malicious script on a server at the University of California, Los Angeles, has been published by GRAMMERSoft Group, a security firm based in the Philippines.] s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader JavaDropper Remcos Petya DarkComet RevengeRAT BadRabbit Iloveyou[txt]vbs.\nMalware like this is almost never unintentional.", "modified": "2026-05-14T11:05:22.932000", "created": "2026-05-14T11:05:22.932000", "tags": [ "vbcrlf", "error resume", "next dim", "page", "loveletter", "script", "createobject", "html", "meta", "name", "title", "body", "iloveyou", "generator", "philippines", "loop", "extra info", "next", "vbs script", "program", "attack network", "info processes", "zenbox verdict", "guest system", "ultimate file", "info file", "defense evasion", "windows sandbox", "calls clear", "next ur", "file type", "ascii text", "crlf line", "ms windows", "pe32", "drops pe", "intel", "yara", "sigma", "njrat", "malicious", "darkcomet", "code", "delphi", "dbatloader", "loader", "fraud", "notpetya", "killmbr", "trojanransom", "ransomware", "initial access", "settings", "default", "parent pid", "full path", "command line", "mwdb", "bazaar", "sha3384", "ssdeep", "format", "shell", "payload", "kevin", "accept", "revengerat", "shutdown", "aspack", "vmprotect", "meteorite", "petya", "infinitylock", "redline", "remcos", "javadropper", "lokibot", "guard", "mono", "eternalromance", "exploit", "badrabbit", "s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader Java" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778755991&Signature=xjEd%2BfezTG%2Bhf9CMiLVkvgMjqq3uWY0btw2QhhcAqvYLh%2BdAJB5d1xHA9O3DAxXep3iyDgqVU01VvCAb%2BKefQNSVhuEaACn6Vg0Hh1CHnNc3GMCXSMdTRZFYYSzniYpYsmeZX%2F0ez%2Fvlig7VA40maOBDvb%2B3HADaVl1jboeClkaL2NCfDYCQYRK2vZ5yX7ggUG%2FM2b0scFtssuydGnlFONW5Ebr6b3RuXJRvMFO9SQ%2BJ", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756062&Signature=1qwcsdiF0JPfNYSk7RDQXO4pZXvL%2Fj1JyEUevcp%2B6HlCDqJ6UKeuGEjU%2FtfcS8Y2I%2B%2FIkWQ7I%2FrKwePXyPYnyKs%2F5BGxqLLSdyj6hlP6mspza3lBQCmI8D%2B%2F%2BIcbUB4s1UZP6cZ3bieHVI%2BUt7YDDau3vsnsQBE3cIa48fIcZYKmsJp7P%2FETHpk%2FGfCZlLU4fOjXvbexeI%2Fjw%2FLOBcq3zipo%2BwQyGxHTmnK%2F", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756107&Signature=qcKaJdEe1%2F0Ewg9HU1LOWWYUSa1AX6o24coccdj5tLucnjjA7oPNFtU1%2FnPf1MngS%2B8Re5bUyuY%2FpE%2FwiXxMY9hSNotJ6H1BkH1IoOGDT8ucHEnRnac1I9XLmxmVOBdHXBoIYAF6cQu1wHM6n7kGPEnerHpqMASVuGIVJqeq9p3f7K8RNeiAlAzFQHPWjKuVRpePEo0aeNddEvVPmacL3C3Jjat%2B8lUZN4JAbvRXfPBU", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756213&Signature=nT2GPVh7JliXkCSmMglFnpxTqzjwGedv4d2km9l3nSbMaMVXff1erDdvDEzPK%2BiZmnXCBqjGhLu0pehbVPaA%2FuFCZI%2FNWrrMXl07NM2A8A0aQwuI5lwt6CpefiJaPgbeNJ%2FYSGyoPLGwLQTA1Upga8%2F1GeMvooHMu1noElIuYrvsfuC3bzCdwW7rC2t4C9bKa0%2FBKK%2BQHVrZA2NIAsBNIRplsBOqZybAuDBKBxb8Liqs580KbDsCQU4%", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756397&Signature=GrgrzQyGr0qFGDnfG3rlbCv4hrrrTPOM0ZaqFW%2FWxF%2BZW62aUsSeXENHRday%2B2le7YUbRKI20ywbl8yvmeRJ1iO5haWVNYFoq7Gt1zljmR%2F5ZveJp80cYWagPzIcSu2W0NzvR8T49UkZukCRr2yTn4Y77ivK4HZ%2FyE3ZL9Au3TqjZg0PaQSZhsub%2BtP7IMgeCTGCevf0UvRrEE6aka8%2FNMFwhtH5Pi7CX8SD%2F4Q%2Bd34I" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 36, "FileHash-MD5": 244, "FileHash-SHA1": 108, "FileHash-SHA256": 223, "URL": 269, "domain": 51, "email": 3, "hostname": 189 }, "indicator_count": 1123, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05ac2c27730f972e8d9474", "name": "Eternal Romance. InfinityRedRatLokiMeteorDownDropRemPetDCometRevenBRabbit[Ilu/txt> vbs]CAPE Sandbox", "description": "[A report on the discovery of a malicious script on a server at the University of California, Los Angeles, has been published by GRAMMERSoft Group, a security firm based in the Philippines.] s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader JavaDropper Remcos Petya DarkComet RevengeRAT BadRabbit Iloveyou[txt]vbs.\nMalware like this is almost never unintentional.", "modified": "2026-05-14T11:04:12.425000", "created": "2026-05-14T11:04:12.425000", "tags": [ "vbcrlf", "error resume", "next dim", "page", "loveletter", "script", "createobject", "html", "meta", "name", "title", "body", "iloveyou", "generator", "philippines", "loop", "extra info", "next", "vbs script", "program", "attack network", "info processes", "zenbox verdict", "guest system", "ultimate file", "info file", "defense evasion", "windows sandbox", "calls clear", "next ur", "file type", "ascii text", "crlf line", "ms windows", "pe32", "drops pe", "intel", "yara", "sigma", "njrat", "malicious", "darkcomet", "code", "delphi", "dbatloader", "loader", "fraud", "notpetya", "killmbr", "trojanransom", "ransomware", "initial access", "settings", "default", "parent pid", "full path", "command line", "mwdb", "bazaar", "sha3384", "ssdeep", "format", "shell", "payload", "kevin", "accept", "revengerat", "shutdown", "aspack", "vmprotect", "meteorite", "petya", "infinitylock", "redline", "remcos", "javadropper", "lokibot", "guard", "mono", "eternalromance", "exploit", "badrabbit", "s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader Java" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778755991&Signature=xjEd%2BfezTG%2Bhf9CMiLVkvgMjqq3uWY0btw2QhhcAqvYLh%2BdAJB5d1xHA9O3DAxXep3iyDgqVU01VvCAb%2BKefQNSVhuEaACn6Vg0Hh1CHnNc3GMCXSMdTRZFYYSzniYpYsmeZX%2F0ez%2Fvlig7VA40maOBDvb%2B3HADaVl1jboeClkaL2NCfDYCQYRK2vZ5yX7ggUG%2FM2b0scFtssuydGnlFONW5Ebr6b3RuXJRvMFO9SQ%2BJ", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756062&Signature=1qwcsdiF0JPfNYSk7RDQXO4pZXvL%2Fj1JyEUevcp%2B6HlCDqJ6UKeuGEjU%2FtfcS8Y2I%2B%2FIkWQ7I%2FrKwePXyPYnyKs%2F5BGxqLLSdyj6hlP6mspza3lBQCmI8D%2B%2F%2BIcbUB4s1UZP6cZ3bieHVI%2BUt7YDDau3vsnsQBE3cIa48fIcZYKmsJp7P%2FETHpk%2FGfCZlLU4fOjXvbexeI%2Fjw%2FLOBcq3zipo%2BwQyGxHTmnK%2F", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756107&Signature=qcKaJdEe1%2F0Ewg9HU1LOWWYUSa1AX6o24coccdj5tLucnjjA7oPNFtU1%2FnPf1MngS%2B8Re5bUyuY%2FpE%2FwiXxMY9hSNotJ6H1BkH1IoOGDT8ucHEnRnac1I9XLmxmVOBdHXBoIYAF6cQu1wHM6n7kGPEnerHpqMASVuGIVJqeq9p3f7K8RNeiAlAzFQHPWjKuVRpePEo0aeNddEvVPmacL3C3Jjat%2B8lUZN4JAbvRXfPBU", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756213&Signature=nT2GPVh7JliXkCSmMglFnpxTqzjwGedv4d2km9l3nSbMaMVXff1erDdvDEzPK%2BiZmnXCBqjGhLu0pehbVPaA%2FuFCZI%2FNWrrMXl07NM2A8A0aQwuI5lwt6CpefiJaPgbeNJ%2FYSGyoPLGwLQTA1Upga8%2F1GeMvooHMu1noElIuYrvsfuC3bzCdwW7rC2t4C9bKa0%2FBKK%2BQHVrZA2NIAsBNIRplsBOqZybAuDBKBxb8Liqs580KbDsCQU4%", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756397&Signature=GrgrzQyGr0qFGDnfG3rlbCv4hrrrTPOM0ZaqFW%2FWxF%2BZW62aUsSeXENHRday%2B2le7YUbRKI20ywbl8yvmeRJ1iO5haWVNYFoq7Gt1zljmR%2F5ZveJp80cYWagPzIcSu2W0NzvR8T49UkZukCRr2yTn4Y77ivK4HZ%2FyE3ZL9Au3TqjZg0PaQSZhsub%2BtP7IMgeCTGCevf0UvRrEE6aka8%2FNMFwhtH5Pi7CX8SD%2F4Q%2Bd34I" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 36, "FileHash-MD5": 244, "FileHash-SHA1": 108, "FileHash-SHA256": 223, "URL": 269, "domain": 51, "email": 3, "hostname": 189 }, "indicator_count": 1123, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0050a164795207832b4331", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:06.849000", "created": "2026-05-10T09:32:17.372000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 773, "URI": 5, "FileHash-MD5": 200, "FileHash-SHA1": 197, "IPv4": 304, "URL": 461, "domain": 319, "hostname": 315, "CIDR": 8, "email": 9, "Mutex": 1, "CVE": 62 }, "indicator_count": 2654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0050a527cf92f4dfd0195b", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:00.258000", "created": "2026-05-10T09:32:21.717000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 666, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 131, "IPv4": 286, "URL": 346, "domain": 286, "hostname": 274, "CIDR": 2, "email": 2 }, "indicator_count": 2117, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0050a78094bfae20c7f947", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:39:59.516000", "created": "2026-05-10T09:32:23.727000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 666, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 137, "IPv4": 293, "URL": 350, "domain": 296, "hostname": 289, "CIDR": 2, "email": 2, "CVE": 4 }, "indicator_count": 2163, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fed99080ca19fd27b184cb", "name": "CAPE Sandbox - \"Client Challenge\" Created 4/27/2025.", "description": "[The Cuckoo.com website has been shut down by Microsoft, with the result of an analysis of the network's traffic patterns, and the results of its analysis] A SHA for an educational app/website I dont even have generated what is called \" Client Challenge\"\n 2c4b2093aa07afb9d633fd4e734a9707\n2732a5adf7152c21b4a5aaa0a7b45f3d4be7874a\naa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d\n622b6b82655de58b927dd956ab84db9d\n48:IYhkrFN9YfHFTtJXQHyeyQ4v3W7UNp/xmhIfgjOGkOHMZKKyMaiskaO3n:TsYdxJXQHFY375ro6tZ8MaM93n\nT1E05100012CF6C176147724BB9E73B25A2B5064476216E41C3AEDDA28CF82FD9EC426EC\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text\nHyperText Markup Language (100%)\nHTML\n3.03 KB (3101 bytes) /_fs-ch-1T1wmsGaOgGaSxcX/assets/inter-var.woff2\n/_fs-ch-1T1wmsGaOgGaSxcX/assets/styles.css -13jdrops from one html/38 malic files/bluetooth cap.", "modified": "2026-05-10T08:20:56.907000", "created": "2026-05-09T06:52:00.985000", "tags": [ "nothing", "registry keys", "mutexes nothing", "data", "datacrashpad", "edge", "created", "parent pid", "full path", "command line", "https", "network info", "processes extra", "performs dns", "layer protocol", "overview", "mitre attack", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "ip info", "ip country", "united", "info process", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "file type", "library", "size", "default", "sha1", "accept", "mcafee", "span", "install", "softonic", "alerta", "download", "error", "crypt32", "body", "bootkit", "lockfile", "title", "inside", "shutdown", "impact", "global", "restart", "uwaga", "startpage", "window", "find", "false", "null", "payload", "write", "installer", "winmm", "back", "nlrnsrdb", "trumusic", "kevsight tox", "html internet", "html document", "unicode text", "utf8 text", "language", "settings", "first counter", "file size", "sha256", "bridge", "info", "date", "agent", "root", "pe file", "ms windows", "pe32", "found", "png image", "rgba", "cabinet archive", "files c", "delphi", "code", "persistence", "malicious", "unix", "wed jun", "dropped info", "linux verdict", "bluetooth", "4/27/25", "drops", "legacy admin", "hacking tools", "geofence", "education", "government" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 529, "IPv4": 403, "hostname": 394, "domain": 121, "URL": 262, "FileHash-SHA1": 291, "FileHash-SHA256": 396 }, "indicator_count": 2396, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fed98ed79b13165d78dc30", "name": "CAPE Sandbox - \"Client Challenge\" Created 4/27/2025.", "description": "[The Cuckoo.com website has been shut down by Microsoft, with the result of an analysis of the network's traffic patterns, and the results of its analysis] A SHA for an educational app/website I dont even have generated what is called \" Client Challenge\"\n 