{ "type": "URL", "indicator": "https://accounts.google.com/_/bscframe", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://accounts.google.com/_/bscframe", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #1", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #3", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain google.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain google.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 2847775059, "indicator": "https://accounts.google.com/_/bscframe", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 17, "pulses": [ { "id": "69f3f6fc9ae9b2297964a5a4", "name": "VirusTotal report for Test.docx + Other Civic Findings/CVE Linkings", "description": "1. CivicPlus.com Threat IndicatorsVT Status: Red Flagged [120+ references, 200+android APKS and tracking configs[js]].Suspicious MD5: 3f307fecb41ea75bb946e8fde73a3c36b548243411783c036a1e7ae6605e8223.Suspicious SHA1: 0ef5ceebb6efa99e12e888a993e56d557dff07fd.Behavioral Pattern: Multiple versions flagged with No Expiration (indicates persistent or hard-coded malicious components in related files).2. HitmanPro Findings (Feb 2025)File Action: Detected as Malware/Suspicious in C:\\Windows\\Installer and user data areas.Note: Typical of behavioral scanning identifying code injection or untrusted signatures, often flagged alongside browser data.3. SSO Autodesk Anomalies (Q1 2025)SAML Assertion Failure: Incorrect objectGUID mapping on IdP side, sending user.objectid as literal string instead of unique identifier. Potential credential abuse or IdP misconfiguration - Attached [Reportscivicplus_vt_red_flag_feb2025.loghmp_scan_022025] + test.docx which shows signs that resemble a test recall email.", "modified": "2026-05-31T05:19:13.706000", "created": "2026-05-01T00:42:36.613000", "tags": [ "medium", "windows", "high", "alerts", "yara detections", "worm", "https domain", "tls sni", "io control", "installs", "virustotal", "copy", "explorer", "malware", "config by town", "civicplus", "beyond surveillance", "significant overreach" ], "references": [ "multiple_versions\tSHA1 of 3f307fecb41ea75bb946e8fde73a3c36b548243411783c036a1e7ae6605e8223\tNo Expiration", "", "CVE-2025-10898/10899/10900: Out-of-Bounds Write vulnerabilities found in parsed MODEL files.", "More elaborate 'text' exploits now exist that allow texts are now being distributed via ai drops in chats in the form of what would appear to be a hyperlink. This is a new genre of elevation in exploit.", "The 'test' email aligns perfectly with CVE-2022-30190, as indicated in my findings" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1010, "FileHash-SHA1": 437, "FileHash-SHA256": 2319, "URL": 637, "email": 14, "hostname": 468, "domain": 101, "CVE": 9 }, "indicator_count": 4995, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "12 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "60a794fa6de6293139323f21", "name": "VETTED Phishing URLs", "description": "VETTED Phishing URLs, mostly european targets", "modified": "2026-05-29T07:18:37.706000", "created": "2021-05-21T11:09:46.641000", "tags": [ "europe", "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1976212, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "verifrom", "id": "15054", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 107057 }, "indicator_count": 107057, "is_author": false, "is_subscribing": null, "subscriber_count": 1272, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c353e548fe41549a2094", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.769000", "created": "2026-05-05T10:15:47.653000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 124, "hostname": 136, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c351adf63435d7a118ea", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.367000", "created": "2026-05-05T10:15:45.503000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 125, "hostname": 135, "domain": 32, "email": 1 }, "indicator_count": 1645, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c3482f0a487199f01dfe", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T12:01:34.624000", "created": "2026-05-05T10:15:36.709000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1206, "IPv4": 185, "FileHash-MD5": 109, "FileHash-SHA1": 231, "URL": 300, "hostname": 276, "domain": 219, "email": 29, "CIDR": 6 }, "indicator_count": 2561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c34e91ef1282eaf26b24", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T11:55:52.834000", "created": "2026-05-05T10:15:42.571000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 200, "URL": 124, "hostname": 135, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf461ebc1a9bcfbffa2aad", "name": "VirusTotal Droidy Android Sandbox", "description": "Here is the full list of results from the second day of the 2016 Android World Championship, held at 22:00 BST on Tuesday, 1 July.. . and \u00c2\u00a31.\n\ni cant add this one - legacy - http://100tosdefotos.com/", "modified": "2026-05-03T04:09:43.062000", "created": "2026-04-03T04:46:22.211000", "tags": [ "process", "current object", "android sandbox", "europemadrid", "windows sandbox", "clear filters", "has permission", "file type", "apks", "accesses", "sim provider", "name", "may check", "mitre attack", "network info", "malicious", "persistence", "cloud", "chrome cache", "png image", "cache entry", "rgba", "entry", "web open", "font format", "version", "truetype", "next", "detail info", "text", "classname", "window", "static", "behaviour", "filename", "offset", "class", "button", "mozilla", "shell", "nsis", "find", "back", "state", "connecting", "connected", "suspended", "disconnected", "unknown", "shell folders", "default", "inprocserver32", "new roman", "registry keys", "nothing", "shell dlg", "roman baltic186", "roman cyr204", "roman tur162", "xffxfea xffxfea", "xffu xffu", "xffxfcs xffxfcs", "x8af x8af", "xb6p xb6p", "xb6y xb6y", "x88g x88g", "xb6xf2 xb6xf2", "xfft", "xc1xe7 xc1xe7", "axec", "programfiles", "allusersprofile", "windir", "protocol level", "application", "previous", "next connection", "address", "full path", "behavior", "bits", "dump", "path", "calls clear", "eandroidruntime", "pufwifi", "flag", "networkinfo", "action", "extras", "start", "componentname", "write", "calls process", "cname", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "address virtual", "path c", "sha256", "accept", "shutdown", "error", "sandbox", "stack", "win32 exe", "pe32", "intel", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "generic", "processes extra", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "android", "zip archive", "xapk android", "android package", "java archive", "sweet home", "design", "html document", "unicode text", "utf8 text", "crlf", "lf line", "language", "date mon", "gmt contenttype", "connection", "link", "json", "xlitespeedcache", "reportto", "server", "contentencoding", "cfray", "king88", "ch cng", "c thit", "c bit", "iu hp", "trang ch", "king88 com", "ci ng", "cp s", "c vit", "object", "string", "number", "null", "function", "g5wmgjr5qk4", "cssselector", "regexp", "date", "void", "trident", "mini", "meta", "please", "javascript", "members", "staff", "inspection", "abip", "local broadcast", "newsletter fcc", "resource center", "marshfield high", "school", "localism join", "facebook", "contact", "summer", "grave", "email", "photo", "strong", "peter