{ "type": "URL", "indicator": "http://pkt.data.data/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "http://pkt.data.data/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4296325097, "indicator": "http://pkt.data.data/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "6a0e80601f3040ce2765f408", "name": "applespell VirusTotal Box of Apples Sandbox report", "description": "[full report on the Visual Studio Code.app.com malware, published on 19 January, 2024 and published online by the University of South Wales (USA) in the United States.]", "modified": "2026-05-21T04:05:48.166000", "created": "2026-05-21T03:47:44.044000", "tags": [ "applespell", "gx installer", "opera gx", "installer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "updater", "mitre attack", "file type", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive", "persistence", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 58, "IPv4": 47, "domain": 16, "hostname": 61, "URL": 105, "FileHash-MD5": 1, "Mutex": 2 }, "indicator_count": 294, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d38f2be92e678ccdfcf157", "name": "CAPE Sandbox", "description": "spyware", "modified": "2026-05-06T11:00:54.822000", "created": "2026-04-06T10:47:07.561000", "tags": [ "renewed", "8gbram", "windows10", "19inlcdmonitor", "desktop pc", "package", "intel core", "hard drive", "dvdrw", "wifi", "title", "blink", "date", "meta", "elite", "body" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472287&Signature=rw%2BkzkQKY5M41fqBOOPOnF5nUXqseptUkZPX0VOkL5lmxzWIcqVfQFKQGRNKIzZOE90PJOiV7ZneTdKShjcZbrGhVubS6ms3aA16QMDcjwhN1ydkTmSwfmIuEhyWnqyPR28n7DU3JQ%2FKuYgCjUFaromvhWGfhh%2B5YArNd6sFv7Yrw9YwYZ644Ob%2F3hzdlY8JqqRt592k16rV%2F50Q3%2BaL%2Bs9LjV6%2BTJMwLFmQMSBYr4s2l1", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472412&Signature=QcBCZcKyHYxWwhSWOKX7apvx3%2BT3Bjzt3y1Xx2vTLrR768KeDlg7sY1Be5YVVKRCCT3rWlV9n36IfmZpQ0siFg%2BaS8Lw3STmcyFUw%2FF28Uar%2BVuRm1sKdVq24l7lGhYyAteWJqAIe8VHgUtUXBMOAcr4lzsj7YA%2BoYqiuspu%2BRgoCYoVEA55ujOTpbSulxwZ%2FgVUmIhSzlosNjBP1lSIEUOLWG%2BUC3yYSMS%2Bg4nxp9PO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 249, "FileHash-SHA1": 46, "FileHash-SHA256": 44, "URL": 75, "hostname": 131, "domain": 12 }, "indicator_count": 557, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472412&Signature=QcBCZcKyHYxWwhSWOKX7apvx3%2BT3Bjzt3y1Xx2vTLrR768KeDlg7sY1Be5YVVKRCCT3rWlV9n36IfmZpQ0siFg%2BaS8Lw3STmcyFUw%2FF28Uar%2BVuRm1sKdVq24l7lGhYyAteWJqAIe8VHgUtUXBMOAcr4lzsj7YA%2BoYqiuspu%2BRgoCYoVEA55ujOTpbSulxwZ%2FgVUmIhSzlosNjBP1lSIEUOLWG%2BUC3yYSMS%2Bg4nxp9PO", "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472287&Signature=rw%2BkzkQKY5M41fqBOOPOnF5nUXqseptUkZPX0VOkL5lmxzWIcqVfQFKQGRNKIzZOE90PJOiV7ZneTdKShjcZbrGhVubS6ms3aA16QMDcjwhN1ydkTmSwfmIuEhyWnqyPR28n7DU3JQ%2FKuYgCjUFaromvhWGfhh%2B5YArNd6sFv7Yrw9YwYZ644Ob%2F3hzdlY8JqqRt592k16rV%2F50Q3%2BaL%2Bs9LjV6%2BTJMwLFmQMSBYr4s2l1" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 892 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/data.data", "whois": "http://whois.domaintools.com/data.data", "domain": "data.data", "hostname": "pkt.data.data" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "6a0e80601f3040ce2765f408", "name": "applespell VirusTotal Box of Apples Sandbox report", "description": "[full report on the Visual Studio Code.app.com malware, published on 19 January, 2024 and published online by the University of South Wales (USA) in the United States.]", "modified": "2026-05-21T04:05:48.166000", "created": "2026-05-21T03:47:44.044000", "tags": [ "applespell", "gx installer", "opera gx", "installer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "updater", "mitre attack", "file type", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive", "persistence", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 58, "IPv4": 47, "domain": 16, "hostname": 61, "URL": 105, "FileHash-MD5": 1, "Mutex": 2 }, "indicator_count": 294, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d38f2be92e678ccdfcf157", "name": "CAPE Sandbox", "description": "spyware", "modified": "2026-05-06T11:00:54.822000", "created": "2026-04-06T10:47:07.561000", "tags": [ "renewed", "8gbram", "windows10", "19inlcdmonitor", "desktop pc", "package", "intel core", "hard drive", "dvdrw", "wifi", "title", "blink", "date", "meta", "elite", "body" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472287&Signature=rw%2BkzkQKY5M41fqBOOPOnF5nUXqseptUkZPX0VOkL5lmxzWIcqVfQFKQGRNKIzZOE90PJOiV7ZneTdKShjcZbrGhVubS6ms3aA16QMDcjwhN1ydkTmSwfmIuEhyWnqyPR28n7DU3JQ%2FKuYgCjUFaromvhWGfhh%2B5YArNd6sFv7Yrw9YwYZ644Ob%2F3hzdlY8JqqRt592k16rV%2F50Q3%2BaL%2Bs9LjV6%2BTJMwLFmQMSBYr4s2l1", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472412&Signature=QcBCZcKyHYxWwhSWOKX7apvx3%2BT3Bjzt3y1Xx2vTLrR768KeDlg7sY1Be5YVVKRCCT3rWlV9n36IfmZpQ0siFg%2BaS8Lw3STmcyFUw%2FF28Uar%2BVuRm1sKdVq24l7lGhYyAteWJqAIe8VHgUtUXBMOAcr4lzsj7YA%2BoYqiuspu%2BRgoCYoVEA55ujOTpbSulxwZ%2FgVUmIhSzlosNjBP1lSIEUOLWG%2BUC3yYSMS%2Bg4nxp9PO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 249, "FileHash-SHA1": 46, "FileHash-SHA256": 44, "URL": 75, "hostname": 131, "domain": 12 }, "indicator_count": 557, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "http://pkt.data.data/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "http://pkt.data.data/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780333063.6427817 }