2c4b2093aa07afb9d633fd4e734a9707\n2732a5adf7152c21b4a5aaa0a7b45f3d4be7874a\naa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d\n622b6b82655de58b927dd956ab84db9d\n48:IYhkrFN9YfHFTtJXQHyeyQ4v3W7UNp/xmhIfgjOGkOHMZKKyMaiskaO3n:TsYdxJXQHFY375ro6tZ8MaM93n\nT1E05100012CF6C176147724BB9E73B25A2B5064476216E41C3AEDDA28CF82FD9EC426EC\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text\nHyperText Markup Language (100%)\nHTML\n3.03 KB (3101 bytes) /_fs-ch-1T1wmsGaOgGaSxcX/assets/inter-var.woff2\n/_fs-ch-1T1wmsGaOgGaSxcX/assets/styles.css -13jdrops from one html/38 malic files/bluetooth cap.", "modified": "2026-05-10T08:11:16.996000", "created": "2026-05-09T06:51:58.884000", "tags": [ "nothing", "registry keys", "mutexes nothing", "data", "datacrashpad", "edge", "created", "parent pid", "full path", "command line", "https", "network info", "processes extra", "performs dns", "layer protocol", "overview", "mitre attack", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "ip info", "ip country", "united", "info process", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "file type", "library", "size", "default", "sha1", "accept", "mcafee", "span", "install", "softonic", "alerta", "download", "error", "crypt32", "body", "bootkit", "lockfile", "title", "inside", "shutdown", "impact", "global", "restart", "uwaga", "startpage", "window", "find", "false", "null", "payload", "write", "installer", "winmm", "back", "nlrnsrdb", "trumusic", "kevsight tox", "html internet", "html document", "unicode text", "utf8 text", "language", "settings", "first counter", "file size", "sha256", "bridge", "info", "date", "agent", "root", "pe file", "ms windows", "pe32", "found", "png image", "rgba", "cabinet archive", "files c", "delphi", "code", "persistence", "malicious", "unix", "wed jun", "dropped info", "linux verdict", "bluetooth", "4/27/25", "drops", "legacy admin", "hacking tools", "geofence", "education", "government" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 547, "IPv4": 545, "hostname": 752, "domain": 290, "URL": 979, "FileHash-SHA1": 296, "FileHash-SHA256": 904, "CIDR": 2, "email": 2 }, "indicator_count": 4317, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "20 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fed98a5807c9756ff0eb87", "name": "CAPE Sandbox - \"Client Challenge\" Created 4/27/2025.", "description": "[The Cuckoo.com website has been shut down by Microsoft, with the result of an analysis of the network's traffic patterns, and the results of its analysis] A SHA for an educational app/website I dont even have generated what is called \" Client Challenge\"\n 2c4b2093aa07afb9d633fd4e734a9707\n2732a5adf7152c21b4a5aaa0a7b45f3d4be7874a\naa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d\n622b6b82655de58b927dd956ab84db9d\n48:IYhkrFN9YfHFTtJXQHyeyQ4v3W7UNp/xmhIfgjOGkOHMZKKyMaiskaO3n:TsYdxJXQHFY375ro6tZ8MaM93n\nT1E05100012CF6C176147724BB9E73B25A2B5064476216E41C3AEDDA28CF82FD9EC426EC\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text\nHyperText Markup Language (100%)\nHTML\n3.03 KB (3101 bytes) /_fs-ch-1T1wmsGaOgGaSxcX/assets/inter-var.woff2\n/_fs-ch-1T1wmsGaOgGaSxcX/assets/styles.css -13jdrops from one html/38 malic files/bluetooth cap.", "modified": "2026-05-09T12:26:36.816000", "created": "2026-05-09T06:51:54.319000", "tags": [ "nothing", "registry keys", "mutexes nothing", "data", "datacrashpad", "edge", "created", "parent pid", "full path", "command line", "https", "network info", "processes extra", "performs dns", "layer protocol", "overview", "mitre attack", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "ip info", "ip country", "united", "info process", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "file type", "library", "size", "default", "sha1", "accept", "mcafee", "span", "install", "softonic", "alerta", "download", "error", "crypt32", "body", "bootkit", "lockfile", "title", "inside", "shutdown", "impact", "global", "restart", "uwaga", "startpage", "window", "find", "false", "null", "payload", "write", "installer", "winmm", "back", "nlrnsrdb", "trumusic", "kevsight tox", "html internet", "html document", "unicode text", "utf8 text", "language", "settings", "first counter", "file size", "sha256", "bridge", "info", "date", "agent", "root", "pe file", "ms windows", "pe32", "found", "png image", "rgba", "cabinet archive", "files c", "delphi", "code", "persistence", "malicious", "unix", "wed jun", "dropped info", "linux verdict", "bluetooth", "4/27/25", "drops", "legacy admin", "hacking tools", "geofence", "education", "government" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 521, "IPv4": 402, "hostname": 393, "domain": 120, "URL": 261, "FileHash-SHA1": 287, "FileHash-SHA256": 391 }, "indicator_count": 2375, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fed9859e3d403a869a56d9", "name": "CAPE Sandbox - \"Client Challenge\" Created 4/27/2025.", "description": "[The Cuckoo.com website has been shut down by Microsoft, with the result of an analysis of the network's traffic patterns, and the results of its analysis] A SHA for an educational app/website I dont even have generated what is called \" Client Challenge\"\n 2c4b2093aa07afb9d633fd4e734a9707\n2732a5adf7152c21b4a5aaa0a7b45f3d4be7874a\naa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d\n622b6b82655de58b927dd956ab84db9d\n48:IYhkrFN9YfHFTtJXQHyeyQ4v3W7UNp/xmhIfgjOGkOHMZKKyMaiskaO3n:TsYdxJXQHFY375ro6tZ8MaM93n\nT1E05100012CF6C176147724BB9E73B25A2B5064476216E41C3AEDDA28CF82FD9EC426EC\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text\nHyperText Markup Language (100%)\nHTML\n3.03 KB (3101 bytes) /_fs-ch-1T1wmsGaOgGaSxcX/assets/inter-var.woff2\n/_fs-ch-1T1wmsGaOgGaSxcX/assets/styles.css -13jdrops from one html/38 malic files/bluetooth cap.", "modified": "2026-05-09T07:20:23.936000", "created": "2026-05-09T06:51:49.607000", "tags": [ "nothing", "registry keys", "mutexes nothing", "data", "datacrashpad", "edge", "created", "parent pid", "full path", "command line", "https", "network info", "processes extra", "performs dns", "layer protocol", "overview", "mitre attack", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "ip info", "ip country", "united", "info process", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "file type", "library", "size", "default", "sha1", "accept", "mcafee", "span", "install", "softonic", "alerta", "download", "error", "crypt32", "body", "bootkit", "lockfile", "title", "inside", "shutdown", "impact", "global", "restart", "uwaga", "startpage", "window", "find", "false", "null", "payload", "write", "installer", "winmm", "back", "nlrnsrdb", "trumusic", "kevsight tox", "html internet", "html document", "unicode text", "utf8 text", "language", "settings", "first counter", "file size", "sha256", "bridge", "info", "date", "agent", "root", "pe file", "ms windows", "pe32", "found", "png image", "rgba", "cabinet archive", "files c", "delphi", "code", "persistence", "malicious", "unix", "wed jun", "dropped info", "linux verdict", "bluetooth", "4/27/25", "drops", "legacy admin", "hacking tools", "geofence", "education", "government" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 522, "IPv4": 409, "hostname": 645, "domain": 178, "URL": 786, "FileHash-SHA1": 288, "FileHash-SHA256": 392, "CVE": 1 }, "indicator_count": 3221, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd77791314336d2ce3b694", "name": "CAPE Sandbox - Async Rat dating Sept 8, 2024", "description": "RAT, 2024. > Ttb chain shows the link to 2018-2019 domain control from Iran Root, Us hosted backdoor.", "modified": "2026-05-08T05:53:30.965000", "created": "2026-05-08T05:41:13.128000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 66, "FileHash-MD5": 107, "FileHash-SHA1": 116, "FileHash-SHA256": 393, "URL": 204, "domain": 155, "hostname": 220, "CVE": 1 }, "indicator_count": 1262, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd777910676e8bf0b845ee", "name": "CAPE Sandbox - Async Rat dating Sept 8, 2024", "description": "RAT, 2024. > Ttb chain shows the link to 2018-2019 domain control from Iran Root, Us hosted backdoor.", "modified": "2026-05-08T05:53:29.869000", "created": "2026-05-08T05:41:13.718000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 66, "FileHash-MD5": 107, "FileHash-SHA1": 116, "FileHash-SHA256": 393, "URL": 205, "domain": 155, "hostname": 220, "CVE": 1 }, "indicator_count": 1263, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd777a9e7f4113aeb6b47c", "name": "CAPE Sandbox - Async Rat dating Sept 8, 2024", "description": "RAT, 2024. > Ttb chain shows the link to 2018-2019 domain control from Iran Root, Us hosted backdoor.", "modified": "2026-05-08T05:53:29.152000", "created": "2026-05-08T05:41:14.795000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 66, "FileHash-MD5": 107, "FileHash-SHA1": 116, "FileHash-SHA256": 393, "URL": 205, "domain": 155, "hostname": 220, "CVE": 1 }, "indicator_count": 1263, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd777b0f4e9133dee0511f", "name": "CAPE Sandbox - Async Rat dating Sept 8, 2024", "description": "RAT, 2024. > Ttb chain shows the link to 2018-2019 domain control from Iran Root, Us hosted backdoor.", "modified": "2026-05-08T05:53:28.276000", "created": "2026-05-08T05:41:15.674000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 66, "FileHash-MD5": 107, "FileHash-SHA1": 116, "FileHash-SHA256": 393, "URL": 205, "domain": 155, "hostname": 220, "CVE": 1 }, "indicator_count": 1263, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1f8041acb7d71607578f3", "name": "CAPE Sandbox", "description": "<>", "modified": "2026-05-05T05:03:36.423000", "created": "2026-04-05T05:49:56.708000", "tags": [ "verisign", "verisign class", "display driver", "verisign trust", "network o", "pulses", "code signing", "mon feb", "public primary", "digital id", "class", "win32 exe", "pe32", "ms windows", "icons library", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "status", "issuer verisign", "ca valid", "from", "valid", "valid usage", "algorithm", "thumbprint", "ca status", "g5 valid", "verisign status", "valid issuer", "client auth", "hash", "cf b8", "b7 b4", "a8 f0", "ab c5", "bb f6", "f7 a3", "name verisign", "g5 issuer", "microsoft code", "valid from", "thumbprint md5", "serial number", "ec f2", "init", "copyright", "product monitor", "original name", "file version", "word document", "file v2", "document", "outlook", "settings", "generic ole2", "multistream", "compound", "time stamping", "signer", "g4 issuer", "symantec time", "stamping", "g2 valid", "open xml", "zip archive", "word microsoft", "office open", "xml format", "open packaging", "cf f4", "c8 fe", "digicert sha2", "assured id" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 54, "FileHash-SHA256": 1900, "URL": 684, "hostname": 657, "domain": 387 }, "indicator_count": 3753, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1f8066431fee3647fa5ff", "name": "CAPE Sandbox", "description": "<>", "modified": "2026-05-05T05:03:36.423000", "created": "2026-04-05T05:49:58.156000", "tags": [ "verisign", "verisign class", "display driver", "verisign trust", "network o", "pulses", "code signing", "mon feb", "public primary", "digital id", "class", "win32 exe", "pe32", "ms windows", "icons library", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "status", "issuer