{ "type": "URL", "indicator": "https://api.box.com/2.0/users/me", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://api.box.com/2.0/users/me", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #966", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain box.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain box.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4305743877, "indicator": "https://api.box.com/2.0/users/me", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "69dbeabf8e4208f8af8b744d", "name": "CAPE Sandbox", "description": "A full report on Google Tag Manager for GA4, available to download on the web at any time, here is the full set of key points and key details for the report: .", "modified": "2026-04-12T18:55:59.161000", "created": "2026-04-12T18:55:59.161000", "tags": [ "default", "typelib", "parent pid", "full path", "command line", "inprocserver32", "accept", "shell folders", "host", "cname", "install", "agent", "shutdown", "win64", "back", "info", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "estonia", "body", "performs dns", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "overview zenbox", "verdict", "phishing", "next", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "urls", "has permission", "united", "sim provider", "may check", "tls version", "persistence", "pe file", "pe32", "intel", "ms windows", "sample", "spawns", "found", "drops pe", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/007b0aa19218de7fe7b47dc785b345e4e09f8c8a133c689dafc778cf793e3ce0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019916&Signature=xU%2B28g7ql0wStAL7V97bG%2Bu0WHtev4OIGz8U3iqDKd%2FVNVlrDQ3vuAEteGPtDDR7qOlLSsItJmNBqGgWLySJ6U0nGICmzJVo0byP8H6%2Fd3HprkIH74LXAL%2FamR8rSKAlS1VWW%2FnGofIVc0zLtQeJdz%2BAMpNC0WX4pzvsIv2uagnjpUxUyVUykArW18%2FIapRYlTQZ0g4MdrwH%2FZ7h%2F0u9jGUM6rAiCBz33EYObn4aNb", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019946&Signature=JcVZlsCApsz0O52G3FOi%2BaimamYfGaduCcu4UnDC9VmXvZgqZ7fDxGeCnZM9NPUhmq0561rZ8PRIqA52RiBX3KnC7vhJa9PFjro5MHPo48Ypu9wL0RVB7C0RmZ3osycpkpyxEhtxKbIBAhFSEeMaEF%2F1BQw5%2BiCzEgPRP4X89bIAzw2EDpi3ulfCz8hms3FgCvWD6JMXBGKQJt1aE58BlUPY7ZhwLtbK4kOd4wzZjtfRjMqcTIEH7E0l", "https://vtbehaviour.commondatastorage.googleapis.com/3aebd918df444e5261a70a7b9957a04b62899583cca94cb90078ee348988691e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020086&Signature=vMuNzon2yUMc%2F5PXmshAS3lf0MVaReBDP3dcoOo82NLL71xjFa%2F0VIEFo55JjUmKlOHvhj6b0rJp8aIUUpsBDR%2FLZqmeDT44n0TYUkzfcIlLutGzkvs51q5mrJeeemJL6QT8bKwOFyLEXXO4SZPPduUilqL%2B1j79%2BDUni60qslB23F%2FgjYjG0edIuIfW6yq1yjBgsR34RyCGI5Lc8I%2FVLrF4ZjzIswsIHyhorBolKc7rKhoDz6masxaT", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020136&Signature=H%2FVhg6NRizidJvYP4bRaC%2B%2Fuh8%2F0Z5Rd0CKbYgwrqTxA%2B2BloALbxPU70bhu3eDWE1sqvRizm6xer2MkUeNtxL9kjtBPDD7Vpxe6Oq6R6o22ZN5vWg%2BqZnbM3PVA3wfuJwZ1sZaO7gv79Bd4iyuD9687aMdFTrD5BJ%2Fbd2rKn063HRKOwRubgTuKJwxXlPjVI0ocAdDIvmmDac1rsWOYTbcHVCIKUVrpUCmnjpXsSag%2BZTA", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