deftos", "sign", "learn", "memorial", "leave", "problem", "done", "already", "close", "verify", "twitter", "details", "full", "persist", "editorimpl" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189779&Signature=KfMCCyf96T3bMlo9SpmV1KGK0zKBbkhhSc6Ig5Hvwfx%2FTKTqEVBDXB28XNeWzWbCRTwCNnYlHV3Ed%2BMjcd%2B1aCTDYi5GH9Qw3msxqk5iKwRhzDIhfpM98SwOLC%2B7xZUAC60ecDmVDsjA9OOwOkJe87q3Rrx2lrU9%2BjuSJ1EdwI16qoJyd29sLcX7STTqAMHuzCjIixIOre64HAjpH4lt%2F8tSgE1A5Rs2V7PRHSX6ibKLD", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189811&Signature=O96heM5BVAaltXSZInHXgIgK35KjLrLg%2FfKtFXVS%2BoRHTlfpZtn4LpFvolATpK7dED66Ms7SXpn8nX0i7j1IpuDOXOXSm112TOKIKVVPZJH5ppCD6uFYvhkfNcQGa%2FXK%2BDixyM%2BuqwGoJSFD6QzP8J2Iz1GyU4RYYWuB2C7ZD7LOWKlvxF%2F9LTAX8jFDLgFVsE3Og3cU8y3jK%2BenDPthRM6YFu3qewxpti7KVNwKeMJ", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189872&Signature=P%2Fa2KXhuVwj4RO8cyfIpkYofLKzsLiKRPHuVAi7hjApskLh84OqCfKuK51z7bTKZd8lCCiQ7XuIaxWQDR7qzDFvuCWutobNhKDdHSDLrTMtqqX3o5RmBpSzMUw3jQJcbxsYWqaOMHy8ZeWEVRuB9orvLwMZbJMMIJM8GhUVHZ6%2BwciVIoj0lYTCb%2FEEkQWTV4g3hs9l8KRzbEfvJGja6ANuv1OtdFLk8pejrraAJMB7ThsjINOXbJb", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189913&Signature=KduKv0QQf8IKhUUAV%2F0zpzpUmIU%2BEctpJKxUJlyu0Myu11iCQCXfXPprtMBAv5ifc4GLTHDiIuEAJwg%2B%2BHGWjun5ZKLKzoz8Ot2udHqFxvy6ZToPEC4Iui9vdRDHqosVaT77R1Tm1TGuyKVmwYTcow4klVAcpzEWanzWx1jHS42ARepJVrS3AFXHMaaBdTgr23jXcbmly1t3b8lwVilcsk2itdoprPpClQTzwYr1y7YV1%2FbYTDGocHnDwCYy", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189954&Signature=2gy%2BsyEM78P6orDGWKQU%2FFPSIdVK9X7o8Nkcwb%2BY4r%2FCb%2Bo9JmA9T%2Bfonw9IqbojQSIK%2BNShZUJJ9GV4wWT5l1QfkYfZP0MJ91%2BkDw39PLOc4VVgmBApIQJRTIlgSlI020YfOeIPoIYH8yuCF2dJ32zKg87g0dDFkg4zbExGDJB3%2BGDxX5MJ6hHuzVrwxm7E1L%2F%2FffKQ%2B9rXqoT0hRHEdPSaXSydmnqfMfnjCv", "https://vtbehaviour.commondatastorage.googleapis.com/970fdc4da66bc8fff977698c150fc6ebdf9488356ed41ded52d2659830ec5353_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189984&Signature=f%2FZZkKTu5zUihkCuCj%2F0pEGmBjWWBiZRDmREgGkkkKvTyR7M5iC0oLGYfaL6WibiUB6pQirxgBtEcS2JtupD291Or3j7%2BKoyngW7R9uf%2FjjWQwfC5YHKjNutT6K5TYuEmzySVs9onhIBSjj4U%2Bi2q%2FMJmQFiDtFZHfcyy00LYqbAbBwEAUnVJZUdH6FvNBu4ArU26VDLDwv1nMSgEjxUWBCwiP4HXlwL5%2BxU6y0eTc2", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190004&Signature=Nzt9YHY3Ji2VsLO1kvr7%2FyWWwOgo%2BCIoXyjtyshhzTGRxGzhcNdyKU9byPqyv%2F5YAzj%2BmNnDego3ImYeToBCbgyY%2BJJMmUKX6ZrUT1a2O4gv9eMyysIFgYhJ7ZpzyGIvHR5VSJlzPX0AWS81Ml7syDCjTGHikZ9G%2B%2B0cfDA0dhp%2FR7zhAp7yxB2jsDhz1kDY3nncYpjeVtj2o02Nt4JxPa5ML%2FvKBF%2FBHtOtBCqh%2", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190083&Signature=a1bnyt5OUcTN8ONeNVqbY%2Fe%2FDVJ2N3olQ9r59dijMLLegF84xQDghj0r6VPdFB8fc%2B3QTcJqhpm6vag1pK9us%2F3UqDJ3Yubf%2FukjL4GMKXDdMSggljB7d%2FpkTraQysnttspVal56LzXitjgIEGYZTidKcIv5LM6YH4zCAXn%2BVueaBNIgpcDS0RuX8fVAQYOeftW9AiEz2TZzx1BT6KUgoj0Tzetn4k541357bb58K1w9n9QV1", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190146&Signature=3XpRLUQ3g712Vw0Gv1aflVxZs7RKpzIhEK8giO9ydwOrOGjLnAK89Y%2BmEf4g2U2YbO04EE%2BcdR5xPgcch1%2B1Gf4thYCgBcbKEEIfNK5UrJwBpAkYRm3D9xsnD%2FVxZt26yLC6aQy87D%2FKNC9aLvViRHGxuFgOp4zkcU%2BRD6mmpIB8SpX5%2BDpocWc4s9R%2BywRPXZ2U2E49g81i%2B5io3Ycqe8ikdjbPlZo9R0KEFLaDQtH", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190199&Signature=RiO2p%2BBvc38TqeTuiMJNxoT6Jr3JfHvTQFQIk94ZaRY%2FPP5yEPSH45GncMCh4GqP1%2F%2BNLR2IVm5Z2svEWojLwxq%2Fl0eIAWy1chUQmg2GcEg5YoaEEnXpWjb1er08EIYwV0ZC8parFwVrr194MKeUmZYo5NLYk4%2BCim9ipnxYse12eROsMSXZtyS4daGivzQzihRqTUU9iEn%2FxAKEOI%2F3V8JRrqNy3nDqmo1mdoVr", "https://vtbehaviour.commondatastorage.googleapis.com/bc20f137a2281fae2ee13f698e613e72c37f6b4eb6784653f284f11f4d83ba77_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190236&Signature=Fg7jPZWmHQO%2BH8GRQx%2FxSMq5Na7Oo9cN0HR99DHFY8svYTkPoerGELKx7Sf906aTDq2Rer45ajXeYPzzHTiab9NKqWR1JGHbaq0WapVqsRzvXz2QLuBhHoz50tIoVKnx8ZrN9HqHBQweg8nfN%2FWEoaHVlSgav3jhoNTnZAC%2Fa%2BsTLexjXFBIP2v4jpISAl82ESU%2FGZH64BtZpgIJz7RZXdDqZ3LF7JTgwG2JX94%2BOOSn3G14", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190298&Signature=eEF6m7QHRnKk%2FYB374HxqU2TE0p8gXC9CWwIHPT7M6fEZKjeFUEmUEbqdupsD2hQQbkW%2Fmijo2rSEQ30q3EAyR9aQO3m6L91A6osc3kDipeyZqFrIqoj6wIe8MJGuRf4OC9cVAWipGYXPG5bqc3v6RUHir9MeLOggoGjalexCwBgs3SsGyhqU1uWZdJ%2Fs4nUbHyIJGc3FB9OrnhDRuGPdkfPSOA09hfujcul91zQNws4dznvmM", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190345&Signature=33%2BM36uNOvEfi8bNtJvnbxcTgcnoIlIO2vBglXpCJFNwC8HAewGOF91Q26TOAsw4sbmtTxQ2F5Q2jv2V3ULV8MAxxgYVptJ69SusRt7qZeBDUpMY%2BOdTYqjkdBuYUqYiCvM756aQheS1KvDepeD64x8e%2FivWkpm%2BZ9yDaKUc7w2143zYkc8kpyBSsO8rJI9vyoHYvbr4sfZOowoUWK7yMjQD9SN5bL%2FFABbMrPEOMyobApm", "https://vtbehaviour.commondatastorage.googleapis.com/06b6d62477011fa63fdb44046351fbe574391916a4f3ea0486b3e3498145a7d7_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190407&Signature=Y3EAa%2Fwo4ligJHfBUxkzWLjU9FPLyNmsxeNdcPCIPQBYTTGUIaFddrFIYHFhawxMDvixd7uA0qGc0zVDWgbStf2qhTOU1D0aF%2F%2BSLSXEY3VB8oWRXZCEI12zrSd5P4lHInxRS3CJKbNnJP4GvYx20ctpNSo4u%2FvVMLM%2B92TiYCunAVTquDVrFNNim6LJTEz2ucjhcgF2gKn%2FF0f9ALEheC1lk4omwpcYEPQLNX0wNsxNC%2BWQ", "https://vtbehaviour.commondatastorage.googleapis.com/bb46c18b5b2c98937c8fdfb7acd3e0fa4d0534cfc44d4b41ccd6db9198266fbf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190605&Signature=Rcvj5v%2By7yAX52ap8q3zDGTMjVRQm1LkjuWyhDQUaO6QXR1Ld%2F1dD2QjluOGOuXNiW%2FMNP%2Bqj%2Bx6KtYCvttE847keFo1Em2Bm%2F8bv4vK%2FJL0nGIiz%2FatgO7O78LZZ1wkYwcfG5JZAj8VdjDlHQbuOIUz8Nahqt2JUyQ84z3OeH5d3%2BjV8NKW5SjGWQw4mcmjPQXUznoCsysLbjCd5sgZTpyLUdeFJcNKQPiNBURsJeiyCI5llz0j", "https://www.googletagmanager.com/gtag/js?id=GT-NNS2QH6C", "https://www.googletagmanager.com/ns.html?id=GTM-PHWTRTJ", "https://www.virustotal.com/gui/url/f6db0235760bd467ca822ad515a8410121fde4713501b3e718b8fb127dfa259c?nocache=1", "https://www.massbroadcasters.org/eeo-organizations/marshfield-high-school", "https://www.findagrave.com/memorial/139047900/peter-deftos", "https://vtbehaviour.commondatastorage.googleapis.com/a041cbdeb64c802bde90e06f25213524b2eac500d6000da7e4caeb96e5de1991_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775191439&Signature=evxsL1kaOuLe5KziYCSqZ56H%2FqXRQgEN0tkJo0j5G7JQ3mmO0Kav5K9LCz%2FUEzi%2BdtB%2B3%2B7VM6r9pC%2BMh7nHxT%2Bs8UAYuVXPE%2FUbBdHWMjvZQuqrZ0hHqIR2xHVB132HiYQWLo%2FgS1QATOfAcHci3X4FqmqvUp7A%2FmNsE1aVFbLc971RHQOuTapOGhiDZlVUyA9KvpMDKw0DzdeHFSlayBSrDDsWL7xW06XOf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1414", "name": "Capture Clipboard Data", "display_name": "T1414 - Capture Clipboard Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1432", "name": "Access Contact List", "display_name": "T1432 - Access Contact List" }, { "id": "T1439", "name": "Eavesdrop on Insecure Network Communication", "display_name": "T1439 - Eavesdrop on Insecure Network Communication" }, { "id": "T1447", "name": "Delete Device Data", "display_name": "T1447 - Delete Device Data" }, { "id": "T1472", "name": "Generate Fraudulent Advertising Revenue", "display_name": "T1472 - Generate Fraudulent Advertising Revenue" }, { "id": "T1507", "name": "Network Information Discovery", "display_name": "T1507 - Network Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1523", "name": "Evade Analysis Environment", "display_name": "T1523 - Evade Analysis Environment" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 70, "FileHash-SHA1": 40, "FileHash-SHA256": 549, "URL": 344, "domain": 292, "hostname": 443 }, "indicator_count": 1738, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf461ceb2e58f5e3c0a44d", "name": "VirusTotal Droidy Android Sandbox", "description": "Here is the full list of results from the second day of the 2016 Android World Championship, held at 22:00 BST on Tuesday, 1 July.. . and \u00c2\u00a31.\n\ni cant add this one - legacy - http://100tosdefotos.com/", "modified": "2026-05-03T04:09:43.062000", "created": "2026-04-03T04:46:20.102000", "tags": [ "process", "current object", "android sandbox", "europemadrid", "windows sandbox", "clear filters", "has permission", "file type", "apks", "accesses", "sim provider", "name", "may check", "mitre attack", "network info", "malicious", "persistence", "cloud", "chrome cache", "png image", "cache entry", "rgba", "entry", "web open", "font format", "version", "truetype", "next", "detail info", "text", "classname", "window", "static", "behaviour", "filename", "offset", "class", "button", "mozilla", "shell", "nsis", "find", "back", "state", "connecting", "connected", "suspended", "disconnected", "unknown", "shell folders", "default", "inprocserver32", "new roman", "registry keys", "nothing", "shell dlg", "roman baltic186", "roman cyr204", "roman tur162", "xffxfea xffxfea", "xffu xffu", "xffxfcs xffxfcs", "x8af x8af", "xb6p xb6p", "xb6y xb6y", "x88g x88g", "xb6xf2 xb6xf2", "xfft", "xc1xe7 xc1xe7", "axec", "programfiles", "allusersprofile", "windir", "protocol level", "application", "previous", "next connection", "address", "full path", "behavior", "bits", "dump", "path", "calls clear", "eandroidruntime", "pufwifi", "flag", "networkinfo", "action", "extras", "start", "componentname", "write", "calls process", "cname", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "address virtual", "path c", "sha256", "accept", "shutdown", "error", "sandbox", "stack", "win32 exe", "pe32", "intel", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "generic", "processes extra", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "android", "zip archive", "xapk android", "android package", "java archive", "sweet home", "design", "html document", "unicode text", "utf8 text", "crlf", "lf line", "language", "date mon", "gmt contenttype", "connection", "link", "json", "xlitespeedcache", "reportto", "server", "contentencoding", "cfray", "king88", "ch cng", "c thit", "c bit", "iu hp", "trang