verisign", "ca valid", "from", "valid", "valid usage", "algorithm", "thumbprint", "ca status", "g5 valid", "verisign status", "valid issuer", "client auth", "hash", "cf b8", "b7 b4", "a8 f0", "ab c5", "bb f6", "f7 a3", "name verisign", "g5 issuer", "microsoft code", "valid from", "thumbprint md5", "serial number", "ec f2", "init", "copyright", "product monitor", "original name", "file version", "word document", "file v2", "document", "outlook", "settings", "generic ole2", "multistream", "compound", "time stamping", "signer", "g4 issuer", "symantec time", "stamping", "g2 valid", "open xml", "zip archive", "word microsoft", "office open", "xml format", "open packaging", "cf f4", "c8 fe", "digicert sha2", "assured id" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 54, "FileHash-SHA256": 1900, "URL": 684, "hostname": 657, "domain": 387, "CVE": 6 }, "indicator_count": 3759, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756213&Signature=nT2GPVh7JliXkCSmMglFnpxTqzjwGedv4d2km9l3nSbMaMVXff1erDdvDEzPK%2BiZmnXCBqjGhLu0pehbVPaA%2FuFCZI%2FNWrrMXl07NM2A8A0aQwuI5lwt6CpefiJaPgbeNJ%2FYSGyoPLGwLQTA1Upga8%2F1GeMvooHMu1noElIuYrvsfuC3bzCdwW7rC2t4C9bKa0%2FBKK%2BQHVrZA2NIAsBNIRplsBOqZybAuDBKBxb8Liqs580KbDsCQU4%", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756062&Signature=1qwcsdiF0JPfNYSk7RDQXO4pZXvL%2Fj1JyEUevcp%2B6HlCDqJ6UKeuGEjU%2FtfcS8Y2I%2B%2FIkWQ7I%2FrKwePXyPYnyKs%2F5BGxqLLSdyj6hlP6mspza3lBQCmI8D%2B%2F%2BIcbUB4s1UZP6cZ3bieHVI%2BUt7YDDau3vsnsQBE3cIa48fIcZYKmsJp7P%2FETHpk%2FGfCZlLU4fOjXvbexeI%2Fjw%2FLOBcq3zipo%2BwQyGxHTmnK%2F", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756397&Signature=GrgrzQyGr0qFGDnfG3rlbCv4hrrrTPOM0ZaqFW%2FWxF%2BZW62aUsSeXENHRday%2B2le7YUbRKI20ywbl8yvmeRJ1iO5haWVNYFoq7Gt1zljmR%2F5ZveJp80cYWagPzIcSu2W0NzvR8T49UkZukCRr2yTn4Y77ivK4HZ%2FyE3ZL9Au3TqjZg0PaQSZhsub%2BtP7IMgeCTGCevf0UvRrEE6aka8%2FNMFwhtH5Pi7CX8SD%2F4Q%2Bd34I", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756107&Signature=qcKaJdEe1%2F0Ewg9HU1LOWWYUSa1AX6o24coccdj5tLucnjjA7oPNFtU1%2FnPf1MngS%2B8Re5bUyuY%2FpE%2FwiXxMY9hSNotJ6H1BkH1IoOGDT8ucHEnRnac1I9XLmxmVOBdHXBoIYAF6cQu1wHM6n7kGPEnerHpqMASVuGIVJqeq9p3f7K8RNeiAlAzFQHPWjKuVRpePEo0aeNddEvVPmacL3C3Jjat%2B8lUZN4JAbvRXfPBU", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778755991&Signature=xjEd%2BfezTG%2Bhf9CMiLVkvgMjqq3uWY0btw2QhhcAqvYLh%2BdAJB5d1xHA9O3DAxXep3iyDgqVU01VvCAb%2BKefQNSVhuEaACn6Vg0Hh1CHnNc3GMCXSMdTRZFYYSzniYpYsmeZX%2F0ez%2Fvlig7VA40maOBDvb%2B3HADaVl1jboeClkaL2NCfDYCQYRK2vZ5yX7ggUG%2FM2b0scFtssuydGnlFONW5Ebr6b3RuXJRvMFO9SQ%2BJ", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 22, "pulses": [ { "id": "6a0050a3b1d71cc50840286e", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-29T19:06:32.951000", "created": "2026-05-10T09:32:19.100000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 669, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 131, "IPv4": 285, "URL": 346, "domain": 286, "hostname": 274, "CIDR": 2, "email": 2 }, "indicator_count": 2119, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1e3701bff1800614838dc", "name": "wireshark", "description": "", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T07:38:24.668000", "tags": [ "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 707, "FileHash-MD5": 281, "FileHash-SHA1": 271, "URL": 123, "domain": 69, "hostname": 608, "email": 1 }, "indicator_count": 2060, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f52e424e1151ddd9c696", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:06.864000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 714, "FileHash-MD5": 128, "FileHash-SHA1": 152, "URL": 692, "hostname": 456, "domain": 121, "email": 2, "YARA": 5 }, "indicator_count": 2270, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f53e6b3e17deca1277b7", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:22.034000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 686, "FileHash-MD5": 96, "FileHash-SHA1": 136, "URL": 562, "hostname": 313, "domain": 105, "email": 2, "YARA": 1 }, "indicator_count": 1901, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f540aa36f336eb92ff53", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:24.517000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 860, "FileHash-MD5": 180, "FileHash-SHA1": 224, "URL": 639, "hostname": 362, "domain": 107, "email": 2 }, "indicator_count": 2374, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69e1f540bec93625fc7c7466", "name": "VirusTotal report\n for program.exe", "description": "The full text of this year's EU Referendum, which will take place on 26 November, has been published.. and it will not appear on BBC Radio 5 live or on iPlayer.]", "modified": "2026-05-17T08:02:15.940000", "created": "2026-04-17T08:54:24.226000", "tags": [ "executable", "msdos", "pe32 executable", "intel", "ms windows", "dos borland", "generic windos", "dos executable", "pe32 compiler", "borland delphi", "delphi", "file type", "json", "ascii", "ascii text", "drops pe", "pe file", "sample", "persistence", "malicious", "next", "network capture", "wireshark pcap", "next generation", "dump file", "format", "little endian", "pcap", "nothing", "registry keys", "mutexes nothing", "parent pid", "full path", "command line", "files c", "read files", "read registry", "apis nothing", "https", "urls", "creates", "pe32", "sigma", "window", "mailpassview", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "sha256", "cname", "inprocserver32", "accept", "shutdown", "guard", "darkgate", "windows sandbox", "calls process", "systemroot", "commands", "created", "xcaxdb xcaxdb", "x82xec x82xec", "x83xc4 x83xc4", "xc1 x", "xffu