020243&Signature=H1wTQxzrttgLCjJhjhriXYwMDCRB5ydjPUCYh9LS7Sqr42Y7WZzXZe0hC7YLFaTXYy2N3AsSr89gjIRZR80Jda4iLYyDlgohE9qQ3kFeKNZ%2FNp7IQu5FZY%2FpXRI7rsIlJnvlZmpbI006al7O0LQV5CrC797x%2FTp6jmAxmP5TS7NA%2BGfaDL14G7dIIeHtBoHxi7cbP%2Fe3qT1q3LcRk5oN%2FRV8TXEhpggMmbhYUEmK6ATwmwrh", "https://vtbehaviour.commondatastorage.googleapis.com/005fdc2438f1b1e58ea5e4d9c396feea40ad8a4788e90da06ecea60c5a8d79c2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020323&Signature=Mogy01Itx6r1B%2BxNe8ittQgO%2FxZRRAb%2F9lJynhxwSVOzHX7CsWRLBNEGHRp0B9k%2Bg%2FHO2jb5K65QRLLPyqkoA45n8CsH6T5790n7E0fsbYtOvp04eV28khNlOt2b%2Feh0a3nwcC%2BNAmxEHgqzaCfQlHBqBjk2ErpfhlpC5uQJchq%2BBgGeuPcFc8YRy4RCmaBiaTeD2V%2FJD7lssTzQfnZhLNMSLqEISDCN7TYsfL1%2BJREl4wSO7C", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 302, "FileHash-SHA1": 71, "FileHash-SHA256": 78, "IPv4": 206, "URL": 181, "domain": 34, "hostname": 237 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69dbeabe5c5690d468b08e7a", "name": "CAPE Sandbox", "description": "A full report on Google Tag Manager for GA4, available to download on the web at any time, here is the full set of key points and key details for the report: .", "modified": "2026-04-12T18:55:58.319000", "created": "2026-04-12T18:55:58.319000", "tags": [ "default", "typelib", "parent pid", "full path", "command line", "inprocserver32", "accept", "shell folders", "host", "cname", "install", "agent", "shutdown", "win64", "back", "info", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "estonia", "body", "performs dns", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "overview zenbox", "verdict", "phishing", "next", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "urls", "has permission", "united", "sim provider", "may check", "tls version", "persistence", "pe file", "pe32", "intel", "ms windows", "sample", "spawns", "found", "drops pe", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/007b0aa19218de7fe7b47dc785b345e4e09f8c8a133c689dafc778cf793e3ce0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019916&Signature=xU%2B28g7ql0wStAL7V97bG%2Bu0WHtev4OIGz8U3iqDKd%2FVNVlrDQ3vuAEteGPtDDR7qOlLSsItJmNBqGgWLySJ6U0nGICmzJVo0byP8H6%2Fd3HprkIH74LXAL%2FamR8rSKAlS1VWW%2FnGofIVc0zLtQeJdz%2BAMpNC0WX4pzvsIv2uagnjpUxUyVUykArW18%2FIapRYlTQZ0g4MdrwH%2FZ7h%2F0u9jGUM6rAiCBz33EYObn4aNb", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019946&Signature=JcVZlsCApsz0O52G3FOi%2BaimamYfGaduCcu4UnDC9VmXvZgqZ7fDxGeCnZM9NPUhmq0561rZ8PRIqA52RiBX3KnC7vhJa9PFjro5MHPo48Ypu9wL0RVB7C0RmZ3osycpkpyxEhtxKbIBAhFSEeMaEF%2F1BQw5%2BiCzEgPRP4X89bIAzw2EDpi3ulfCz8hms3FgCvWD6JMXBGKQJt1aE58BlUPY7ZhwLtbK4kOd4wzZjtfRjMqcTIEH7E0l", "https://vtbehaviour.commondatastorage.googleapis.com/3aebd918df444e5261a70a7b9957a04b62899583cca94cb90078ee348988691e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020086&Signature=vMuNzon2yUMc%2F5PXmshAS3lf0MVaReBDP3dcoOo82NLL71xjFa%2F0VIEFo55JjUmKlOHvhj6b0rJp8aIUUpsBDR%2FLZqmeDT44n0TYUkzfcIlLutGzkvs51q5mrJeeemJL6QT8bKwOFyLEXXO4SZPPduUilqL%2B1j79%2BDUni60