{ "type": "URL", "indicator": "http://javascript.nwbox.com/CSSSupport/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://javascript.nwbox.com/CSSSupport/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2829924126, "indicator": "http://javascript.nwbox.com/CSSSupport/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "6a11810e7bc0d9d7652b4fcb", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:44:37.782000", "created": "2026-05-23T10:27:26.040000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 194, "FileHash-MD5": 63, "FileHash-SHA1": 65, "FileHash-SHA256": 456, "domain": 116, "hostname": 495, "URL": 862, "email": 1 }, "indicator_count": 2252, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1181104aab1e5b6484a6d2", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:34:56.494000", "created": "2026-05-23T10:27:28.048000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 70, "FileHash-MD5": 19, "FileHash-SHA1": 18, "FileHash-SHA256": 412, "domain": 96, "hostname": 409, "URL": 810, "email": 1 }, "indicator_count": 1835, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657096b22a51f1cc56dcfb53", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "", "modified": "2023-12-06T15:43:46.083000", "created": "2023-12-06T15:43:46.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "domain": 134, "FileHash-SHA256": 82, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbbf6ae4f5433c2bab52e9", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "A guide to some of the key methods used by the web browser, jQuery, to create web pages and add links to the search engine and other parts of its web address system, as well as the address bar.", "modified": "2023-03-04T13:00:43.098000", "created": "2023-02-02T13:49:30.620000", "tags": [ "null", "copyright", "jan sorgalla", "built", "bill scott", "http", "error", "function", "title", "method", "play", "fast", "click", "return", "href", "target", "span", "pass", "linear", "timebuff", "block", "trigger", "nivoslider", "display", "width", "show", "next", "arrow", "restart", "stop", "iframe", "alpha", "factory", "type", "handle", "sizzle", "match", "check", "make sure", "elem", "name", "regexp", "hooks", "false", "date", "class", "internal", "done", "bind", "test", "body", "copy", "hold", "mozilla", "logic", "flash", "jquery", "fall", "bubble", "prop", "meta", "middle", "mark", "thus", "form", "script script", "a li", "div div", "mua bn", "link", "a div", "trang ch", "gii thiu", "tin tc", "header http2", "gmt cache", "gmt server", "litespeed", "443 ma2592000", "172.217.16.232", "http://lhr48s28-in-f8.1e100.net" ], "references": [ "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key", "https://m.bds247.vn//view/js/jquery6_1.js 443", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://m.bds247.vn/view/js/page.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "https://m.bds247.vn//view/js/jquery6_1.js", "https://m.bds247.vn/lib/nivo-slider/slider.js", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "FileHash-SHA256": 82, "domain": 134, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621bc3aa050a6c5693595f25", "name": "Zetalytics API", "description": "", "modified": "2022-03-29T00:03:34.773000", "created": "2022-02-27T18:32:10.542000", "tags": [ "google", "google llc", "detected", "expand overall", "http", "amazonaes", "openssl", "lookup go", "rescan add", "verdict report", "behaviour", "june", "apache", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "us summary", "line", "google maps", "api warning", "redirects links", "similar dom", "content api", "domains", "Ransomware" ], "references": [ "zetalytics .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Virus.PolyRansom-5704625-0", "display_name": "Win.Virus.PolyRansom-5704625-0", "target": null }, { "id": "Win32:Cryptor", "display_name": "Win32:Cryptor", "target": null }, { "id": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "display_name": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "target": null }, { "id": "Trojan:Win32/Danabot.G", "display_name": "Trojan:Win32/Danabot.G", "target": "/malware/Trojan:Win32/Danabot.G" }, { "id": "Backdoor:Win32/Poison.E", "display_name": "Backdoor:Win32/Poison.E", "target": "/malware/Backdoor:Win32/Poison.E" }, { "id": "ALF:PUA:Block:IObit.R!MTB", "display_name": "ALF:PUA:Block:IObit.R!MTB", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "URL": 2375, "domain": 441, "hostname": 833, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1524 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://m.bds247.vn/lib/nivo-slider/slider.js", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://m.bds247.vn/view/js/page.js 443 Script", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW", "https://m.bds247.vn//view/js/jquery6_1.js", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "zetalytics .pdf", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js", "https://m.bds247.vn//view/js/jquery6_1.js 443", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Telper:cert:softwarebundler:win32/bunpredelt", "Win.virus.polyransom-5704625-0", "Alf:pua:block:iobit.r!mtb", "Trojan:win32/danabot.g", "Backdoor:win32/poison.e", "Win32:cryptor" ], "industries": [], "unique_indicators": 7392 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/nwbox.com", "whois": "http://whois.domaintools.com/nwbox.com", "domain": "nwbox.com", "hostname": "javascript.nwbox.