xffu", "x8be x8be", "x81e x81e", "xc4 xc4", "x81i x81i", "xf3x86 xf3x86", "activator", "detail info", "tickcount", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "text", "classname", "behaviour", "class", "shell", "find", "mitre attack", "network info", "processes extra", "program", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "title", "phishing", "cape sandbox", "t1055", "style", "courier", "ip address", "port", "gmt ifnonematch", "machine summary", "meta", "inter" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415519&Signature=e1YxGtIahtkD9VKQTSuo9BFhC4KNicXASSfPf7LiJhYyR2OQOLXoHJjgEUtHCAfeZU7VSacymMfJJhx7M2NXSaPyv5cdsCUWfzeTKwyFqM06pSuq7HqYUJIh2%2BG3bz87h0m%2FMFuU5d0MXdwN9ykL%2FJ8EB4RuyKhfY%2FjBGZMZA0nVn5dQtQ1GySJiLj%2BWsKXQxsYVy%2FBok8h2n2m7EE923RSv%2BkkdQHO3enQf2ikR%2FU%2BtEN4S7xO2", "https://vtbehaviour.commondatastorage.googleapis.com/b71ddf3175c9e6b41f143207c6e74a9c327a362b3a1ce7e0282ceae2ad513b3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415599&Signature=O7Nc7o9GEFU3sFGIZv58PwBR8rG8MIwYQTmDyTNIUlHEEpmUY2Bttz0797jnr4%2BjT%2BCd1r%2BRad4nV4HLruG5QACAgOnQKjtSn%2FhWNes5q1y2qu46J%2BwCUFqmrr%2BpM6MjMmILZUqSezFzC5Fs%2Fnn4iBIQpYxJ8e4sJMXVIONcDkWLhycQk5rVr%2FV7G6tU0yAkoavXhpyrSGqR2Ee9QAoAXLWdixJ0rLJ85yQxWFr0E%2F7%", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415622&Signature=NJmj0XG%2BcAwpEa26%2B7ucV3CTWcwrSwSV%2BU62aYx0yDVYzZH70ROLK9%2F2lUy0IuC6n88oOTLoikSC4GRgUVypFQpmJoKQpkPvHZ1SfyklCtIWurZJYZvHSZs32JL0l6t3eEwW61xDg%2FICvOFlPQ0Aju7Hk1ntOY82jD%2B9dVw179jdF3A5jzGDrcr7mP17tnwZcOI0pVfF0ZhtbJL6SCHXBce%2BWS5zRxV2VgXHqrGYl0XLgpK6MD30wBFT", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415648&Signature=gOGhlxTumFXkKGryYSeJV8%2BMONZwbp%2BS3ntsErndc02nffG6DHW%2FbU0CVbVSOp3lIZkIt2qx7a%2BTsm2IItEWtGIN55fG14UxsBfo1Gf8bukZC4u5KoQKrVSYuV9aASUd5oCoTo0iIp%2BVCokHRdLbF259Fld%2FjlgJGL%2FVoLiGxXwkbQaxZi5VN94eNl65FMGXLtoVUgbUk3FhXEIuLwwJJU8XnveqbCOzDS9PtPnPO7seXDaK", "https://vtbehaviour.commondatastorage.googleapis.com/9e4f036dd6fbb45ce414cb5d040b3255b5ccc9ecacbfaf022b631545f9a19a02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415662&Signature=ii4xZZXyeZqty%2B%2BwMuioMf90xxcdXimnQRoYesmvSMUfZNPn9hRsSBoDdFdqtcRFep%2BYsQiF4%2BKaDZPUzloaQ%2FeZkEhJokSi2P1NP1ymoIPZ5j%2F8XwTxCO0c%2BGbA%2BECIOWUC9IlgPTZfdCvd1wQiXe4sa1U0QVwZBDk%2B7GDXDJUVIOH6bc8cAZi8Q4QzBqOTaLamgqF1%2BC5uFbLSShJOLGiBZv6PRiQ2L2qk", "https://vtbehaviour.commondatastorage.googleapis.com/0244cbf1fbf8809c335b9bbd8142c72e3bbb36881e0aacfba6000e0aaa048ba9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415703&Signature=L2WgcAgR2nm5cyc0SHe8nYGU6Db6r7Cvr%2F9INkp%2ByiPXoTK3tUwxH06Vr3YnW2wDr8eANqgqXGU09YoEUVEKuHs8veU6QWbaN3LrOaICSmq1tlHwJUE7sILNI3MnOjwZvzYeFCMmSLUOQ62k46HzTVnrFNBqaPIUNQiRsQFUz06TVaA9FxXxYKk2brVLRXiNew1RgDlMp%2BM9EnePR06vYsB9QXEgrblE7M51AU%2BpM09%2BGxukEzUG", "https://vtbehaviour.commondatastorage.googleapis.com/1af55649a731abb95d71e2e49693a7bcf87270eb4f8712b747f7e04a0a2a3031_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415762&Signature=4Iu15AELs8158yzYffz716hQ5%2BDY4JHNeJeMzaSmkJrocvfpO7MMmB4MO5Zo%2Bs339dX%2Flb51NK%2Fd3eREGBJkNV3bvbEFaxv1hCO%2Fqge8%2FLnfKLSSRPJ48%2BGAVA22z0gYKvSPfYdGvownSV9GBevxmcIWZ%2F0VK57Mb1gHqvtWKs%2BMGgd4v%2FJJWCmjWx8xLomFVgrpD1boM0PxdVh3X21asN1DplbqcAZ%2Fd5WoOJYic", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776415832&Signature=AOcM9Dc%2B2gUBJnZxuNmagisQ8QYjno4RVZd6DZFo553Ws2tWbJ6lUHXGOGTxLZCRccqXY9h0WhcjRXW4EgojbjJxXCTLq1y%2BtxXjZShlepAg7uq2pbXGsBhUcbpS5Jj0upmosZUCtU4mq8fMyjA0Jufv7u%2F%2FhIwKCp6Q9NIixpAXFwNy8BWn%2FOh6em7B0TwRABvcvTsQC2PO%2FOq5J61VWow6JiR2o97x%2Fm1ChJyz%2FvGTsz", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416015&Signature=evkFEcpvJ0BNlw47zD%2Bgg2ETU%2FGcbGZI3U%2BLCDkaRH4IhSCbgDF9ABajkx7SCAFA2G%2BndDWCzqKkknqPMARKAJk2b5h%2Bu1Gq8uDozkg9GvP8exgs3%2Bw%2F40637%2BmzlgjutElGFcVRMMDWRF5QEvyEDJVUIXmKmLYmKDYM58fBA4IM2VfpV8BB6HJcySkkMk2J4Mhk9nut%2FIrmFjV99WEunuPKfIgnAataXIXzBGZJl2eJK1OEGK19", "https://vtbehaviour.commondatastorage.googleapis.com/2490cba406c48127d4f19ec90640181b6fda91960640d126478a6695aab49c4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416061&Signature=eIQtmFWS2GiSN%2F3bdQCKKOu9%2FiEoDqQYcEtVnvTTBu%2BZ5JFRAyRu7Tgxw5YyVb%2BXK66m6JTN4yIleNl669%2FfdMbOamF6hlF%2FZbucN1etgX%2B8Snq2xrhFN5xZvvWrQukcYlJQnz9s2WSByNnA2Lvi7dn3qQnZMVNcJwWLhL1ayyCBqpiDVaDMGTgQfLrVdec0Xknzzl70Ce70nSgQdxJ4Q%2FSzYtz9Khtk6hyaiBbYxsyiWQ", "https://vtbehaviour.commondatastorage.googleapis.com/fb83210a8a2d58af1d2fe5edf812be88b5465c130c3e8a091626bc0a2d6452ae_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776416202&Signature=f43IRerFiqRQ5ke71WfT2lNFf5Jf60FnKcTCpJGhgnSemoBx1iDNvbOs8rePJYHFEiffIuvjjnquRt51dziCswMktwhg8g7Tl3vVfnoYpuBzv6QT86so9sVcKWOt43wFnzCEH1RWrmQDe2jRBGL2Kvhqi%2B3i2iAFdZWCrxoAJtMJVqGVwXM5S7JnLR%2BklB1A5RQQReOEncgwClqKUHMPrSGjXgH%2FDernerWjOXghDL3V2fJ7EJ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 686, "FileHash-MD5": 96, "FileHash-SHA1": 136, "URL": 561, "hostname": 316, "domain": 105, "email": 2 }, "indicator_count": 1902, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05ac967057c13623229fa4", "name": "Eternal Romance. InfinityRedRatLokiMeteorDownDropRemPetDCometRevenBRabbit[Ilu/txt> vbs]CAPE Sandbox", "description": "[A report on the discovery of a malicious script on a server at the University of California, Los Angeles, has been published by GRAMMERSoft Group, a security firm based in the Philippines.] s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader JavaDropper Remcos Petya DarkComet RevengeRAT BadRabbit Iloveyou[txt]vbs.