{ "type": "URL", "indicator": "https://acdn.adnxs.com/dmp/async_usersync.html", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://acdn.adnxs.com/dmp/async_usersync.html", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #90", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain adnxs.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain adnxs.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3234645303, "indicator": "https://acdn.adnxs.com/dmp/async_usersync.html", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "69e01f0fe5819d351e625e46", "name": "VirusTotal report for TFI entrega preliminar -nov-", "description": "Here is the full text of Yomi's Verdict, which was sent to the BBC by the MITRE team and is now available to view via the web browser, via iPlayer, \u00c2\u00a31. msudosos- sandboxes: yomi cape ju ju and zen used. Sandbox evasion: this variant avoids zen box the most for this particular root kit it appears while Zen is still phenomenal i not strictly for QA. am documenting a forced connection to a document containing highly suspect human behavioral analysis. The use of these profiling domains is irregular and its purpose remains dangerously unclear.\nThis document is frequently linked to HEUR malware, creating a tactical \"setup for failure\" for the user. It was delivered via drop appearing in (VT), on a public forum, where it exhibited active malicious properties and triggered an involuntary interaction in sandboxed environments. It also contains a rootkit along with many of the other drops in here. I have concerns on the integrity of the internet if potential documents used for 'unknown' purposes are infected.", "modified": "2026-04-16T01:26:44.706000", "created": "2026-04-15T23:28:15.044000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "riff", "webp image", "united", "unix", "gif image", "png image", "phishing", "ukraine", "malicious", "next", "settings", "lcid", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "stringformatdot", "stringformat", "file size", "accept", "shutdown", "back", "toggle", "ntopenfile file", "nxdomain", "x85bxa1p", "sha512", "stream", "mitre att", "analysis", "first", "path", "virustotal", "enterprise", "service", "close", "windows sandbox", "calls process", "acrongl integ", "adc4240758", "sha256", "vp8 encoding", "none", "yuv color", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295422&Signature=MGWQsvbK%2B2fzrIXTtkiC8a4hyB42AqIP%2BEYXiYCIQunSYrk3mxbrKM70fNx%2Bnk%2BqR8PHxvPuhe3s0SL1u6JizNPvRu%2FI%2Fr6M0FQnaCaDjJmN9xWKFtyiqCrJmG3YuDnhWyJpFBDJjEPRUTdc3ZQNc6mc9yHGlT3ReRPPj4WmyXPQiyR%2B9OhTVVph7xsVgk%2BNfZ4RKGrJS0kYj9BsMLJpUU2WiqIJxxFhQI%2FsubPcbRl9SSLi66Sc", "https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295548&Signature=RKMl9Ti%2FIEwtVcecQkZvvcGP8IRy%2BOarFR0pAA1%2FwIeDTwGqYrAtzLQuLQanu9XcwhzxxjencTEt7C0aekGtzZubGI1CqGmsZwt9HZwmSg5bwM1Mrg6q98HNY14aPYkfvyoWwGqIe%2FBc56KMYG2IQtkp4BI110vNYueOxVdjH7ucAj7VmP5LM%2FMSPZS6FGZOXUGz5uT9dWgmzH84nj0GGXgxzopu7KstQyXUfSe2yoRkYQ2O1weE", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295630&Signature=TWmnms0j0EAynoVgzAAGnFNZ59548rJO8tXmmDJgPTaMSVEC66%2BiaIuxJdIjws23FyDkw5Q%2BHCPjbG96Tu2xMfJ4MMgCW10JC48yAgqfpHkeataovA7w3qEBAeyk5I6T%2B6gJ8w%2Bn4QCcjhGhNmaQTYB64TylVV7sJHS6ZgMcLjmB8601iHsLImh8d5pqYXP02vB9jxGojeqoESQ2dhme8MwnzE6tio4xIFpNEdjDjBvgHMPbx5E4f9b", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295686&Signature=e7ilcyg3a0lgCevSKe3wPqb2tRyDyMpmafAu0uPw81VkvqwyU66fBup558Ffl4F81tkypdO1bctU6ufCZrhundVPG%2FjETxKdFFvK%2FScl1Q1SQ2QpRR3YLuvdTg%2FcXqqqLmZ%2BhYe74Wbp8sBMXuMEQSfdZO%2FSoUAxTxF%2FWwfS7aNC8ePcbnl50oI1MRDx0KNodRC3qXoICpUlcL%2FYWtlZMbi67A4qz0HLsz%2B9%2Fj", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295707&Signature=bFkDOzIAOCZFSxQYdRvHOOIs6LTlLcdExd362Gq1NaK15UiMHX9QT5qHKi42FwP7JAHKv1QHajbGumSMwOtprT5hliFeSV2sw%2BWZ66D0h6%2FChZzROiBuxC6bjaFhnJI8yr2q7TbpC0sGdk%2BGAY8PxRMeNgwZ1VJzNfbkCErzMK%2FTe0jH%2BA0ejQCgeVMwRydbOzl091fXkrl4ombfZJqGFRBzUPUqqUQE3xU4fVDSnT2L%2FKWfHw", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295736&Signature=OLEx8EplUxZPrF7FhVUZaNqWvPDJu%2Bf7aIpde%2B0wDXGjVso%2BPaIRoZt%2B%2BysT5WjpPpI8cNTbb%2BgPLAT80hcjvZqZv4Jpt%2BfniNnG6sT86NLmmUr8PzZNJeqw4tFKteQCWOiwzF0qJ4Jrv%2BjwmOxizSFEQYwX7JdqRYmCd1kVtEM3PgQqX5%2BW2gAlpSPM2N61J6N5YOhvaHMp52tGKEbaYGMaakcmL7%2FqPuUqJ4a%2FD0y5GE%2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 192, "FileHash-MD5": 446, "FileHash-SHA1": 239, "FileHash-SHA256": 1001, "URL": 118, "domain": 15, "hostname": 222 }, "indicator_count": 2233, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a9cd444aa144401d0c4988", "name": "Pools Open", "description": "", "modified": "2026-04-15T19:21:28.851000", "created": "2026-03-05T18:36:52.014000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23428, "hostname": 9592, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47103, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec10621c1502a529923bb", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:30.126000", "created": "2026-04-02T19:18:30.126000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec0fd4e0b04227b505a5f", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:21.797000", "created": "2026-04-02T19:18:21.797000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "5fa57698ac0f6638b7b9a8ba", "name": "Pool's Closed", "description": "Two paupers from the meadow spring forth an upheaval of nasty sites on the world wide web.", "modified": "2025-12-27T05:02:34.910000", "created": "2020-11-06T16:15:20.139000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": null, "export_count": 61, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23426, "hostname": 9590, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47099, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "113 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a161f0681f4ff3d67feb", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-12-06T16:29:21.844000", "created": "2023-12-06T16:29:21.844000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a145926a5676de0e2a1a", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-12-06T16:28:53.979000", "created": "2023-12-06T16:28:53.979000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708191cdba4e9f07ba1f93", "name": "mail.ru:%22,", "description": "", "modified": "2023-12-06T14:13:36.976000", "created": "2023-12-06T14:13:36.976000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2753, "hostname": 1341, "domain": 447, "URL": 3301, "CIDR": 65, "FileHash-MD5": 112, "FileHash-SHA1": 2 }, "indicator_count": 8021, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707b9630308cb99a817277", "name": "Pool's Closed", "description": "", "modified": "2023-12-06T13:48:06.514000", "created": "2023-12-06T13:48:06.514000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64f37719db054ccde25aa9df", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-09-02T17:55:37.269000", "created": "2023-09-02T17:55:37.269000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7851, "URL": 23098, "hostname": 9521, "domain": 4595, "SSLCertFingerprint": 22, "FileHash-MD5": 564, "FileHash-SHA1": 432, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 46120, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "960 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64f3771616d9a9891947e4df", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-09-02T17:55:34.095000", "created": "2023-09-02T17:55:34.095000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7851, "URL": 23098, "hostname": 9521, "domain": 4595, "SSLCertFingerprint": 22, "FileHash-MD5": 564, "FileHash-SHA1": 432, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 46120, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "960 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "622ce493722da2314c26a477", "name": "mail.ru:%22,", "description": "", "modified": "2022-04-11T00:04:29.819000", "created": "2022-03-12T18:21:07.131000", "tags": [], "references": [ "mail.ru:%22,.