qslB23F%2FgjYjG0edIuIfW6yq1yjBgsR34RyCGI5Lc8I%2FVLrF4ZjzIswsIHyhorBolKc7rKhoDz6masxaT", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020136&Signature=H%2FVhg6NRizidJvYP4bRaC%2B%2Fuh8%2F0Z5Rd0CKbYgwrqTxA%2B2BloALbxPU70bhu3eDWE1sqvRizm6xer2MkUeNtxL9kjtBPDD7Vpxe6Oq6R6o22ZN5vWg%2BqZnbM3PVA3wfuJwZ1sZaO7gv79Bd4iyuD9687aMdFTrD5BJ%2Fbd2rKn063HRKOwRubgTuKJwxXlPjVI0ocAdDIvmmDac1rsWOYTbcHVCIKUVrpUCmnjpXsSag%2BZTA", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020243&Signature=H1wTQxzrttgLCjJhjhriXYwMDCRB5ydjPUCYh9LS7Sqr42Y7WZzXZe0hC7YLFaTXYy2N3AsSr89gjIRZR80Jda4iLYyDlgohE9qQ3kFeKNZ%2FNp7IQu5FZY%2FpXRI7rsIlJnvlZmpbI006al7O0LQV5CrC797x%2FTp6jmAxmP5TS7NA%2BGfaDL14G7dIIeHtBoHxi7cbP%2Fe3qT1q3LcRk5oN%2FRV8TXEhpggMmbhYUEmK6ATwmwrh", "https://vtbehaviour.commondatastorage.googleapis.com/005fdc2438f1b1e58ea5e4d9c396feea40ad8a4788e90da06ecea60c5a8d79c2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020323&Signature=Mogy01Itx6r1B%2BxNe8ittQgO%2FxZRRAb%2F9lJynhxwSVOzHX7CsWRLBNEGHRp0B9k%2Bg%2FHO2jb5K65QRLLPyqkoA45n8CsH6T5790n7E0fsbYtOvp04eV28khNlOt2b%2Feh0a3nwcC%2BNAmxEHgqzaCfQlHBqBjk2ErpfhlpC5uQJchq%2BBgGeuPcFc8YRy4RCmaBiaTeD2V%2FJD7lssTzQfnZhLNMSLqEISDCN7TYsfL1%2BJREl4wSO7C", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 302, "FileHash-SHA1": 71, "FileHash-SHA256": 78, "IPv4": 206, "URL": 181, "domain": 34, "hostname": 237 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69dbeabd47b6e788ecf7fc32", "name": "CAPE Sandbox", "description": "A full report on Google Tag Manager for GA4, available to download on the web at any time, here is the full set of key points and key details for the report: .", "modified": "2026-04-12T18:55:57.872000", "created": "2026-04-12T18:55:57.872000", "tags": [ "default", "typelib", "parent pid", "full path", "command line", "inprocserver32", "accept", "shell folders", "host", "cname", "install", "agent", "shutdown", "win64", "back", "info", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "estonia", "body", "performs dns", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "overview zenbox", "verdict", "phishing", "next", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "urls", "has permission", "united", "sim provider", "may check", "tls version", "persistence", "pe file", "pe32", "intel", "ms windows", "sample", "spawns", "found", "drops pe", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/007b0aa19218de7fe7b47dc785b345e4e09f8c8a133c689dafc778cf793e3ce0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019916&Signature=xU%2B28g7ql0wStAL7V97bG%2Bu0WHtev4OIGz8U3iqDKd%2FVNVlrDQ3vuAEteGPtDDR7qOlLSsItJmNBqGgWLySJ6U0nGICmzJVo0byP8H6%2Fd3HprkIH74LXAL%2FamR8rSKAlS1VWW%2FnGofIVc0zLtQeJdz%2BAMpNC0WX4pzvsIv2uagnjpUxUyVUykArW18%2FIapRYlTQZ0g4MdrwH%2FZ7h%2F0u9jGUM6rAiCBz33EYObn4aNb", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019946&Signature=JcVZlsCApsz0O52G3FOi%2BaimamYfGaduCcu4UnDC9VmXvZgqZ7fDxGeCnZM9NPUhmq0561rZ8PRIqA52RiBX3KnC7vhJa9PFjro5MHPo48Ypu9wL0RVB7C0RmZ3osycpkpyxEhtxKbIBAhFSEeMaEF%2F1BQw5%2BiCzEgPRP4X89bIAzw2EDpi3ulfCz8hms3FgCvWD6JMXBGKQJt1aE58BlUPY7ZhwLtbK4kOd4wzZjtfRjMqcTIEH7E0l", "https://vtbehaviour.commondatastorage.googleapis.com/3aebd918df444e5261a70a7b9957a04b62899583cca94cb90078ee348988691e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020086&Signature=vMuNzon2yUMc%2F5PXmshAS3lf0MVaReBDP3dcoOo82NLL71xjFa%2F0VIEFo55JjUmKlOHvhj6b0rJp8aIUUpsBDR%2FLZqmeDT44n0TYUkzfcIlLutGzkvs51q5mrJeeemJL6QT8bKwOFyLEXXO4SZPPduUilqL%2B1j79%2BDUni60qslB23F%2FgjYjG0edIuIfW6yq1yjBgsR34RyCGI5Lc8I%2FVLrF4ZjzIswsIHyhorBolKc7rKhoDz6masxaT", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020136&Signature=H%2FVhg6NRizidJvYP4bRaC%2B%2Fuh8%2F0Z5Rd0CKbYgwrqTxA%2B2BloALbxPU70bhu3eDWE1sqvRizm6xer2MkUeNtxL9kjtBPDD7Vpxe6Oq6R6o22ZN5vWg%2BqZnbM3PVA3wfuJwZ1sZaO7gv79Bd4iyuD9687aMdFTrD5BJ%2Fbd2rKn063HRKOwRubgTuKJwxXlPjVI0ocAdDIvmmDac1rsWOYTbcHVCIKUVrpUCmnjpXsSag%2BZTA", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020243&Signature=H1wTQxzrttgLCjJhjhriXYwMDCRB5ydjPUCYh9LS7Sqr42Y7WZzXZe0hC7YLFaTXYy2N3AsSr89gjIRZR80Jda4iLYyDlgohE9qQ3kFeKNZ%2FNp7IQu5FZY%2FpXRI7rsIlJnvlZmpbI006al7O0LQV5CrC797x%2FTp6jmAxmP5TS7NA%2BGfaDL14G7dIIeHtBoHxi7cbP%2Fe3qT1q3LcRk5oN%2FRV8TXEhpggMmbhYUEmK6ATwmwrh", "https://vtbehaviour.commondatastorage.googleapis.com/005fdc2438f1b1e58ea5e4d9c396feea40ad8a4788e90da06ecea60c5a8d79c2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020323&Signature=Mogy01Itx6r1B%2BxNe8ittQgO%2FxZRRAb%2F9lJynhxwSVOzHX7CsWRLBNEGHRp0B9k%2Bg%2FHO2jb5K65QRLLPyqkoA45n8CsH6T5790n7E0fsbYtOvp04eV28khNlOt2b%2Feh0a3nwcC%2BNAmxEHgqzaCfQlHBqBjk2ErpfhlpC5uQJchq%2BBgGeuPcFc8YRy4RCmaBiaTeD2V%2FJD7lssTzQfnZhLNMSLqEISDCN7TYsfL1%2BJREl4wSO7C", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 302, "FileHash-SHA1": 71, "FileHash-SHA256": 78, "IPv4": 206, "URL": 181, "domain": 34, "hostname": 237 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69db4698d0cd0d278dc7ebac", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T11:31:40.754000", "created": "2026-04-12T07:15:36.900000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69db469af0e341420764ab93", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T07:15:38.372000", "created": "2026-04-12T07:15:38.372000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/005fdc2438f1b1e58ea5e4d9c396feea40ad8a4788e90da06ecea60c5a8d79c2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020323&Signature=Mogy01Itx6r1B%2BxNe8ittQgO%2FxZRRAb%2F9lJynhxwSVOzHX7CsWRLBNEGHRp0B9k%2Bg%2FHO2jb5K65QRLLPyqkoA45n8CsH6T5790n7E0fsbYtOvp04eV28khNlOt2b%2Feh0a3nwcC%2BNAmxEHgqzaCfQlHBqBjk2ErpfhlpC5uQJchq%2BBgGeuPcFc8YRy4RCmaBiaTeD2V%2FJD7lssTzQfnZhLNMSLqEISDCN7TYsfL1%2BJREl4wSO7C", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019946&Signature=JcVZlsCApsz0O52G3FOi%2BaimamYfGaduCcu4UnDC9VmXvZgqZ7fDxGeCnZM9NPUhmq0561rZ8PRIqA52RiBX3KnC7vhJa9PFjro5MHPo48Ypu9wL0RVB7C0RmZ3osycpkpyxEhtxKbIBAhFSEeMaEF%2F1BQw5%2BiCzEgPRP4X89bIAzw2EDpi3ulfCz8hms3FgCvWD6JMXBGKQJt1aE58BlUPY7ZhwLtbK4kOd4wzZjtfRjMqcTIEH7E0l", "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