\nMalware like this is almost never unintentional.", "modified": "2026-05-15T10:49:24.586000", "created": "2026-05-14T11:05:58.600000", "tags": [ "vbcrlf", "error resume", "next dim", "page", "loveletter", "script", "createobject", "html", "meta", "name", "title", "body", "iloveyou", "generator", "philippines", "loop", "extra info", "next", "vbs script", "program", "attack network", "info processes", "zenbox verdict", "guest system", "ultimate file", "info file", "defense evasion", "windows sandbox", "calls clear", "next ur", "file type", "ascii text", "crlf line", "ms windows", "pe32", "drops pe", "intel", "yara", "sigma", "njrat", "malicious", "darkcomet", "code", "delphi", "dbatloader", "loader", "fraud", "notpetya", "killmbr", "trojanransom", "ransomware", "initial access", "settings", "default", "parent pid", "full path", "command line", "mwdb", "bazaar", "sha3384", "ssdeep", "format", "shell", "payload", "kevin", "accept", "revengerat", "shutdown", "aspack", "vmprotect", "meteorite", "petya", "infinitylock", "redline", "remcos", "javadropper", "lokibot", "guard", "mono", "eternalromance", "exploit", "badrabbit", "s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader Java" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778755991&Signature=xjEd%2BfezTG%2Bhf9CMiLVkvgMjqq3uWY0btw2QhhcAqvYLh%2BdAJB5d1xHA9O3DAxXep3iyDgqVU01VvCAb%2BKefQNSVhuEaACn6Vg0Hh1CHnNc3GMCXSMdTRZFYYSzniYpYsmeZX%2F0ez%2Fvlig7VA40maOBDvb%2B3HADaVl1jboeClkaL2NCfDYCQYRK2vZ5yX7ggUG%2FM2b0scFtssuydGnlFONW5Ebr6b3RuXJRvMFO9SQ%2BJ", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756062&Signature=1qwcsdiF0JPfNYSk7RDQXO4pZXvL%2Fj1JyEUevcp%2B6HlCDqJ6UKeuGEjU%2FtfcS8Y2I%2B%2FIkWQ7I%2FrKwePXyPYnyKs%2F5BGxqLLSdyj6hlP6mspza3lBQCmI8D%2B%2F%2BIcbUB4s1UZP6cZ3bieHVI%2BUt7YDDau3vsnsQBE3cIa48fIcZYKmsJp7P%2FETHpk%2FGfCZlLU4fOjXvbexeI%2Fjw%2FLOBcq3zipo%2BwQyGxHTmnK%2F", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756107&Signature=qcKaJdEe1%2F0Ewg9HU1LOWWYUSa1AX6o24coccdj5tLucnjjA7oPNFtU1%2FnPf1MngS%2B8Re5bUyuY%2FpE%2FwiXxMY9hSNotJ6H1BkH1IoOGDT8ucHEnRnac1I9XLmxmVOBdHXBoIYAF6cQu1wHM6n7kGPEnerHpqMASVuGIVJqeq9p3f7K8RNeiAlAzFQHPWjKuVRpePEo0aeNddEvVPmacL3C3Jjat%2B8lUZN4JAbvRXfPBU", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756213&Signature=nT2GPVh7JliXkCSmMglFnpxTqzjwGedv4d2km9l3nSbMaMVXff1erDdvDEzPK%2BiZmnXCBqjGhLu0pehbVPaA%2FuFCZI%2FNWrrMXl07NM2A8A0aQwuI5lwt6CpefiJaPgbeNJ%2FYSGyoPLGwLQTA1Upga8%2F1GeMvooHMu1noElIuYrvsfuC3bzCdwW7rC2t4C9bKa0%2FBKK%2BQHVrZA2NIAsBNIRplsBOqZybAuDBKBxb8Liqs580KbDsCQU4%", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756397&Signature=GrgrzQyGr0qFGDnfG3rlbCv4hrrrTPOM0ZaqFW%2FWxF%2BZW62aUsSeXENHRday%2B2le7YUbRKI20ywbl8yvmeRJ1iO5haWVNYFoq7Gt1zljmR%2F5ZveJp80cYWagPzIcSu2W0NzvR8T49UkZukCRr2yTn4Y77ivK4HZ%2FyE3ZL9Au3TqjZg0PaQSZhsub%2BtP7IMgeCTGCevf0UvRrEE6aka8%2FNMFwhtH5Pi7CX8SD%2F4Q%2Bd34I" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 36, "FileHash-MD5": 245, "FileHash-SHA1": 109, "FileHash-SHA256": 224, "URL": 269, "domain": 51, "email": 3, "hostname": 189, "Mutex": 4 }, "indicator_count": 1130, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05ac72028bf99f635f0ded", "name": "Eternal Romance. InfinityRedRatLokiMeteorDownDropRemPetDCometRevenBRabbit[Ilu/txt> vbs]CAPE Sandbox", "description": "[A report on the discovery of a malicious script on a server at the University of California, Los Angeles, has been published by GRAMMERSoft Group, a security firm based in the Philippines.] s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader JavaDropper Remcos Petya DarkComet RevengeRAT BadRabbit Iloveyou[txt]vbs.\nMalware like this is almost never unintentional.", "modified": "2026-05-14T11:05:22.932000", "created": "2026-05-14T11:05:22.932000", "tags": [ "vbcrlf", "error resume", "next dim", "page", "loveletter", "script", "createobject", "html", "meta", "name", "title", "body", "iloveyou", "generator", "philippines", "loop", "extra info", "next", "vbs script", "program", "attack network", "info processes", "zenbox verdict", "guest system", "ultimate file", "info file", "defense evasion", "windows sandbox", "calls clear", "next ur", "file type", "ascii text", "crlf line", "ms windows", "pe32", "drops pe", "intel", "yara", "sigma", "njrat", "malicious", "darkcomet", "code", "delphi", "dbatloader", "loader", "fraud", "notpetya", "killmbr", "trojanransom", "ransomware", "initial access", "settings", "default", "parent pid", "full path", "command line", "mwdb", "bazaar", "sha3384", "ssdeep", "format", "shell", "payload", "kevin", "accept", "revengerat", "shutdown", "aspack", "vmprotect", "meteorite", "petya", "infinitylock", "redline", "remcos", "javadropper", "lokibot", "guard", "mono", "eternalromance", "exploit", "badrabbit", "s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader Java" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778755991&Signature=xjEd%2BfezTG%2Bhf9CMiLVkvgMjqq3uWY0btw2QhhcAqvYLh%2BdAJB5d1xHA9O3DAxXep3iyDgqVU01VvCAb%2BKefQNSVhuEaACn6Vg0Hh1CHnNc3GMCXSMdTRZFYYSzniYpYsmeZX%2F0ez%2Fvlig7VA40maOBDvb%2B3HADaVl1jboeClkaL2NCfDYCQYRK2vZ5yX7ggUG%2FM2b0scFtssuydGnlFONW5Ebr6b3RuXJRvMFO9SQ%2BJ", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756062&Signature=1qwcsdiF0JPfNYSk7RDQXO4pZXvL%2Fj1JyEUevcp%2B6HlCDqJ6UKeuGEjU%2FtfcS8Y2I%2B%2FIkWQ7I%2FrKwePXyPYnyKs%2F5BGxqLLSdyj6hlP6mspza3lBQCmI8D%2B%2F%2BIcbUB4s1UZP6cZ3bieHVI%2BUt7YDDau3vsnsQBE3cIa48fIcZYKmsJp7P%2FETHpk%2FGfCZlLU4fOjXvbexeI%2Fjw%2FLOBcq3zipo%2BwQyGxHTmnK%2F", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756107&Signature=qcKaJdEe1%2F0Ewg9HU1LOWWYUSa1AX6o24coccdj5tLucnjjA7oPNFtU1%2FnPf1MngS%2B8Re5bUyuY%2FpE%2FwiXxMY9hSNotJ6H1BkH1IoOGDT8ucHEnRnac1I9XLmxmVOBdHXBoIYAF6cQu1wHM6n7kGPEnerHpqMASVuGIVJqeq9p3f7K8RNeiAlAzFQHPWjKuVRpePEo0aeNddEvVPmacL3C3Jjat%2B8lUZN4JAbvRXfPBU", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756213&Signature=nT2GPVh7JliXkCSmMglFnpxTqzjwGedv4d2km9l3nSbMaMVXff1erDdvDEzPK%2BiZmnXCBqjGhLu0pehbVPaA%2FuFCZI%2FNWrrMXl07NM2A8A0aQwuI5lwt6CpefiJaPgbeNJ%2FYSGyoPLGwLQTA1Upga8%2F1GeMvooHMu1noElIuYrvsfuC3bzCdwW7rC2t4C9bKa0%2FBKK%2BQHVrZA2NIAsBNIRplsBOqZybAuDBKBxb8Liqs580KbDsCQU4%", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756397&Signature=GrgrzQyGr0qFGDnfG3rlbCv4hrrrTPOM0ZaqFW%2FWxF%2BZW62aUsSeXENHRday%2B2le7YUbRKI20ywbl8yvmeRJ1iO5haWVNYFoq7Gt1zljmR%2F5ZveJp80cYWagPzIcSu2W0NzvR8T49UkZukCRr2yTn4Y77ivK4HZ%2FyE3ZL9Au3TqjZg0PaQSZhsub%2BtP7IMgeCTGCevf0UvRrEE6aka8%2FNMFwhtH5Pi7CX8SD%2F4Q%2Bd34I" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 