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3301, "hostname": 1341, "domain": 447, "FileHash-SHA256": 2753, "CIDR": 65, "FileHash-MD5": 112, "FileHash-SHA1": 2 }, "indicator_count": 8021, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1469 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295630&Signature=TWmnms0j0EAynoVgzAAGnFNZ59548rJO8tXmmDJgPTaMSVEC66%2BiaIuxJdIjws23FyDkw5Q%2BHCPjbG96Tu2xMfJ4MMgCW10JC48yAgqfpHkeataovA7w3qEBAeyk5I6T%2B6gJ8w%2Bn4QCcjhGhNmaQTYB64TylVV7sJHS6ZgMcLjmB8601iHsLImh8d5pqYXP02vB9jxGojeqoESQ2dhme8MwnzE6tio4xIFpNEdjDjBvgHMPbx5E4f9b", "Pool's Closed", "https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295422&Signature=MGWQsvbK%2B2fzrIXTtkiC8a4hyB42AqIP%2BEYXiYCIQunSYrk3mxbrKM70fNx%2Bnk%2BqR8PHxvPuhe3s0SL1u6JizNPvRu%2FI%2Fr6M0FQnaCaDjJmN9xWKFtyiqCrJmG3YuDnhWyJpFBDJjEPRUTdc3ZQNc6mc9yHGlT3ReRPPj4WmyXPQiyR%2B9OhTVVph7xsVgk%2BNfZ4RKGrJS0kYj9BsMLJpUU2WiqIJxxFhQI%2FsubPcbRl9SSLi66Sc", "mail.ru:%22,.pdf", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295686&Signature=e7ilcyg3a0lgCevSKe3wPqb2tRyDyMpmafAu0uPw81VkvqwyU66fBup558Ffl4F81tkypdO1bctU6ufCZrhundVPG%2FjETxKdFFvK%2FScl1Q1SQ2QpRR3YLuvdTg%2FcXqqqLmZ%2BhYe74Wbp8sBMXuMEQSfdZO%2FSoUAxTxF%2FWwfS7aNC8ePcbnl50oI1MRDx0KNodRC3qXoICpUlcL%2FYWtlZMbi67A4qz0HLsz%2B9%2Fj", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295736&Signature=OLEx8EplUxZPrF7FhVUZaNqWvPDJu%2Bf7aIpde%2B0wDXGjVso%2BPaIRoZt%2B%2BysT5WjpPpI8cNTbb%2BgPLAT80hcjvZqZv4Jpt%2BfniNnG6sT86NLmmUr8PzZNJeqw4tFKteQCWOiwzF0qJ4Jrv%2BjwmOxizSFEQYwX7JdqRYmCd1kVtEM3PgQqX5%2BW2gAlpSPM2N61J6N5YOhvaHMp52tGKEbaYGMaakcmL7%2FqPuUqJ4a%2FD0y5GE%2", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295548&Signature=RKMl9Ti%2FIEwtVcecQkZvvcGP8IRy%2BOarFR0pAA1%2FwIeDTwGqYrAtzLQuLQanu9XcwhzxxjencTEt7C0aekGtzZubGI1CqGmsZwt9HZwmSg5bwM1Mrg6q98HNY14aPYkfvyoWwGqIe%2FBc56KMYG2IQtkp4BI110vNYueOxVdjH7ucAj7VmP5LM%2FMSPZS6FGZOXUGz5uT9dWgmzH84nj0GGXgxzopu7KstQyXUfSe2yoRkYQ2O1weE", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295707&Signature=bFkDOzIAOCZFSxQYdRvHOOIs6LTlLcdExd362Gq1NaK15UiMHX9QT5qHKi42FwP7JAHKv1QHajbGumSMwOtprT5hliFeSV2sw%2BWZ66D0h6%2FChZzROiBuxC6bjaFhnJI8yr2q7TbpC0sGdk%2BGAY8PxRMeNgwZ1VJzNfbkCErzMK%2FTe0jH%2BA0ejQCgeVMwRydbOzl091fXkrl4ombfZJqGFRBzUPUqqUQE3xU4fVDSnT2L%2FKWfHw", "Pool Closed" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Media", "Ad fraud" ], "unique_indicators": 58099 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/adnxs.com", "whois": "http://whois.domaintools.com/adnxs.com", "domain": "adnxs.com", "hostname": "acdn.adnxs.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "69e01f0fe5819d351e625e46", "name": "VirusTotal report for TFI entrega preliminar -nov-", "description": "Here is the full text of Yomi's Verdict, which was sent to the BBC by the MITRE team and is now available to view via the web browser, via iPlayer, \u00c2\u00a31. msudosos- sandboxes: yomi cape ju ju and zen used. Sandbox evasion: this variant avoids zen box the most for this particular root kit it appears while Zen is still phenomenal i not strictly for QA. am documenting a forced connection to a document containing highly suspect human behavioral analysis. The use of these profiling domains is irregular and its purpose remains dangerously unclear.