ch", "king88 com", "ci ng", "cp s", "c vit", "object", "string", "number", "null", "function", "g5wmgjr5qk4", "cssselector", "regexp", "date", "void", "trident", "mini", "meta", "please", "javascript", "members", "staff", "inspection", "abip", "local broadcast", "newsletter fcc", "resource center", "marshfield high", "school", "localism join", "facebook", "contact", "summer", "grave", "email", "photo", "strong", "peter deftos", "sign", "learn", "memorial", "leave", "problem", "done", "already", "close", "verify", "twitter", "details", "full", "persist", "editorimpl" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189779&Signature=KfMCCyf96T3bMlo9SpmV1KGK0zKBbkhhSc6Ig5Hvwfx%2FTKTqEVBDXB28XNeWzWbCRTwCNnYlHV3Ed%2BMjcd%2B1aCTDYi5GH9Qw3msxqk5iKwRhzDIhfpM98SwOLC%2B7xZUAC60ecDmVDsjA9OOwOkJe87q3Rrx2lrU9%2BjuSJ1EdwI16qoJyd29sLcX7STTqAMHuzCjIixIOre64HAjpH4lt%2F8tSgE1A5Rs2V7PRHSX6ibKLD", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189811&Signature=O96heM5BVAaltXSZInHXgIgK35KjLrLg%2FfKtFXVS%2BoRHTlfpZtn4LpFvolATpK7dED66Ms7SXpn8nX0i7j1IpuDOXOXSm112TOKIKVVPZJH5ppCD6uFYvhkfNcQGa%2FXK%2BDixyM%2BuqwGoJSFD6QzP8J2Iz1GyU4RYYWuB2C7ZD7LOWKlvxF%2F9LTAX8jFDLgFVsE3Og3cU8y3jK%2BenDPthRM6YFu3qewxpti7KVNwKeMJ", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189872&Signature=P%2Fa2KXhuVwj4RO8cyfIpkYofLKzsLiKRPHuVAi7hjApskLh84OqCfKuK51z7bTKZd8lCCiQ7XuIaxWQDR7qzDFvuCWutobNhKDdHSDLrTMtqqX3o5RmBpSzMUw3jQJcbxsYWqaOMHy8ZeWEVRuB9orvLwMZbJMMIJM8GhUVHZ6%2BwciVIoj0lYTCb%2FEEkQWTV4g3hs9l8KRzbEfvJGja6ANuv1OtdFLk8pejrraAJMB7ThsjINOXbJb", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189913&Signature=KduKv0QQf8IKhUUAV%2F0zpzpUmIU%2BEctpJKxUJlyu0Myu11iCQCXfXPprtMBAv5ifc4GLTHDiIuEAJwg%2B%2BHGWjun5ZKLKzoz8Ot2udHqFxvy6ZToPEC4Iui9vdRDHqosVaT77R1Tm1TGuyKVmwYTcow4klVAcpzEWanzWx1jHS42ARepJVrS3AFXHMaaBdTgr23jXcbmly1t3b8lwVilcsk2itdoprPpClQTzwYr1y7YV1%2FbYTDGocHnDwCYy", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189954&Signature=2gy%2BsyEM78P6orDGWKQU%2FFPSIdVK9X7o8Nkcwb%2BY4r%2FCb%2Bo9JmA9T%2Bfonw9IqbojQSIK%2BNShZUJJ9GV4wWT5l1QfkYfZP0MJ91%2BkDw39PLOc4VVgmBApIQJRTIlgSlI020YfOeIPoIYH8yuCF2dJ32zKg87g0dDFkg4zbExGDJB3%2BGDxX5MJ6hHuzVrwxm7E1L%2F%2FffKQ%2B9rXqoT0hRHEdPSaXSydmnqfMfnjCv", "https://vtbehaviour.commondatastorage.googleapis.com/970fdc4da66bc8fff977698c150fc6ebdf9488356ed41ded52d2659830ec5353_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189984&Signature=f%2FZZkKTu5zUihkCuCj%2F0pEGmBjWWBiZRDmREgGkkkKvTyR7M5iC0oLGYfaL6WibiUB6pQirxgBtEcS2JtupD291Or3j7%2BKoyngW7R9uf%2FjjWQwfC5YHKjNutT6K5TYuEmzySVs9onhIBSjj4U%2Bi2q%2FMJmQFiDtFZHfcyy00LYqbAbBwEAUnVJZUdH6FvNBu4ArU26VDLDwv1nMSgEjxUWBCwiP4HXlwL5%2BxU6y0eTc2", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190004&Signature=Nzt9YHY3Ji2VsLO1kvr7%2FyWWwOgo%2BCIoXyjtyshhzTGRxGzhcNdyKU9byPqyv%2F5YAzj%2BmNnDego3ImYeToBCbgyY%2BJJMmUKX6ZrUT1a2O4gv9eMyysIFgYhJ7ZpzyGIvHR5VSJlzPX0AWS81Ml7syDCjTGHikZ9G%2B%2B0cfDA0dhp%2FR7zhAp7yxB2jsDhz1kDY3nncYpjeVtj2o02Nt4JxPa5ML%2FvKBF%2FBHtOtBCqh%2", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190083&Signature=a1bnyt5OUcTN8ONeNVqbY%2Fe%2FDVJ2N3olQ9r59dijMLLegF84xQDghj0r6VPdFB8fc%2B3QTcJqhpm6vag1pK9us%2F3UqDJ3Yubf%2FukjL4GMKXDdMSggljB7d%2FpkTraQysnttspVal56LzXitjgIEGYZTidKcIv5LM6YH4zCAXn%2BVueaBNIgpcDS0RuX8fVAQYOeftW9AiEz2TZzx1BT6KUgoj0Tzetn4k541357bb58K1w9n9QV1", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190146&Signature=3XpRLUQ3g712Vw0Gv1aflVxZs7RKpzIhEK8giO9ydwOrOGjLnAK89Y%2BmEf4g2U2YbO04EE%2BcdR5xPgcch1%2B1Gf4thYCgBcbKEEIfNK5UrJwBpAkYRm3D9xsnD%2FVxZt26yLC6aQy87D%2FKNC9aLvViRHGxuFgOp4zkcU%2BRD6mmpIB8SpX5%2BDpocWc4s9R%2BywRPXZ2U2E49g81i%2B5io3Ycqe8ikdjbPlZo9R0KEFLaDQtH", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190199&Signature=RiO2p%2BBvc38TqeTuiMJNxoT6Jr3JfHvTQFQIk94ZaRY%2FPP5yEPSH45GncMCh4GqP1%2F%2BNLR2IVm5Z2svEWojLwxq%2Fl0eIAWy1chUQmg2GcEg5YoaEEnXpWjb1er08EIYwV0ZC8parFwVrr194MKeUmZYo5NLYk4%2BCim9ipnxYse12eROsMSXZtyS4daGivzQzihRqTUU9iEn%2FxAKEOI%2F3V8JRrqNy3nDqmo1mdoVr", "https://vtbehaviour.commondatastorage.googleapis.com/bc20f137a2281fae2ee13f698e613e72c37f6b4eb6784653f284f11f4d83ba77_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190236&Signature=Fg7jPZWmHQO%2BH8GRQx%2FxSMq5Na7Oo9cN0HR99DHFY8svYTkPoerGELKx7Sf906aTDq2Rer45ajXeYPzzHTiab9NKqWR1JGHbaq0WapVqsRzvXz2QLuBhHoz50tIoVKnx8ZrN9HqHBQweg8nfN%2FWEoaHVlSgav3jhoNTnZAC%2Fa%2BsTLexjXFBIP2v4jpISAl82ESU%2FGZH64BtZpgIJz7RZXdDqZ3LF7JTgwG2JX94%2BOOSn3G14", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190298&Signature=eEF6m7QHRnKk%2FYB374HxqU2TE0p8gXC9CWwIHPT7M6fEZKjeFUEmUEbqdupsD2hQQbkW%2Fmijo2rSEQ30q3EAyR9aQO3m6L91A6osc3kDipeyZqFrIqoj6wIe8MJGuRf4OC9cVAWipGYXPG5bqc3v6RUHir9MeLOggoGjalexCwBgs3SsGyhqU1uWZdJ%2Fs4nUbHyIJGc3FB9OrnhDRuGPdkfPSOA09hfujcul91zQNws4dznvmM", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190345&Signature=33%2BM36uNOvEfi8bNtJvnbxcTgcnoIlIO2vBglXpCJFNwC8HAewGOF91Q26TOAsw4sbmtTxQ2F5Q2jv2V3ULV8MAxxgYVptJ69SusRt7qZeBDUpMY%2BOdTYqjkdBuYUqYiCvM756aQheS1KvDepeD64x8e%2FivWkpm%2BZ9yDaKUc7w2143zYkc8kpyBSsO8rJI9vyoHYvbr4sfZOowoUWK7yMjQD9SN5bL%2FFABbMrPEOMyobApm", "https://vtbehaviour.commondatastorage.googleapis.com/06b6d62477011fa63fdb44046351fbe574391916a4f3ea0486b3e3498145a7d7_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190407&Signature=Y3EAa%2Fwo4ligJHfBUxkzWLjU9FPLyNmsxeNdcPCIPQBYTTGUIaFddrFIYHFhawxMDvixd7uA0qGc0zVDWgbStf2qhTOU1D0aF%2F%2BSLSXEY3VB8oWRXZCEI12zrSd5P4lHInxRS3CJKbNnJP4GvYx20ctpNSo4u%2FvVMLM%2B92TiYCunAVTquDVrFNNim6LJTEz2ucjhcgF2gKn%2FF0f9ALEheC1lk4omwpcYEPQLNX0wNsxNC%2BWQ", "https://vtbehaviour.commondatastorage.googleapis.com/bb46c18b5b2c98937c8fdfb7acd3e0fa4d0534cfc44d4b41ccd6db9198266fbf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190605&Signature=Rcvj5v%2By7yAX52ap8q3zDGTMjVRQm1LkjuWyhDQUaO6QXR1Ld%2F1dD2QjluOGOuXNiW%2FMNP%2Bqj%2Bx6KtYCvttE847keFo1Em2Bm%2F8bv4vK%2FJL0nGIiz%2FatgO7O78LZZ1wkYwcfG5JZAj8VdjDlHQbuOIUz8Nahqt2JUyQ84z3OeH5d3%2BjV8NKW5SjGWQw4mcmjPQXUznoCsysLbjCd5sgZTpyLUdeFJcNKQPiNBURsJeiyCI5llz0j", "https://www.googletagmanager.com/gtag/js?id=GT-NNS2QH6C", "https://www.googletagmanager.com/ns.html?id=GTM-PHWTRTJ", "https://www.virustotal.com/gui/url/f6db0235760bd467ca822ad515a8410121fde4713501b3e718b8fb127dfa259c?nocache=1", "https://www.massbroadcasters.org/eeo-organizations/marshfield-high-school", "https://www.findagrave.com/memorial/139047900/peter-deftos", "https://vtbehaviour.commondatastorage.googleapis.com/a041cbdeb64c802bde90e06f25213524b2eac500d6000da7e4caeb96e5de1991_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775191439&Signature=evxsL1kaOuLe5KziYCSqZ56H%2FqXRQgEN0tkJo0j5G7JQ3mmO0Kav5K9LCz%2FUEzi%2BdtB%2B3%2B7VM6r9pC%2BMh7nHxT%2Bs8UAYuVXPE%2FUbBdHWMjvZQuqrZ0hHqIR2xHVB132HiYQWLo%2FgS1QATOfAcHci3X4FqmqvUp7A%2FmNsE1aVFbLc971RHQOuTapOGhiDZlVUyA9KvpMDKw0DzdeHFSlayBSrDDsWL7xW06XOf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1414", "name": "Capture Clipboard Data", "display_name": "T1414 - Capture Clipboard Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1432", "name": "Access Contact List", "display_name": "T1432 - Access Contact List" }, { "id": "T1439", "name": "Eavesdrop on Insecure Network Communication", "display_name": "T1439 - Eavesdrop on Insecure Network Communication" }, { "id": "T1447", "name": "Delete Device Data", "display_name": "T1447 - Delete Device Data" }, { "id": "T1472", "name": "Generate Fraudulent Advertising Revenue", "display_name": "T1472 - Generate Fraudulent Advertising Revenue" }, { "id": "T1507", "name": "Network Information Discovery", "display_name": "T1507 - Network Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1523", "name": "Evade Analysis Environment", "display_name": "T1523 - Evade Analysis Environment" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 70, "FileHash-SHA1": 40, "FileHash-SHA256": 549, "URL": 344, "domain": 293, "hostname": 443 }, "indicator_count": 1739, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf32e906000d5993f366c4", "name": "Habo Analysis System - & 'bye for now'", "description": "Habo Analysis plus other relative findings.