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "6a11810e7bc0d9d7652b4fcb", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:44:37.782000", "created": "2026-05-23T10:27:26.040000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 194, "FileHash-MD5": 63, "FileHash-SHA1": 65, "FileHash-SHA256": 456, "domain": 116, "hostname": 495, "URL": 862, "email": 1 }, "indicator_count": 2252, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1181104aab1e5b6484a6d2", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:34:56.494000", "created": "2026-05-23T10:27:28.048000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 70, "FileHash-MD5": 19, "FileHash-SHA1": 18, "FileHash-SHA256": 412, "domain": 96, "hostname": 409, "URL": 810, "email": 1 }, "indicator_count": 1835, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657096b22a51f1cc56dcfb53", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "", "modified": "2023-12-06T15:43:46.083000", "created": "2023-12-06T15:43:46.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "domain": 134, "FileHash-SHA256": 82, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707f8475d8a8785dfc5a2f", "name": "Zetalytics API", "description": "", "modified": "2023-12-06T14:04:52.250000", "created": "2023-12-06T14:04:52.250000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "hostname": 833, "domain": 441, "URL": 2375, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "63dbbf6ae4f5433c2bab52e9", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "A guide to some of the key methods used by the web browser, jQuery, to create web pages and add links to the search engine and other parts of its web address system, as well as the address bar.", "modified": "2023-03-04T13:00:43.098000", "created": "2023-02-02T13:49:30.620000", "tags": [ "null", "copyright", "jan sorgalla", "built", "bill scott", "http", "error", "function", "title", "method", "play", "fast", "click", "return", "href", "target", "span", "pass", "linear", "timebuff", "block", "trigger", "nivoslider", "display", "width", "show", "next", "arrow", "restart", "stop", "iframe", "alpha", "factory", "type", "handle", "sizzle", "match", "check", "make sure", "elem", "name", "regexp", "hooks", "false", "date", "class", "internal", "done", "bind", "test", "body", "copy", "hold", "mozilla", "logic", "flash", "jquery", "fall", "bubble", "prop", "meta", "middle", "mark", "thus", "form", "script script", "a li", "div div", "mua bn", "link", "a div", "trang ch", "gii thiu", "tin tc", "header http2", "gmt cache", "gmt server", "litespeed", "443 ma2592000", "172.217.16.232", "http://lhr48s28-in-f8.1e100.net" ], "references": [ "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key", "https://m.bds247.vn//view/js/jquery6_1.js 443", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://m.bds247.vn/view/js/page.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "https://m.bds247.vn//view/js/jquery6_1.js", "https://m.bds247.vn/lib/nivo-slider/slider.js", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "FileHash-SHA256": 82, "domain": 134, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "621bc3aa050a6c5693595f25", "name": "Zetalytics API", "description": "", "modified": "2022-03-29T00:03:34.773000", "created": "2022-02-27T18:32:10.542000", "tags": [ "google", "google llc", "detected", "expand overall", "http", "amazonaes", "openssl", "lookup go", "rescan add", "verdict report", "behaviour", "june", "apache", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "us summary", "line", "google maps", "api warning", "redirects links", "similar dom", "content api", "domains", "Ransomware" ], "references": [ "zetalytics .pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Virus.PolyRansom-5704625-0", "display_name": "Win.Virus.PolyRansom-5704625-0", "target": null }, { "id": "Win32:Cryptor", "display_name": "Win32:Cryptor", "target": null }, { "id": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "display_name": "TELPER:CERT:SoftwareBundler:Win32/Bunpredelt", "target": null }, { "id": "Trojan:Win32/Danabot.G", "display_name": "Trojan:Win32/Danabot.G", "target": "/malware/Trojan:Win32/Danabot.G" }, { "id": "Backdoor:Win32/Poison.E", "display_name": "Backdoor:Win32/Poison.E", "target": "/malware/Backdoor:Win32/Poison.E" }, { "id": "ALF:PUA:Block:IObit.R!MTB", "display_name": "ALF:PUA:Block:IObit.R!MTB", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 754, "URL": 2375, "domain": 441, "hostname": 833, "CIDR": 5, "FileHash-MD5": 2, "email": 1 }, "indicator_count": 4411, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1524 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://javascript.nwbox.com/CSSSupport/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://javascript.nwbox.com/CSSSupport/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780237322.557594 }