36, "FileHash-MD5": 244, "FileHash-SHA1": 108, "FileHash-SHA256": 223, "URL": 269, "domain": 51, "email": 3, "hostname": 189 }, "indicator_count": 1123, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a05ac2c27730f972e8d9474", "name": "Eternal Romance. InfinityRedRatLokiMeteorDownDropRemPetDCometRevenBRabbit[Ilu/txt> vbs]CAPE Sandbox", "description": "[A report on the discovery of a malicious script on a server at the University of California, Los Angeles, has been published by GRAMMERSoft Group, a security firm based in the Philippines.] s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader JavaDropper Remcos Petya DarkComet RevengeRAT BadRabbit Iloveyou[txt]vbs.\nMalware like this is almost never unintentional.", "modified": "2026-05-14T11:04:12.425000", "created": "2026-05-14T11:04:12.425000", "tags": [ "vbcrlf", "error resume", "next dim", "page", "loveletter", "script", "createobject", "html", "meta", "name", "title", "body", "iloveyou", "generator", "philippines", "loop", "extra info", "next", "vbs script", "program", "attack network", "info processes", "zenbox verdict", "guest system", "ultimate file", "info file", "defense evasion", "windows sandbox", "calls clear", "next ur", "file type", "ascii text", "crlf line", "ms windows", "pe32", "drops pe", "intel", "yara", "sigma", "njrat", "malicious", "darkcomet", "code", "delphi", "dbatloader", "loader", "fraud", "notpetya", "killmbr", "trojanransom", "ransomware", "initial access", "settings", "default", "parent pid", "full path", "command line", "mwdb", "bazaar", "sha3384", "ssdeep", "format", "shell", "payload", "kevin", "accept", "revengerat", "shutdown", "aspack", "vmprotect", "meteorite", "petya", "infinitylock", "redline", "remcos", "javadropper", "lokibot", "guard", "mono", "eternalromance", "exploit", "badrabbit", "s): InfinityLock RedLine Njrat LokiBot Meteorite Downloader Java" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778755991&Signature=xjEd%2BfezTG%2Bhf9CMiLVkvgMjqq3uWY0btw2QhhcAqvYLh%2BdAJB5d1xHA9O3DAxXep3iyDgqVU01VvCAb%2BKefQNSVhuEaACn6Vg0Hh1CHnNc3GMCXSMdTRZFYYSzniYpYsmeZX%2F0ez%2Fvlig7VA40maOBDvb%2B3HADaVl1jboeClkaL2NCfDYCQYRK2vZ5yX7ggUG%2FM2b0scFtssuydGnlFONW5Ebr6b3RuXJRvMFO9SQ%2BJ", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756062&Signature=1qwcsdiF0JPfNYSk7RDQXO4pZXvL%2Fj1JyEUevcp%2B6HlCDqJ6UKeuGEjU%2FtfcS8Y2I%2B%2FIkWQ7I%2FrKwePXyPYnyKs%2F5BGxqLLSdyj6hlP6mspza3lBQCmI8D%2B%2F%2BIcbUB4s1UZP6cZ3bieHVI%2BUt7YDDau3vsnsQBE3cIa48fIcZYKmsJp7P%2FETHpk%2FGfCZlLU4fOjXvbexeI%2Fjw%2FLOBcq3zipo%2BwQyGxHTmnK%2F", "https://vtbehaviour.commondatastorage.googleapis.com/556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756107&Signature=qcKaJdEe1%2F0Ewg9HU1LOWWYUSa1AX6o24coccdj5tLucnjjA7oPNFtU1%2FnPf1MngS%2B8Re5bUyuY%2FpE%2FwiXxMY9hSNotJ6H1BkH1IoOGDT8ucHEnRnac1I9XLmxmVOBdHXBoIYAF6cQu1wHM6n7kGPEnerHpqMASVuGIVJqeq9p3f7K8RNeiAlAzFQHPWjKuVRpePEo0aeNddEvVPmacL3C3Jjat%2B8lUZN4JAbvRXfPBU", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756213&Signature=nT2GPVh7JliXkCSmMglFnpxTqzjwGedv4d2km9l3nSbMaMVXff1erDdvDEzPK%2BiZmnXCBqjGhLu0pehbVPaA%2FuFCZI%2FNWrrMXl07NM2A8A0aQwuI5lwt6CpefiJaPgbeNJ%2FYSGyoPLGwLQTA1Upga8%2F1GeMvooHMu1noElIuYrvsfuC3bzCdwW7rC2t4C9bKa0%2FBKK%2BQHVrZA2NIAsBNIRplsBOqZybAuDBKBxb8Liqs580KbDsCQU4%", "https://vtbehaviour.commondatastorage.googleapis.com/7737f90de7e9fc0935561c017e9ddc4a58337ebc25873f0bbcfe860790f3f888_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778756397&Signature=GrgrzQyGr0qFGDnfG3rlbCv4hrrrTPOM0ZaqFW%2FWxF%2BZW62aUsSeXENHRday%2B2le7YUbRKI20ywbl8yvmeRJ1iO5haWVNYFoq7Gt1zljmR%2F5ZveJp80cYWagPzIcSu2W0NzvR8T49UkZukCRr2yTn4Y77ivK4HZ%2FyE3ZL9Au3TqjZg0PaQSZhsub%2BtP7IMgeCTGCevf0UvRrEE6aka8%2FNMFwhtH5Pi7CX8SD%2F4Q%2Bd34I" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1219", "name": "Remote Access Software", "display_name": "T1219 - Remote Access Software" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1490", "name": "Inhibit System Recovery", "display_name": "T1490 - Inhibit System Recovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 36, "FileHash-MD5": 244, "FileHash-SHA1": 108, "FileHash-SHA256": 223, "URL": 269, "domain": 51, "email": 3, "hostname": 189 }, "indicator_count": 1123, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0050a164795207832b4331", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:06.849000", "created": "2026-05-10T09:32:17.372000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 773, "URI": 5, "FileHash-MD5": 200, "FileHash-SHA1": 197, "IPv4": 304, "URL": 461, "domain": 319, "hostname": 315, "CIDR": 8, "email": 9, "Mutex": 1, "CVE": 62 }, "indicator_count": 2654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "geomax-positioning.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "geomax-positioning.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780204764.5718126 }