\n\nMy opinion: Problem Size Trend : Macro. Whoever deleted files doesnt make it go away. #cryptographicfailure. Living Nightmare. The dates will reflect 2019/20 post certificate exp which adjusts to an aug 2025 sectigo cert which expired sept 8 2025 rolling into aws for auth expiring renewing ent of oct 2025 into a 5 year gap renewed same # digicert globalsign2020 seal. This cant end. But I am done here for deletions (not otx in my research who did this). To the person who did, you cooked the internet. There was one way to resolution. You failed.", "modified": "2026-05-03T04:09:43.062000", "created": "2026-04-03T03:24:25.921000", "tags": [ "next associated", "files show", "date hash", "avast avg", "present dec", "lowfi", "mtb may", "susp", "code", "llc registrar", "date", "server", "admin country", "registry domain", "iana id", "admin city", "herndon tech", "country", "key identifier", "x509v3 subject", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "key info", "key algorithm", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "executable", "msdos win32", "generic windos", "dos executable", "generic" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1006, "FileHash-SHA1": 927, "FileHash-SHA256": 3665, "hostname": 1187, "URL": 1315, "email": 2, "domain": 605 }, "indicator_count": 8707, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6759da9f804616ef51d130e8", "name": "Google Drive: Sign-in http://assignee:arkadikulinski@gmail.com", "description": "Google Drive is available to view all of Google's search engine's content on your computer, tablet and mobile phone, including links to the Google homepage, Android app and Google+ website, as well as the BBC News app.", "modified": "2024-12-31T00:31:43.701000", "created": "2024-12-11T18:31:59.095000", "tags": [ "google drive", "sign", "email", "forgot email", "private window", "learn", "guest mode", "next create", "vhash", "ssdeep", "authentihash", "registry", "files", "samplepath", "sha256", "gmail", "create", "english", "latinoamrica", "gemini", "google", "gmail content", "espaol", "write", "chat", "express", "enjoy", "calendar", "philippines", "tp jako", "url dostawca", "vi2zda jako" ], "references": [ "https://drive.google.com/drive/folders/1IlYuuCiDiZAV66DuVkqTXwa1m_Rfz0Ov?usp=drive_link", "https://drive.google.com/drive/folders/1aWUt_ItOQKDyA4KA-aWJF8BTMdsyYMf-?usp=drive_link", "https://drive.google.com/drive/folders/1oYCzKXmadJFPFt4oqpOMtvV22afm1xzi?usp=drive_link", "https://mail.google.com/mail/u/0/&ifkv=AcMMx-fsK-dmQp5xLc1r6Mx0BuKhtU28JIFU2blCO9AcSPaDA0uOx8PBOgLcfLmHdaYOE28671uvng&osid=1&service=mail" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 39, "FileHash-SHA1": 2, "FileHash-MD5": 3, "email": 1, "URL": 124, "hostname": 1 }, "indicator_count": 170, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "516 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65cdb305b6cb145e2e61c72f", "name": "Ransomware | www.ransomed.vc | Apple | M.Brian Sabey \u2022 Gambinos", "description": "", "modified": "2024-03-16T06:00:54.635000", "created": "2024-02-15T06:45:25.122000", "tags": [ "k0pmbc", "ssl certificate", "whois record", "spsfsb", "zwdk9d", "vwdzfe", "contacted", "efq78c", "egw7od", "en3i8d", "august", "gate", "stop ransomware", "startpage", "execution", "redline stealer", "https", "hiddentear", "phishing", "gambinos pizza", "in the sauce brands inc", "food & drink", "ios apps", "app", "appstore", "app store", "iphone", "ipad", "ipod touch", "itouch", "itunes", "sauce brands", "in the", "food", "pizza", "gambinos", "requires", "apple store", "apple", "copyright", "hate", "green", "gambinospizza", "brian sabey", "tulach", "hallrender" ], "references": [ "https://www.gambinospizza.com", "ransomed.vc", "https://www.hallrender.com/attorney/brian-sabey/", "https://tulach.cc/", "appleid.cdn-apple.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 432, "domain": 154, "hostname": 168, "URL": 274 }, "indicator_count": 1076, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "806 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a127b18f314c64abf0ca", "name": "MITRE ATT&C - T1140 - Deobfuscate/Decode Files or Information", "description": "", "modified": "2023-12-06T16:28:23.639000", "created": "2023-12-06T16:28:23.639000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a11eb966ec5b823d2ae8", "name": "Drive By Malware", "description": "", "modified": "2023-12-06T16:28:14.217000", "created": "2023-12-06T16:28:14.217000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a11966ff39f73aed8c7d", "name": "Fileless Malware", "description": "", "modified": "2023-12-06T16:28:09.128000", "created": "2023-12-06T16:28:09.128000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1651, "FileHash-MD5": 32, "FileHash-SHA1": 25, "hostname": 939, "domain": 339, "URL": 2307, "email": 2 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64eed9e039cd84d4b7b9aa54", "name": "MITRE ATT&C - T1140 - Deobfuscate/Decode Files or Information ", "description": "", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-30T05:55:44.012000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64ee70f9eaecf035471ff80c", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee70f9eaecf035471ff80c", "name": "Drive By Malware ", "description": "", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-29T22:28:09.867000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64ee7075f37dad88d73c3830", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 223, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64ee7075f37dad88d73c3830", "name": "Fileless Malware", "description": "An example of 1 dangerous exploit. \nThis happened on Brand New fully updated locked down Apple iPhone, Samsung. If you happen to be looking at your phone, you may witness the following: Google logo on appengine.goohke .com Drive By will have a disclaimer that it is NOT affiliate.\nYou will see:\nhttps://accounts.google.com/AccountChooser?continue\nAll of your Gmail accounts will be displayed your primary account will be checked. The drive by happens at tspeed of 2 -3 seconds. Without clicking, your entire phone is compromised. Every account, locations, maps, YouTube, voice, camera, , keyloggers installed. This is not your fault. You are a target. There are empty hashes. It's fileless malware which does not write to storage. \nPhishing, malware hosting, other IoC s.\nExtremely hazardous, renders phone a zombie. New network and data plan all without your explicit consent.\nWelcome to the BotNetwork.\nhttp://appengine.google.com/\naccounts.google.com\nconsent.google.com/m?---- (Forced Consent on iOS device)", "modified": "2023-09-28T21:05:16.310000", "created": "2023-08-29T22:25:53.474000", "tags": [ "as15169 google", "united", "aaaa", "domain", "search", "cname", "passive dns", "urls", "entries", "dashboard", "date", "sha1", "ssdeep", "tnull file", "magic", "file size", "software", "ioctype", "iocvalue", "refunds", "show less", "line", "value", "august", "variables", "recordimlel", "fcssrowkey", "ijvalues", "wjdd object", "berr", "mxndff boolean", "url age" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 339, "email": 2, "FileHash-MD5": 32, "FileHash-SHA1": 25, "FileHash-SHA256": 1651, "hostname": 939, "URL": 2307 }, "indicator_count": 5295, "is_author": false, "is_subscribing": null, "subscriber_count": 222, "modified_text": "975 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190146&Signature=3XpRLUQ3g712Vw0Gv1aflVxZs7RKpzIhEK8giO9ydwOrOGjLnAK89Y%2BmEf4g2U2YbO04EE%2BcdR5xPgcch1%2B1Gf4thYCgBcbKEEIfNK5UrJwBpAkYRm3D9xsnD%2FVxZt26yLC6aQy87D%2FKNC9aLvViRHGxuFgOp4zkcU%2BRD6mmpIB8SpX5%2BDpocWc4s9R%2BywRPXZ2U2E49g81i%2B5io3Ycqe8ikdjbPlZo9R0KEFLaDQtH", "https://vtbehaviour.commondatastorage.googleapis.com/bc20f137a2281fae2ee13f698e613e72c37f6b4eb6784653f284f11f4d83ba77_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190236&Signature=Fg7jPZWmHQO%2BH8GRQx%2FxSMq5Na7Oo9cN0HR99DHFY8svYTkPoerGELKx7Sf906aTDq2Rer45ajXeYPzzHTiab9NKqWR1JGHbaq0WapVqsRzvXz2QLuBhHoz50tIoVKnx8ZrN9HqHBQweg8nfN%2FWEoaHVlSgav3jhoNTnZAC%2Fa%2BsTLexjXFBIP2v4jpISAl82ESU%2FGZH64BtZpgIJz7RZXdDqZ3LF7JTgwG2JX94%2BOOSn3G14", "https://vtbehaviour.commondatastorage.googleapis.com/bb46c18b5b2c98937c8fdfb7acd3e0fa4d0534cfc44d4b41ccd6db9198266fbf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190605&Signature=Rcvj5v%2By7yAX52ap8q3zDGTMjVRQm1LkjuWyhDQUaO6QXR1Ld%2F1dD2QjluOGOuXNiW%2FMNP%2Bqj%2Bx6KtYCvttE847keFo1Em2Bm%2F8bv4vK%2FJL0nGIiz%2FatgO7O78LZZ1wkYwcfG5JZAj8VdjDlHQbuOIUz8Nahqt2JUyQ84z3OeH5d3%2BjV8NKW5SjGWQw4mcmjPQXUznoCsysLbjCd5sgZTpyLUdeFJcNKQPiNBURsJeiyCI5llz0j", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189779&Signature=KfMCCyf96T3bMlo9SpmV1KGK0zKBbkhhSc6Ig5Hvwfx%2FTKTqEVBDXB28XNeWzWbCRTwCNnYlHV3Ed%2BMjcd%2B1aCTDYi5GH9Qw3msxqk5iKwRhzDIhfpM98SwOLC%2B7xZUAC60ecDmVDsjA9OOwOkJe87q3Rrx2lrU9%2BjuSJ1EdwI16qoJyd29sLcX7STTqAMHuzCjIixIOre64HAjpH4lt%2F8tSgE1A5Rs2V7PRHSX6ibKLD", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190083&Signature=a1bnyt5OUcTN8ONeNVqbY%2Fe%2FDVJ2N3olQ9r59dijMLLegF84xQDghj0r6VPdFB8fc%2B3QTcJqhpm6vag1pK9us%2F3UqDJ3Yubf%2FukjL4GMKXDdMSggljB7d%2FpkTraQysnttspVal56LzXitjgIEGYZTidKcIv5LM6YH4zCAXn%2BVueaBNIgpcDS0RuX8fVAQYOeftW9AiEz2TZzx1BT6KUgoj0Tzetn4k541357bb58K1w9n9QV1", "https://vtbehaviour.commondatastorage.googleapis.com/970fdc4da66bc8fff977698c150fc6ebdf9488356ed41ded52d2659830ec5353_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189984&Signature=f%2FZZkKTu5zUihkCuCj%2F0pEGmBjWWBiZRDmREgGkkkKvTyR7M5iC0oLGYfaL6WibiUB6pQirxgBtEcS2JtupD291Or3j7%2BKoyngW7R9uf%2FjjWQwfC5YHKjNutT6K5TYuEmzySVs9onhIBSjj4U%2Bi2q%2FMJmQFiDtFZHfcyy00LYqbAbBwEAUnVJZUdH6FvNBu4ArU26VDLDwv1nMSgEjxUWBCwiP4HXlwL5%2BxU6y0eTc2", "ransomed.vc", "https://www.googletagmanager.com/ns.html?id=GTM-PHWTRTJ", "https://www.virustotal.com/gui/url/f6db0235760bd467ca822ad515a8410121fde4713501b3e718b8fb127dfa259c?nocache=1", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189811&Signature=O96heM5BVAaltXSZInHXgIgK35KjLrLg%2FfKtFXVS%2BoRHTlfpZtn4LpFvolATpK7dED66Ms7SXpn8nX0i7j1IpuDOXOXSm112TOKIKVVPZJH5ppCD6uFYvhkfNcQGa%2FXK%2BDixyM%2BuqwGoJSFD6QzP8J2Iz1GyU4RYYWuB2C7ZD7LOWKlvxF%2F9LTAX8jFDLgFVsE3Og3cU8y3jK%2BenDPthRM6YFu3qewxpti7KVNwKeMJ", "https://drive.google.com/drive/folders/1oYCzKXmadJFPFt4oqpOMtvV22afm1xzi?usp=drive_link", "The 