\nThis document is frequently linked to HEUR malware, creating a tactical \"setup for failure\" for the user. It was delivered via drop appearing in (VT), on a public forum, where it exhibited active malicious properties and triggered an involuntary interaction in sandboxed environments. It also contains a rootkit along with many of the other drops in here. I have concerns on the integrity of the internet if potential documents used for 'unknown' purposes are infected.", "modified": "2026-04-16T01:26:44.706000", "created": "2026-04-15T23:28:15.044000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "riff", "webp image", "united", "unix", "gif image", "png image", "phishing", "ukraine", "malicious", "next", "settings", "lcid", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "stringformatdot", "stringformat", "file size", "accept", "shutdown", "back", "toggle", "ntopenfile file", "nxdomain", "x85bxa1p", "sha512", "stream", "mitre att", "analysis", "first", "path", "virustotal", "enterprise", "service", "close", "windows sandbox", "calls process", "acrongl integ", "adc4240758", "sha256", "vp8 encoding", "none", "yuv color", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295422&Signature=MGWQsvbK%2B2fzrIXTtkiC8a4hyB42AqIP%2BEYXiYCIQunSYrk3mxbrKM70fNx%2Bnk%2BqR8PHxvPuhe3s0SL1u6JizNPvRu%2FI%2Fr6M0FQnaCaDjJmN9xWKFtyiqCrJmG3YuDnhWyJpFBDJjEPRUTdc3ZQNc6mc9yHGlT3ReRPPj4WmyXPQiyR%2B9OhTVVph7xsVgk%2BNfZ4RKGrJS0kYj9BsMLJpUU2WiqIJxxFhQI%2FsubPcbRl9SSLi66Sc", "https://vtbehaviour.commondatastorage.googleapis.com/f7ebd7d3f17db46f3bb8acd5ae264953d9176cf3f250e05f0bbbfc312d37be07_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295548&Signature=RKMl9Ti%2FIEwtVcecQkZvvcGP8IRy%2BOarFR0pAA1%2FwIeDTwGqYrAtzLQuLQanu9XcwhzxxjencTEt7C0aekGtzZubGI1CqGmsZwt9HZwmSg5bwM1Mrg6q98HNY14aPYkfvyoWwGqIe%2FBc56KMYG2IQtkp4BI110vNYueOxVdjH7ucAj7VmP5LM%2FMSPZS6FGZOXUGz5uT9dWgmzH84nj0GGXgxzopu7KstQyXUfSe2yoRkYQ2O1weE", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295630&Signature=TWmnms0j0EAynoVgzAAGnFNZ59548rJO8tXmmDJgPTaMSVEC66%2BiaIuxJdIjws23FyDkw5Q%2BHCPjbG96Tu2xMfJ4MMgCW10JC48yAgqfpHkeataovA7w3qEBAeyk5I6T%2B6gJ8w%2Bn4QCcjhGhNmaQTYB64TylVV7sJHS6ZgMcLjmB8601iHsLImh8d5pqYXP02vB9jxGojeqoESQ2dhme8MwnzE6tio4xIFpNEdjDjBvgHMPbx5E4f9b", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295686&Signature=e7ilcyg3a0lgCevSKe3wPqb2tRyDyMpmafAu0uPw81VkvqwyU66fBup558Ffl4F81tkypdO1bctU6ufCZrhundVPG%2FjETxKdFFvK%2FScl1Q1SQ2QpRR3YLuvdTg%2FcXqqqLmZ%2BhYe74Wbp8sBMXuMEQSfdZO%2FSoUAxTxF%2FWwfS7aNC8ePcbnl50oI1MRDx0KNodRC3qXoICpUlcL%2FYWtlZMbi67A4qz0HLsz%2B9%2Fj", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295707&Signature=bFkDOzIAOCZFSxQYdRvHOOIs6LTlLcdExd362Gq1NaK15UiMHX9QT5qHKi42FwP7JAHKv1QHajbGumSMwOtprT5hliFeSV2sw%2BWZ66D0h6%2FChZzROiBuxC6bjaFhnJI8yr2q7TbpC0sGdk%2BGAY8PxRMeNgwZ1VJzNfbkCErzMK%2FTe0jH%2BA0ejQCgeVMwRydbOzl091fXkrl4ombfZJqGFRBzUPUqqUQE3xU4fVDSnT2L%2FKWfHw", "https://vtbehaviour.commondatastorage.googleapis.com/5a6a63c3d1545331e7956c8beb13f886cc041dc60ac3b6ca8a37c4e9ee9b4835_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776295736&Signature=OLEx8EplUxZPrF7FhVUZaNqWvPDJu%2Bf7aIpde%2B0wDXGjVso%2BPaIRoZt%2B%2BysT5WjpPpI8cNTbb%2BgPLAT80hcjvZqZv4Jpt%2BfniNnG6sT86NLmmUr8PzZNJeqw4tFKteQCWOiwzF0qJ4Jrv%2BjwmOxizSFEQYwX7JdqRYmCd1kVtEM3PgQqX5%2BW2gAlpSPM2N61J6N5YOhvaHMp52tGKEbaYGMaakcmL7%2FqPuUqJ4a%2FD0y5GE%2" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 192, "FileHash-MD5": 446, "FileHash-SHA1": 239, "FileHash-SHA256": 1001, "URL": 118, "domain": 15, "hostname": 222 }, "indicator_count": 2233, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a9cd444aa144401d0c4988", "name": "Pools Open", "description": "", "modified": "2026-04-15T19:21:28.851000", "created": "2026-03-05T18:36:52.014000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23428, "hostname": 