'test' email aligns perfectly with CVE-2022-30190, as indicated in my findings", "https://www.findagrave.com/memorial/139047900/peter-deftos", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190345&Signature=33%2BM36uNOvEfi8bNtJvnbxcTgcnoIlIO2vBglXpCJFNwC8HAewGOF91Q26TOAsw4sbmtTxQ2F5Q2jv2V3ULV8MAxxgYVptJ69SusRt7qZeBDUpMY%2BOdTYqjkdBuYUqYiCvM756aQheS1KvDepeD64x8e%2FivWkpm%2BZ9yDaKUc7w2143zYkc8kpyBSsO8rJI9vyoHYvbr4sfZOowoUWK7yMjQD9SN5bL%2FFABbMrPEOMyobApm", "https://vtbehaviour.commondatastorage.googleapis.com/a041cbdeb64c802bde90e06f25213524b2eac500d6000da7e4caeb96e5de1991_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775191439&Signature=evxsL1kaOuLe5KziYCSqZ56H%2FqXRQgEN0tkJo0j5G7JQ3mmO0Kav5K9LCz%2FUEzi%2BdtB%2B3%2B7VM6r9pC%2BMh7nHxT%2Bs8UAYuVXPE%2FUbBdHWMjvZQuqrZ0hHqIR2xHVB132HiYQWLo%2FgS1QATOfAcHci3X4FqmqvUp7A%2FmNsE1aVFbLc971RHQOuTapOGhiDZlVUyA9KvpMDKw0DzdeHFSlayBSrDDsWL7xW06XOf", "appleid.cdn-apple.com", "https://drive.google.com/drive/folders/1aWUt_ItOQKDyA4KA-aWJF8BTMdsyYMf-?usp=drive_link", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189954&Signature=2gy%2BsyEM78P6orDGWKQU%2FFPSIdVK9X7o8Nkcwb%2BY4r%2FCb%2Bo9JmA9T%2Bfonw9IqbojQSIK%2BNShZUJJ9GV4wWT5l1QfkYfZP0MJ91%2BkDw39PLOc4VVgmBApIQJRTIlgSlI020YfOeIPoIYH8yuCF2dJ32zKg87g0dDFkg4zbExGDJB3%2BGDxX5MJ6hHuzVrwxm7E1L%2F%2FffKQ%2B9rXqoT0hRHEdPSaXSydmnqfMfnjCv", "More elaborate 'text' exploits now exist that allow texts are now being distributed via ai drops in chats in the form of what would appear to be a hyperlink. This is a new genre of elevation in exploit.", "https://tulach.cc/", "https://mail.google.com/mail/u/0/&ifkv=AcMMx-fsK-dmQp5xLc1r6Mx0BuKhtU28JIFU2blCO9AcSPaDA0uOx8PBOgLcfLmHdaYOE28671uvng&osid=1&service=mail", "CVE-2025-10898/10899/10900: Out-of-Bounds Write vulnerabilities found in parsed MODEL files.", "https://www.massbroadcasters.org/eeo-organizations/marshfield-high-school", "multiple_versions\tSHA1 of 3f307fecb41ea75bb946e8fde73a3c36b548243411783c036a1e7ae6605e8223\tNo Expiration", "https://www.gambinospizza.com", "https://www.googletagmanager.com/gtag/js?id=GT-NNS2QH6C", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189872&Signature=P%2Fa2KXhuVwj4RO8cyfIpkYofLKzsLiKRPHuVAi7hjApskLh84OqCfKuK51z7bTKZd8lCCiQ7XuIaxWQDR7qzDFvuCWutobNhKDdHSDLrTMtqqX3o5RmBpSzMUw3jQJcbxsYWqaOMHy8ZeWEVRuB9orvLwMZbJMMIJM8GhUVHZ6%2BwciVIoj0lYTCb%2FEEkQWTV4g3hs9l8KRzbEfvJGja6ANuv1OtdFLk8pejrraAJMB7ThsjINOXbJb", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190199&Signature=RiO2p%2BBvc38TqeTuiMJNxoT6Jr3JfHvTQFQIk94ZaRY%2FPP5yEPSH45GncMCh4GqP1%2F%2BNLR2IVm5Z2svEWojLwxq%2Fl0eIAWy1chUQmg2GcEg5YoaEEnXpWjb1er08EIYwV0ZC8parFwVrr194MKeUmZYo5NLYk4%2BCim9ipnxYse12eROsMSXZtyS4daGivzQzihRqTUU9iEn%2FxAKEOI%2F3V8JRrqNy3nDqmo1mdoVr", "https://drive.google.com/drive/folders/1IlYuuCiDiZAV66DuVkqTXwa1m_Rfz0Ov?usp=drive_link", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190298&Signature=eEF6m7QHRnKk%2FYB374HxqU2TE0p8gXC9CWwIHPT7M6fEZKjeFUEmUEbqdupsD2hQQbkW%2Fmijo2rSEQ30q3EAyR9aQO3m6L91A6osc3kDipeyZqFrIqoj6wIe8MJGuRf4OC9cVAWipGYXPG5bqc3v6RUHir9MeLOggoGjalexCwBgs3SsGyhqU1uWZdJ%2Fs4nUbHyIJGc3FB9OrnhDRuGPdkfPSOA09hfujcul91zQNws4dznvmM", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190004&Signature=Nzt9YHY3Ji2VsLO1kvr7%2FyWWwOgo%2BCIoXyjtyshhzTGRxGzhcNdyKU9byPqyv%2F5YAzj%2BmNnDego3ImYeToBCbgyY%2BJJMmUKX6ZrUT1a2O4gv9eMyysIFgYhJ7ZpzyGIvHR5VSJlzPX0AWS81Ml7syDCjTGHikZ9G%2B%2B0cfDA0dhp%2FR7zhAp7yxB2jsDhz1kDY3nncYpjeVtj2o02Nt4JxPa5ML%2FvKBF%2FBHtOtBCqh%2", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189913&Signature=KduKv0QQf8IKhUUAV%2F0zpzpUmIU%2BEctpJKxUJlyu0Myu11iCQCXfXPprtMBAv5ifc4GLTHDiIuEAJwg%2B%2BHGWjun5ZKLKzoz8Ot2udHqFxvy6ZToPEC4Iui9vdRDHqosVaT77R1Tm1TGuyKVmwYTcow4klVAcpzEWanzWx1jHS42ARepJVrS3AFXHMaaBdTgr23jXcbmly1t3b8lwVilcsk2itdoprPpClQTzwYr1y7YV1%2FbYTDGocHnDwCYy", "https://vtbehaviour.commondatastorage.googleapis.com/06b6d62477011fa63fdb44046351fbe574391916a4f3ea0486b3e3498145a7d7_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190407&Signature=Y3EAa%2Fwo4ligJHfBUxkzWLjU9FPLyNmsxeNdcPCIPQBYTTGUIaFddrFIYHFhawxMDvixd7uA0qGc0zVDWgbStf2qhTOU1D0aF%2F%2BSLSXEY3VB8oWRXZCEI12zrSd5P4lHInxRS3CJKbNnJP4GvYx20ctpNSo4u%2FvVMLM%2B92TiYCunAVTquDVrFNNim6LJTEz2ucjhcgF2gKn%2FF0f9ALEheC1lk4omwpcYEPQLNX0wNsxNC%2BWQ", "https://www.hallrender.com/attorney/brian-sabey/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Redline stealer", "Ransomware" ], "industries": [], "unique_indicators": 122312 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/google.com", "whois": "http://whois.domaintools.com/google.com", "domain": "google.com", "hostname": "accounts.google.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 17, "pulses": [ { "id": "69f3f6fc9ae9b2297964a5a4", "name": "VirusTotal report for Test.docx + Other Civic Findings/CVE Linkings", "description": "1. CivicPlus.com Threat IndicatorsVT Status: Red Flagged [120+ references, 200+android APKS and tracking configs[js]].Suspicious MD5: 3f307fecb41ea75bb946e8fde73a3c36b548243411783c036a1e7ae6605e8223.Suspicious SHA1: 0ef5ceebb6efa99e12e888a993e56d557dff07fd.Behavioral Pattern: Multiple versions flagged with No Expiration (indicates persistent or hard-coded malicious components in related files).2. HitmanPro Findings (Feb 2025)File Action: Detected as Malware/Suspicious in C:\\Windows\\Installer and user data areas.Note: Typical of behavioral scanning identifying code injection or untrusted signatures, often flagged alongside browser data.3. SSO Autodesk Anomalies (Q1 2025)SAML Assertion Failure: Incorrect objectGUID mapping on IdP side, sending user.objectid as literal string instead of unique identifier. Potential credential abuse or IdP misconfiguration - Attached [Reportscivicplus_vt_red_flag_feb2025.loghmp_scan_022025] + test.docx which shows signs that resemble a test recall email.", "modified": "2026-05-31T05:19:13.706000", "created": "2026-05-01T00:42:36.613000", "tags": [ "medium", "windows", "high", "alerts", "yara detections", "worm", "https domain", "tls sni", "io control", "installs", "virustotal", "copy", "explorer", "malware", "config by town", "civicplus", "beyond surveillance", "significant overreach" ], "references": [ "multiple_versions\tSHA1 of 3f307fecb41ea75bb946e8fde73a3c36b548243411783c036a1e7ae6605e8223\tNo Expiration", "", "CVE-2025-10898/10899/10900: Out-of-Bounds Write vulnerabilities found in parsed MODEL files.", "More elaborate 'text' exploits now exist that allow texts are now being distributed via ai drops in chats in the form of what would appear to be a hyperlink. This is a new genre of elevation in exploit.", "The 'test' email aligns perfectly with CVE-2022-30190, as indicated in my findings" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1010, "FileHash-SHA1": 437, "FileHash-SHA256": 2319, "URL": 637, "email": 14, "hostname": 468, "domain": 101, "CVE": 9 }, "indicator_count": 4995, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "12 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "60a794fa6de6293139323f21", "name": "VETTED Phishing URLs", "description": "VETTED Phishing URLs, mostly european targets", "modified": "2026-05-29T07:18:37.706000", "created": "2021-05-21T11:09:46.641000", "tags": [ "europe", "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1976212, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "verifrom", "id": "15054", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 107057 }, "indicator_count": 107057, "is_author": false, "is_subscribing": null, "subscriber_count": 1272, "modified_text": "2 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c353e548fe41549a2094", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.769000", "created": "2026-05-05T10:15:47.653000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 124, "hostname": 136, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c351adf63435d7a118ea", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.367000", "created": "2026-05-05T10:15:45.503000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 125, "hostname": 135, "domain": 32, "email": 1 }, "indicator_count": 1645, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c3482f0a487199f01dfe", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T12:01:34.624000", "created": "2026-05-05T10:15:36.709000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1206, "IPv4": 185, "FileHash-MD5": 109, "FileHash-SHA1": 231, "URL": 300, "hostname": 276, "domain": 219, "email": 29, "CIDR": 6 }, "indicator_count": 2561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f9c34e91ef1282eaf26b24", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T11:55:52.834000", "created": "2026-05-05T10:15:42.571000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 200, "URL": 124, "hostname": 135, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf461ebc1a9bcfbffa2aad", "name": "VirusTotal Droidy Android Sandbox", "description": "Here is the full list of results from the second day of the 2016 Android World Championship, held at 22:00 BST on Tuesday, 1 July.. . and \u00c2\u00a31.\n\ni cant add this one - legacy - http://100tosdefotos.com/", "modified": "2026-05-03T04:09:43.062000", "created": "2026-04-03T04:46:22.211000", "tags": [ "process", "current object", "android sandbox", "europemadrid", "windows sandbox", "clear filters", "has permission", "file type", "apks", "accesses", "sim provider", "name", "may check", "mitre attack", "network info", "malicious", "persistence", "cloud", "chrome cache", "png image", "cache entry", "rgba", "entry", "web open", "font format", "version", "truetype", "next", "detail info", "text", "classname", "window", "static", "behaviour", "filename", "offset", "class", "button", "mozilla", "shell", "nsis", "find", "back", "state", "connecting", "connected", "suspended", "disconnected", "unknown", "shell folders", "default", "inprocserver32", "new roman", "registry keys", "nothing", "shell dlg", "roman baltic186", "roman cyr204", "roman tur162", "xffxfea xffxfea", "xffu xffu", "xffxfcs xffxfcs", "x8af x8af", "xb6p xb6p", "xb6y xb6y", "x88g x88g", "xb6xf2 xb6xf2", "xfft", "xc1xe7 xc1xe7", "axec", "programfiles", "allusersprofile", "windir", "protocol level", "application", "previous", "next connection", "address", "full path", "behavior", "bits", "dump", "path", "calls clear", "eandroidruntime", "pufwifi", "flag", "networkinfo", "action", "extras", "start", "componentname", "write", "calls process", "cname", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "address virtual", "path c", "sha256", "accept", "shutdown", "error", "sandbox", "stack", "win32 exe", "pe32", "intel", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "generic", "processes extra", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "android", "zip archive", "xapk android", "android package", "java archive", "sweet home", "design", "html document", "unicode text", "utf8 text", "crlf", "lf line", "language", "date mon", "gmt contenttype", "connection", "link", "json", "xlitespeedcache", "reportto", "server", "contentencoding", "cfray", "king88", "ch cng", "c thit", "c bit", "iu hp", "trang ch", "king88 com", "ci ng", "cp s", "c vit", "object", "string", "number", "null", "function", "g5wmgjr5qk4", "cssselector", "regexp", "date", "void", "trident", "mini", "meta", "please", "javascript", "members", "staff", "inspection", "abip", "local broadcast", "newsletter fcc", "resource center", "marshfield high", "school", "localism join", "facebook", "contact", "summer", "grave", "email", "photo", "strong", "peter deftos", "sign", "learn", "memorial", "leave", "problem", "done", "already", "close", "verify", "twitter", "details", "full", "persist", "editorimpl" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189779&Signature=KfMCCyf96T3bMlo9SpmV1KGK0zKBbkhhSc6Ig5Hvwfx%2FTKTqEVBDXB28XNeWzWbCRTwCNnYlHV3Ed%2BMjcd%2B1aCTDYi5GH9Qw3msxqk5iKwRhzDIhfpM98SwOLC%2B7xZUAC60ecDmVDsjA9OOwOkJe87q3Rrx2lrU9%2BjuSJ1EdwI16qoJyd29sLcX7STTqAMHuzCjIixIOre64HAjpH4lt%2F8tSgE1A5Rs2V7PRHSX6ibKLD", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189811&Signature=O96heM5BVAaltXSZInHXgIgK35KjLrLg%2FfKtFXVS%2BoRHTlfpZtn4LpFvolATpK7dED66Ms7SXpn8nX0i7j1IpuDOXOXSm112TOKIKVVPZJH5ppCD6uFYvhkfNcQGa%2FXK%2BDixyM%2BuqwGoJSFD6QzP8J2Iz1GyU4RYYWuB2C7ZD7LOWKlvxF%2F9LTAX8jFDLgFVsE3Og3cU8y3jK%2BenDPthRM6YFu3qewxpti7KVNwKeMJ", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189872&Signature=P%2Fa2KXhuVwj4RO8cyfIpkYofLKzsLiKRPHuVAi7hjApskLh84OqCfKuK51z7bTKZd8lCCiQ7XuIaxWQDR7qzDFvuCWutobNhKDdHSDLrTMtqqX3o5RmBpSzMUw3jQJcbxsYWqaOMHy8ZeWEVRuB9orvLwMZbJMMIJM8GhUVHZ6%2BwciVIoj0lYTCb%2FEEkQWTV4g3hs9l8KRzbEfvJGja6ANuv1OtdFLk8pejrraAJMB7ThsjINOXbJb", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189913&Signature=KduKv0QQf8IKhUUAV%2F0zpzpUmIU%2BEctpJKxUJlyu0Myu11iCQCXfXPprtMBAv5ifc4GLTHDiIuEAJwg%2B%2BHGWjun5ZKLKzoz8Ot2udHqFxvy6ZToPEC4Iui9vdRDHqosVaT77R1Tm1TGuyKVmwYTcow4klVAcpzEWanzWx1jHS42ARepJVrS3AFXHMaaBdTgr23jXcbmly1t3b8lwVilcsk2itdoprPpClQTzwYr1y7YV1%2FbYTDGocHnDwCYy", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189954&Signature=2gy%2BsyEM78P6orDGWKQU%2FFPSIdVK9X7o8Nkcwb%2BY4r%2FCb%2Bo9JmA9T%2Bfonw9IqbojQSIK%2BNShZUJJ9GV4wWT5l1QfkYfZP0MJ91%2BkDw39PLOc4VVgmBApIQJRTIlgSlI020YfOeIPoIYH8yuCF2dJ32zKg87g0dDFkg4zbExGDJB3%2BGDxX5MJ6hHuzVrwxm7E1L%2F%2FffKQ%2B9rXqoT0hRHEdPSaXSydmnqfMfnjCv", "https://vtbehaviour.commondatastorage.googleapis.com/970fdc4da66bc8fff977698c150fc6ebdf9488356ed41ded52d2659830ec5353_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189984&Signature=f%2FZZkKTu5zUihkCuCj%2F0pEGmBjWWBiZRDmREgGkkkKvTyR7M5iC0oLGYfaL6WibiUB6pQirxgBtEcS2JtupD291Or3j7%2BKoyngW7R9uf%2FjjWQwfC5YHKjNutT6K5TYuEmzySVs9onhIBSjj4U%2Bi2q%2FMJmQFiDtFZHfcyy00LYqbAbBwEAUnVJZUdH6FvNBu4ArU26VDLDwv1nMSgEjxUWBCwiP4HXlwL5%2BxU6y0eTc2", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190004&Signature=Nzt9YHY3Ji2VsLO1kvr7%2FyWWwOgo%2BCIoXyjtyshhzTGRxGzhcNdyKU9byPqyv%2F5YAzj%2BmNnDego3ImYeToBCbgyY%2BJJMmUKX6ZrUT1a2O4gv9eMyysIFgYhJ7ZpzyGIvHR5VSJlzPX0AWS81Ml7syDCjTGHikZ9G%2B%2B0cfDA0dhp%2FR7zhAp7yxB2jsDhz1kDY3nncYpjeVtj2o02Nt4JxPa5ML%2FvKBF%2FBHtOtBCqh%2", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190083&Signature=a1bnyt5OUcTN8ONeNVqbY%2Fe%2FDVJ2N3olQ9r59dijMLLegF84xQDghj0r6VPdFB8fc%2B3QTcJqhpm6vag1pK9us%2F3UqDJ3Yubf%2FukjL4GMKXDdMSggljB7d%2FpkTraQysnttspVal56LzXitjgIEGYZTidKcIv5LM6YH4zCAXn%2BVueaBNIgpcDS0RuX8fVAQYOeftW9AiEz2TZzx1BT6KUgoj0Tzetn4k541357bb58K1w9n9QV1", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190146&Signature=3XpRLUQ3g712Vw0Gv1aflVxZs7RKpzIhEK8giO9ydwOrOGjLnAK89Y%2BmEf4g2U2YbO04EE%2BcdR5xPgcch1%2B1Gf4thYCgBcbKEEIfNK5UrJwBpAkYRm3D9xsnD%2FVxZt26yLC6aQy87D%2FKNC9aLvViRHGxuFgOp4zkcU%2BRD6mmpIB8SpX5%2BDpocWc4s9R%2BywRPXZ2U2E49g81i%2B5io3Ycqe8ikdjbPlZo9R0KEFLaDQtH", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190199&Signature=RiO2p%2BBvc38TqeTuiMJNxoT6Jr3JfHvTQFQIk94ZaRY%2FPP5yEPSH45GncMCh4GqP1%2F%2BNLR2IVm5Z2svEWojLwxq%2Fl0eIAWy1chUQmg2GcEg5YoaEEnXpWjb1er08EIYwV0ZC8parFwVrr194MKeUmZYo5NLYk4%2BCim9ipnxYse12eROsMSXZtyS4daGivzQzihRqTUU9iEn%2FxAKEOI%2F3V8JRrqNy3nDqmo1mdoVr", "https://vtbehaviour.commondatastorage.googleapis.com/bc20f137a2281fae2ee13f698e613e72c37f6b4eb6784653f284f11f4d83ba77_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190236&Signature=Fg7jPZWmHQO%2BH8GRQx%2FxSMq5Na7Oo9cN0HR99DHFY8svYTkPoerGELKx7Sf906aTDq2Rer45ajXeYPzzHTiab9NKqWR1JGHbaq0WapVqsRzvXz2QLuBhHoz50tIoVKnx8ZrN9HqHBQweg8nfN%2FWEoaHVlSgav3jhoNTnZAC%2Fa%2BsTLexjXFBIP2v4jpISAl82ESU%2FGZH64BtZpgIJz7RZXdDqZ3LF7JTgwG2JX94%2BOOSn3G14", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190298&Signature=eEF6m7QHRnKk%2FYB374HxqU2TE0p8gXC9CWwIHPT7M6fEZKjeFUEmUEbqdupsD2hQQbkW%2Fmijo2rSEQ30q3EAyR9aQO3m6L91A6osc3kDipeyZqFrIqoj6wIe8MJGuRf4OC9cVAWipGYXPG5bqc3v6RUHir9MeLOggoGjalexCwBgs3SsGyhqU1uWZdJ%2Fs4nUbHyIJGc3FB9OrnhDRuGPdkfPSOA09hfujcul91zQNws4dznvmM", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190345&Signature=33%2BM36uNOvEfi8bNtJvnbxcTgcnoIlIO2vBglXpCJFNwC8HAewGOF91Q26TOAsw4sbmtTxQ2F5Q2jv2V3ULV8MAxxgYVptJ69SusRt7qZeBDUpMY%2BOdTYqjkdBuYUqYiCvM756aQheS1KvDepeD64x8e%2FivWkpm%2BZ9yDaKUc7w2143zYkc8kpyBSsO8rJI9vyoHYvbr4sfZOowoUWK7yMjQD9SN5bL%2FFABbMrPEOMyobApm", "https://vtbehaviour.commondatastorage.googleapis.com/06b6d62477011fa63fdb44046351fbe574391916a4f3ea0486b3e3498145a7d7_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190407&Signature=Y3EAa%2Fwo4ligJHfBUxkzWLjU9FPLyNmsxeNdcPCIPQBYTTGUIaFddrFIYHFhawxMDvixd7uA0qGc0zVDWgbStf2qhTOU1D0aF%2F%2BSLSXEY3VB8oWRXZCEI12zrSd5P4lHInxRS3CJKbNnJP4GvYx20ctpNSo4u%2FvVMLM%2B92TiYCunAVTquDVrFNNim6LJTEz2ucjhcgF2gKn%2FF0f9ALEheC1lk4omwpcYEPQLNX0wNsxNC%2BWQ", "https://vtbehaviour.commondatastorage.googleapis.com/bb46c18b5b2c98937c8fdfb7acd3e0fa4d0534cfc44d4b41ccd6db9198266fbf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190605&Signature=Rcvj5v%2By7yAX52ap8q3zDGTMjVRQm1LkjuWyhDQUaO6QXR1Ld%2F1dD2QjluOGOuXNiW%2FMNP%2Bqj%2Bx6KtYCvttE847keFo1Em2Bm%2F8bv4vK%2FJL0nGIiz%2FatgO7O78LZZ1wkYwcfG5JZAj8VdjDlHQbuOIUz8Nahqt2JUyQ84z3OeH5d3%2BjV8NKW5SjGWQw4mcmjPQXUznoCsysLbjCd5sgZTpyLUdeFJcNKQPiNBURsJeiyCI5llz0j", "https://www.googletagmanager.com/gtag/js?id=GT-NNS2QH6C", "https://www.googletagmanager.com/ns.html?id=GTM-PHWTRTJ", "https://www.virustotal.com/gui/url/f6db0235760bd467ca822ad515a8410121fde4713501b3e718b8fb127dfa259c?nocache=1", "https://www.massbroadcasters.org/eeo-organizations/marshfield-high-school", "https://www.findagrave.com/memorial/139047900/peter-deftos", "https://vtbehaviour.commondatastorage.googleapis.com/a041cbdeb64c802bde90e06f25213524b2eac500d6000da7e4caeb96e5de1991_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775191439&Signature=evxsL1kaOuLe5KziYCSqZ56H%2FqXRQgEN0tkJo0j5G7JQ3mmO0Kav5K9LCz%2FUEzi%2BdtB%2B3%2B7VM6r9pC%2BMh7nHxT%2Bs8UAYuVXPE%2FUbBdHWMjvZQuqrZ0hHqIR2xHVB132HiYQWLo%2FgS1QATOfAcHci3X4FqmqvUp7A%2FmNsE1aVFbLc971RHQOuTapOGhiDZlVUyA9KvpMDKw0DzdeHFSlayBSrDDsWL7xW06XOf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1414", "name": "Capture Clipboard Data", "display_name": "T1414 - Capture Clipboard Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1432", "name": "Access Contact List", "display_name": "T1432 - Access Contact List" }, { "id": "T1439", "name": "Eavesdrop on Insecure Network Communication", "display_name": "T1439 - Eavesdrop on Insecure Network Communication" }, { "id": "T1447", "name": "Delete Device Data", "display_name": "T1447 - Delete Device Data" }, { "id": "T1472", "name": "Generate Fraudulent Advertising Revenue", "display_name": "T1472 - Generate Fraudulent Advertising Revenue" }, { "id": "T1507", "name": "Network Information Discovery", "display_name": "T1507 - Network Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1523", "name": "Evade Analysis Environment", "display_name": "T1523 - Evade Analysis Environment" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 70, "FileHash-SHA1": 40, "FileHash-SHA256": 549, "URL": 344, "domain": 292, "hostname": 443 }, "indicator_count": 1738, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf461ceb2e58f5e3c0a44d", "name": "VirusTotal Droidy Android Sandbox", "description": "Here is the full list of results from the second day of the 2016 Android World Championship, held at 22:00 BST on Tuesday, 1 July.. . and \u00c2\u00a31.\n\ni cant add this one - legacy - http://100tosdefotos.com/", "modified": "2026-05-03T04:09:43.062000", "created": "2026-04-03T04:46:20.102000", "tags": [ "process", "current object", "android sandbox", "europemadrid", "windows sandbox", "clear filters", "has permission", "file type", "apks", "accesses", "sim provider", "name", "may check", "mitre attack", "network info", "malicious", "persistence", "cloud", "chrome cache", "png image", "cache entry", "rgba", "entry", "web open", "font format", "version", "truetype", "next", "detail info", "text", "classname", "window", "static", "behaviour", "filename", "offset", "class", "button", "mozilla", "shell", "nsis", "find", "back", "state", "connecting", "connected", "suspended", "disconnected", "unknown", "shell folders", "default", "inprocserver32", "new roman", "registry keys", "nothing", "shell dlg", "roman baltic186", "roman cyr204", "roman tur162", "xffxfea xffxfea", "xffu xffu", "xffxfcs xffxfcs", "x8af x8af", "xb6p xb6p", "xb6y xb6y", "x88g x88g", "xb6xf2 xb6xf2", "xfft", "xc1xe7 xc1xe7", "axec", "programfiles", "allusersprofile", "windir", "protocol level", "application", "previous", "next connection", "address", "full path", "behavior", "bits", "dump", "path", "calls clear", "eandroidruntime", "pufwifi", "flag", "networkinfo", "action", "extras", "start", "componentname", "write", "calls process", "cname", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "address virtual", "path c", "sha256", "accept", "shutdown", "error", "sandbox", "stack", "win32 exe", "pe32", "intel", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "generic", "processes extra", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "android", "zip archive", "xapk android", "android package", "java archive", "sweet home", "design", "html document", "unicode text", "utf8 text", "crlf", "lf line", "language", "date mon", "gmt contenttype", "connection", "link", "json", "xlitespeedcache", "reportto", "server", "contentencoding", "cfray", "king88", "ch cng", "c thit", "c bit", "iu hp", "trang ch", "king88 com", "ci ng", "cp s", "c vit", "object", "string", "number", "null", "function", "g5wmgjr5qk4", "cssselector", "regexp", "date", "void", "trident", "mini", "meta", "please", "javascript", "members", "staff", "inspection", "abip", "local broadcast", "newsletter fcc", "resource center", "marshfield high", "school", "localism join", "facebook", "contact", "summer", "grave", "email", "photo", "strong", "peter deftos", "sign", "learn", "memorial", "leave", "problem", "done", "already", "close", "verify", "twitter", "details", "full", "persist", "editorimpl" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189779&Signature=KfMCCyf96T3bMlo9SpmV1KGK0zKBbkhhSc6Ig5Hvwfx%2FTKTqEVBDXB28XNeWzWbCRTwCNnYlHV3Ed%2BMjcd%2B1aCTDYi5GH9Qw3msxqk5iKwRhzDIhfpM98SwOLC%2B7xZUAC60ecDmVDsjA9OOwOkJe87q3Rrx2lrU9%2BjuSJ1EdwI16qoJyd29sLcX7STTqAMHuzCjIixIOre64HAjpH4lt%2F8tSgE1A5Rs2V7PRHSX6ibKLD", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189811&Signature=O96heM5BVAaltXSZInHXgIgK35KjLrLg%2FfKtFXVS%2BoRHTlfpZtn4LpFvolATpK7dED66Ms7SXpn8nX0i7j1IpuDOXOXSm112TOKIKVVPZJH5ppCD6uFYvhkfNcQGa%2FXK%2BDixyM%2BuqwGoJSFD6QzP8J2Iz1GyU4RYYWuB2C7ZD7LOWKlvxF%2F9LTAX8jFDLgFVsE3Og3cU8y3jK%2BenDPthRM6YFu3qewxpti7KVNwKeMJ", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189872&Signature=P%2Fa2KXhuVwj4RO8cyfIpkYofLKzsLiKRPHuVAi7hjApskLh84OqCfKuK51z7bTKZd8lCCiQ7XuIaxWQDR7qzDFvuCWutobNhKDdHSDLrTMtqqX3o5RmBpSzMUw3jQJcbxsYWqaOMHy8ZeWEVRuB9orvLwMZbJMMIJM8GhUVHZ6%2BwciVIoj0lYTCb%2FEEkQWTV4g3hs9l8KRzbEfvJGja6ANuv1OtdFLk8pejrraAJMB7ThsjINOXbJb", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189913&Signature=KduKv0QQf8IKhUUAV%2F0zpzpUmIU%2BEctpJKxUJlyu0Myu11iCQCXfXPprtMBAv5ifc4GLTHDiIuEAJwg%2B%2BHGWjun5ZKLKzoz8Ot2udHqFxvy6ZToPEC4Iui9vdRDHqosVaT77R1Tm1TGuyKVmwYTcow4klVAcpzEWanzWx1jHS42ARepJVrS3AFXHMaaBdTgr23jXcbmly1t3b8lwVilcsk2itdoprPpClQTzwYr1y7YV1%2FbYTDGocHnDwCYy", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189954&Signature=2gy%2BsyEM78P6orDGWKQU%2FFPSIdVK9X7o8Nkcwb%2BY4r%2FCb%2Bo9JmA9T%2Bfonw9IqbojQSIK%2BNShZUJJ9GV4wWT5l1QfkYfZP0MJ91%2BkDw39PLOc4VVgmBApIQJRTIlgSlI020YfOeIPoIYH8yuCF2dJ32zKg87g0dDFkg4zbExGDJB3%2BGDxX5MJ6hHuzVrwxm7E1L%2F%2FffKQ%2B9rXqoT0hRHEdPSaXSydmnqfMfnjCv", "https://vtbehaviour.commondatastorage.googleapis.com/970fdc4da66bc8fff977698c150fc6ebdf9488356ed41ded52d2659830ec5353_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775189984&Signature=f%2FZZkKTu5zUihkCuCj%2F0pEGmBjWWBiZRDmREgGkkkKvTyR7M5iC0oLGYfaL6WibiUB6pQirxgBtEcS2JtupD291Or3j7%2BKoyngW7R9uf%2FjjWQwfC5YHKjNutT6K5TYuEmzySVs9onhIBSjj4U%2Bi2q%2FMJmQFiDtFZHfcyy00LYqbAbBwEAUnVJZUdH6FvNBu4ArU26VDLDwv1nMSgEjxUWBCwiP4HXlwL5%2BxU6y0eTc2", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190004&Signature=Nzt9YHY3Ji2VsLO1kvr7%2FyWWwOgo%2BCIoXyjtyshhzTGRxGzhcNdyKU9byPqyv%2F5YAzj%2BmNnDego3ImYeToBCbgyY%2BJJMmUKX6ZrUT1a2O4gv9eMyysIFgYhJ7ZpzyGIvHR5VSJlzPX0AWS81Ml7syDCjTGHikZ9G%2B%2B0cfDA0dhp%2FR7zhAp7yxB2jsDhz1kDY3nncYpjeVtj2o02Nt4JxPa5ML%2FvKBF%2FBHtOtBCqh%2", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190083&Signature=a1bnyt5OUcTN8ONeNVqbY%2Fe%2FDVJ2N3olQ9r59dijMLLegF84xQDghj0r6VPdFB8fc%2B3QTcJqhpm6vag1pK9us%2F3UqDJ3Yubf%2FukjL4GMKXDdMSggljB7d%2FpkTraQysnttspVal56LzXitjgIEGYZTidKcIv5LM6YH4zCAXn%2BVueaBNIgpcDS0RuX8fVAQYOeftW9AiEz2TZzx1BT6KUgoj0Tzetn4k541357bb58K1w9n9QV1", "https