9592, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47103, "is_author": false, "is_subscribing": null, "subscriber_count": 50, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec10621c1502a529923bb", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:30.126000", "created": "2026-04-02T19:18:30.126000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec0fd4e0b04227b505a5f", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:21.797000", "created": "2026-04-02T19:18:21.797000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "5fa57698ac0f6638b7b9a8ba", "name": "Pool's Closed", "description": "Two paupers from the meadow spring forth an upheaval of nasty sites on the world wide web.", "modified": "2025-12-27T05:02:34.910000", "created": "2020-11-06T16:15:20.139000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": null, "export_count": 61, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 4, "follower_count": 0, "vote": 0, "author": { "username": "scnrscnr", "id": "126475", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_126475/resized/80/avatar_67ca5b7bae.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 8098, "URL": 23426, "hostname": 9590, "domain": 4727, "SSLCertFingerprint": 22, "FileHash-MD5": 696, "FileHash-SHA1": 457, "CIDR": 78, "email": 3, "CVE": 2 }, "indicator_count": 47099, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "113 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a161f0681f4ff3d67feb", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-12-06T16:29:21.844000", "created": "2023-12-06T16:29:21.844000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a145926a5676de0e2a1a", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-12-06T16:28:53.979000", "created": "2023-12-06T16:28:53.979000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708191cdba4e9f07ba1f93", "name": "mail.ru:%22,", "description": "", "modified": "2023-12-06T14:13:36.976000", "created": "2023-12-06T14:13:36.976000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2753, "hostname": 1341, "domain": 447, "URL": 3301, "CIDR": 65, "FileHash-MD5": 112, "FileHash-SHA1": 2 }, "indicator_count": 8021, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65707b9630308cb99a817277", "name": "Pool's Closed", "description": "", "modified": "2023-12-06T13:48:06.514000", "created": "2023-12-06T13:48:06.514000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7844, "FileHash-MD5": 562, "FileHash-SHA1": 429, "URL": 22749, "hostname": 9461, "domain": 4578, "SSLCertFingerprint": 20, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 45680, "is_author": false, "is_subscribing": null, "subscriber_count": 111, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64f37719db054ccde25aa9df", "name": "Pool's Closed (by @scnrscnr)", "description": "", "modified": "2023-09-02T17:55:37.269000", "created": "2023-09-02T17:55:37.269000", "tags": [ "Timothy Pool", "Christopher Pool", "Pool's Closed" ], "references": [ "Pool Closed", "Pool's Closed" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [ "Media", "ad fraud" ], "TLP": "white", "cloned_from": "5fa57698ac0f6638b7b9a8ba", "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7851, "URL": 23098, "hostname": 9521, "domain": 4595, "SSLCertFingerprint": 22, "FileHash-MD5": 564, "FileHash-SHA1": 432, "CIDR": 32, "email": 3, "CVE": 2 }, "indicator_count": 46120, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "960 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://acdn.adnxs.com/dmp/async_usersync.html", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://acdn.adnxs.com/dmp/async_usersync.html", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776622459.5260124 }