://vtbehaviour.commondatastorage.googleapis.com/1256f3aa5f091ac40a573113fcc1a4d0e320af5ee363b0eca79618602cb7dc66_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190146&Signature=3XpRLUQ3g712Vw0Gv1aflVxZs7RKpzIhEK8giO9ydwOrOGjLnAK89Y%2BmEf4g2U2YbO04EE%2BcdR5xPgcch1%2B1Gf4thYCgBcbKEEIfNK5UrJwBpAkYRm3D9xsnD%2FVxZt26yLC6aQy87D%2FKNC9aLvViRHGxuFgOp4zkcU%2BRD6mmpIB8SpX5%2BDpocWc4s9R%2BywRPXZ2U2E49g81i%2B5io3Ycqe8ikdjbPlZo9R0KEFLaDQtH", "https://vtbehaviour.commondatastorage.googleapis.com/37efacb8411234dd9882d8d3a8709f492eb2ed252132da099a11be07c0b4ccb0_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190199&Signature=RiO2p%2BBvc38TqeTuiMJNxoT6Jr3JfHvTQFQIk94ZaRY%2FPP5yEPSH45GncMCh4GqP1%2F%2BNLR2IVm5Z2svEWojLwxq%2Fl0eIAWy1chUQmg2GcEg5YoaEEnXpWjb1er08EIYwV0ZC8parFwVrr194MKeUmZYo5NLYk4%2BCim9ipnxYse12eROsMSXZtyS4daGivzQzihRqTUU9iEn%2FxAKEOI%2F3V8JRrqNy3nDqmo1mdoVr", "https://vtbehaviour.commondatastorage.googleapis.com/bc20f137a2281fae2ee13f698e613e72c37f6b4eb6784653f284f11f4d83ba77_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190236&Signature=Fg7jPZWmHQO%2BH8GRQx%2FxSMq5Na7Oo9cN0HR99DHFY8svYTkPoerGELKx7Sf906aTDq2Rer45ajXeYPzzHTiab9NKqWR1JGHbaq0WapVqsRzvXz2QLuBhHoz50tIoVKnx8ZrN9HqHBQweg8nfN%2FWEoaHVlSgav3jhoNTnZAC%2Fa%2BsTLexjXFBIP2v4jpISAl82ESU%2FGZH64BtZpgIJz7RZXdDqZ3LF7JTgwG2JX94%2BOOSn3G14", "https://vtbehaviour.commondatastorage.googleapis.com/5dae281deccea2c5229861b4f2ff8c386da1726a836839961311896a6c9f5a69_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190298&Signature=eEF6m7QHRnKk%2FYB374HxqU2TE0p8gXC9CWwIHPT7M6fEZKjeFUEmUEbqdupsD2hQQbkW%2Fmijo2rSEQ30q3EAyR9aQO3m6L91A6osc3kDipeyZqFrIqoj6wIe8MJGuRf4OC9cVAWipGYXPG5bqc3v6RUHir9MeLOggoGjalexCwBgs3SsGyhqU1uWZdJ%2Fs4nUbHyIJGc3FB9OrnhDRuGPdkfPSOA09hfujcul91zQNws4dznvmM", "https://vtbehaviour.commondatastorage.googleapis.com/a0fb314babd51dbc460ab126b615da4c6f9481f5d1225d0ac189da9d99923bb3_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190345&Signature=33%2BM36uNOvEfi8bNtJvnbxcTgcnoIlIO2vBglXpCJFNwC8HAewGOF91Q26TOAsw4sbmtTxQ2F5Q2jv2V3ULV8MAxxgYVptJ69SusRt7qZeBDUpMY%2BOdTYqjkdBuYUqYiCvM756aQheS1KvDepeD64x8e%2FivWkpm%2BZ9yDaKUc7w2143zYkc8kpyBSsO8rJI9vyoHYvbr4sfZOowoUWK7yMjQD9SN5bL%2FFABbMrPEOMyobApm", "https://vtbehaviour.commondatastorage.googleapis.com/06b6d62477011fa63fdb44046351fbe574391916a4f3ea0486b3e3498145a7d7_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190407&Signature=Y3EAa%2Fwo4ligJHfBUxkzWLjU9FPLyNmsxeNdcPCIPQBYTTGUIaFddrFIYHFhawxMDvixd7uA0qGc0zVDWgbStf2qhTOU1D0aF%2F%2BSLSXEY3VB8oWRXZCEI12zrSd5P4lHInxRS3CJKbNnJP4GvYx20ctpNSo4u%2FvVMLM%2B92TiYCunAVTquDVrFNNim6LJTEz2ucjhcgF2gKn%2FF0f9ALEheC1lk4omwpcYEPQLNX0wNsxNC%2BWQ", "https://vtbehaviour.commondatastorage.googleapis.com/bb46c18b5b2c98937c8fdfb7acd3e0fa4d0534cfc44d4b41ccd6db9198266fbf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775190605&Signature=Rcvj5v%2By7yAX52ap8q3zDGTMjVRQm1LkjuWyhDQUaO6QXR1Ld%2F1dD2QjluOGOuXNiW%2FMNP%2Bqj%2Bx6KtYCvttE847keFo1Em2Bm%2F8bv4vK%2FJL0nGIiz%2FatgO7O78LZZ1wkYwcfG5JZAj8VdjDlHQbuOIUz8Nahqt2JUyQ84z3OeH5d3%2BjV8NKW5SjGWQw4mcmjPQXUznoCsysLbjCd5sgZTpyLUdeFJcNKQPiNBURsJeiyCI5llz0j", "https://www.googletagmanager.com/gtag/js?id=GT-NNS2QH6C", "https://www.googletagmanager.com/ns.html?id=GTM-PHWTRTJ", "https://www.virustotal.com/gui/url/f6db0235760bd467ca822ad515a8410121fde4713501b3e718b8fb127dfa259c?nocache=1", "https://www.massbroadcasters.org/eeo-organizations/marshfield-high-school", "https://www.findagrave.com/memorial/139047900/peter-deftos", "https://vtbehaviour.commondatastorage.googleapis.com/a041cbdeb64c802bde90e06f25213524b2eac500d6000da7e4caeb96e5de1991_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775191439&Signature=evxsL1kaOuLe5KziYCSqZ56H%2FqXRQgEN0tkJo0j5G7JQ3mmO0Kav5K9LCz%2FUEzi%2BdtB%2B3%2B7VM6r9pC%2BMh7nHxT%2Bs8UAYuVXPE%2FUbBdHWMjvZQuqrZ0hHqIR2xHVB132HiYQWLo%2FgS1QATOfAcHci3X4FqmqvUp7A%2FmNsE1aVFbLc971RHQOuTapOGhiDZlVUyA9KvpMDKw0DzdeHFSlayBSrDDsWL7xW06XOf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1412", "name": "Capture SMS Messages", "display_name": "T1412 - Capture SMS Messages" }, { "id": "T1413", "name": "Access Sensitive Data in Device Logs", "display_name": "T1413 - Access Sensitive Data in Device Logs" }, { "id": "T1414", "name": "Capture Clipboard Data", "display_name": "T1414 - Capture Clipboard Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1432", "name": "Access Contact List", "display_name": "T1432 - Access Contact List" }, { "id": "T1439", "name": "Eavesdrop on Insecure Network Communication", "display_name": "T1439 - Eavesdrop on Insecure Network Communication" }, { "id": "T1447", "name": "Delete Device Data", "display_name": "T1447 - Delete Device Data" }, { "id": "T1472", "name": "Generate Fraudulent Advertising Revenue", "display_name": "T1472 - Generate Fraudulent Advertising Revenue" }, { "id": "T1507", "name": "Network Information Discovery", "display_name": "T1507 - Network Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1523", "name": "Evade Analysis Environment", "display_name": "T1523 - Evade Analysis Environment" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 70, "FileHash-SHA1": 40, "FileHash-SHA256": 549, "URL": 344, "domain": 293, "hostname": 443 }, "indicator_count": 1739, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cf32e906000d5993f366c4", "name": "Habo Analysis System - & 'bye for now'", "description": "Habo Analysis plus other relative findings.\n\nMy opinion: Problem Size Trend : Macro. Whoever deleted files doesnt make it go away. #cryptographicfailure. Living Nightmare. The dates will reflect 2019/20 post certificate exp which adjusts to an aug 2025 sectigo cert which expired sept 8 2025 rolling into aws for auth expiring renewing ent of oct 2025 into a 5 year gap renewed same # digicert globalsign2020 seal. This cant end. But I am done here for deletions (not otx in my research who did this). To the person who did, you cooked the internet. There was one way to resolution. You failed.", "modified": "2026-05-03T04:09:43.062000", "created": "2026-04-03T03:24:25.921000", "tags": [ "next associated", "files show", "date hash", "avast avg", "present dec", "lowfi", "mtb may", "susp", "code", "llc registrar", "date", "server", "admin country", "registry domain", "iana id", "admin city", "herndon tech", "country", "key identifier", "x509v3 subject", "number", "cgb osectigo", "public server", "dv r36", "validity", "subject public", "key info", "key algorithm", "cgb stgreater", "cnsectigo rsa", "secure server", "ca validity", "executable", "msdos win32", "generic windos", "dos executable", "generic" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1006, "FileHash-SHA1": 927, "FileHash-SHA256": 3665, "hostname": 1187, "URL": 1315, "email": 2, "domain": 605 }, "indicator_count": 8707, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6759da9f804616ef51d130e8", "name": "Google Drive: Sign-in http://assignee:arkadikulinski@gmail.com", "description": "Google Drive is available to view all of Google's search engine's content on your computer, tablet and mobile phone, including links to the Google homepage, Android app and Google+ website, as well as the BBC News app.", "modified": "2024-12-31T00:31:43.701000", "created": "2024-12-11T18:31:59.095000", "tags": [ "google drive", "sign", "email", "forgot email", "private window", "learn", "guest mode", "next create", "vhash", "ssdeep", "authentihash", "registry", "files", "samplepath", "sha256", "gmail", "create", "english", "latinoamrica", "gemini", "google", "gmail content", "espaol", "write", "chat", "express", "enjoy", "calendar", "philippines", "tp jako", "url dostawca", "vi2zda jako" ], "references": [ "https://drive.google.com/drive/folders/1IlYuuCiDiZAV66DuVkqTXwa1m_Rfz0Ov?usp=drive_link", "https://drive.google.com/drive/folders/1aWUt_ItOQKDyA4KA-aWJF8BTMdsyYMf-?usp=drive_link", "https://drive.google.com/drive/folders/1oYCzKXmadJFPFt4oqpOMtvV22afm1xzi?usp=drive_link", "https://mail.google.com/mail/u/0/&ifkv=AcMMx-fsK-dmQp5xLc1r6Mx0BuKhtU28JIFU2blCO9AcSPaDA0uOx8PBOgLcfLmHdaYOE28671uvng&osid=1&service=mail" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 39, "FileHash-SHA1": 2, "FileHash-MD5": 3, "email": 1, "URL": 124, "hostname": 1 }, "indicator_count": 170, "is_author": false, "is_subscribing": null, "subscriber_count": 124, "modified_text": "516 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://accounts.google.com/_/bscframe", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://accounts.google.com/_/bscframe", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780248215.7499423 }