020243&Signature=H1wTQxzrttgLCjJhjhriXYwMDCRB5ydjPUCYh9LS7Sqr42Y7WZzXZe0hC7YLFaTXYy2N3AsSr89gjIRZR80Jda4iLYyDlgohE9qQ3kFeKNZ%2FNp7IQu5FZY%2FpXRI7rsIlJnvlZmpbI006al7O0LQV5CrC797x%2FTp6jmAxmP5TS7NA%2BGfaDL14G7dIIeHtBoHxi7cbP%2Fe3qT1q3LcRk5oN%2FRV8TXEhpggMmbhYUEmK6ATwmwrh", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/3aebd918df444e5261a70a7b9957a04b62899583cca94cb90078ee348988691e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020086&Signature=vMuNzon2yUMc%2F5PXmshAS3lf0MVaReBDP3dcoOo82NLL71xjFa%2F0VIEFo55JjUmKlOHvhj6b0rJp8aIUUpsBDR%2FLZqmeDT44n0TYUkzfcIlLutGzkvs51q5mrJeeemJL6QT8bKwOFyLEXXO4SZPPduUilqL%2B1j79%2BDUni60qslB23F%2FgjYjG0edIuIfW6yq1yjBgsR34RyCGI5Lc8I%2FVLrF4ZjzIswsIHyhorBolKc7rKhoDz6masxaT", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d", "https://vtbehaviour.commondatastorage.googleapis.com/007b0aa19218de7fe7b47dc785b345e4e09f8c8a133c689dafc778cf793e3ce0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019916&Signature=xU%2B28g7ql0wStAL7V97bG%2Bu0WHtev4OIGz8U3iqDKd%2FVNVlrDQ3vuAEteGPtDDR7qOlLSsItJmNBqGgWLySJ6U0nGICmzJVo0byP8H6%2Fd3HprkIH74LXAL%2FamR8rSKAlS1VWW%2FnGofIVc0zLtQeJdz%2BAMpNC0WX4pzvsIv2uagnjpUxUyVUykArW18%2FIapRYlTQZ0g4MdrwH%2FZ7h%2F0u9jGUM6rAiCBz33EYObn4aNb", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020136&Signature=H%2FVhg6NRizidJvYP4bRaC%2B%2Fuh8%2F0Z5Rd0CKbYgwrqTxA%2B2BloALbxPU70bhu3eDWE1sqvRizm6xer2MkUeNtxL9kjtBPDD7Vpxe6Oq6R6o22ZN5vWg%2BqZnbM3PVA3wfuJwZ1sZaO7gv79Bd4iyuD9687aMdFTrD5BJ%2Fbd2rKn063HRKOwRubgTuKJwxXlPjVI0ocAdDIvmmDac1rsWOYTbcHVCIKUVrpUCmnjpXsSag%2BZTA" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1537 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/box.com", "whois": "http://whois.domaintools.com/box.com", "domain": "box.com", "hostname": "api.box.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "69dbeabf8e4208f8af8b744d", "name": "CAPE Sandbox", "description": "A full report on Google Tag Manager for GA4, available to download on the web at any time, here is the full set of key points and key details for the report: .", "modified": "2026-04-12T18:55:59.161000", "created": "2026-04-12T18:55:59.161000", "tags": [ "default", "typelib", "parent pid", "full path", "command line", "inprocserver32", "accept", "shell folders", "host", "cname", "install", "agent", "shutdown", "win64", "back", "info", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "estonia", "body", "performs dns", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "overview zenbox", "verdict", "phishing", "next", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "urls", "has permission", "united", "sim provider", "may check", "tls version", "persistence", "pe file", "pe32", "intel", "ms windows", "sample", "spawns", "found", "drops pe", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/007b0aa19218de7fe7b47dc785b345e4e09f8c8a133c689dafc778cf793e3ce0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019916&Signature=xU%2B28g7ql0wStAL7V97bG%2Bu0WHtev4OIGz8U3iqDKd%2FVNVlrDQ3vuAEteGPtDDR7qOlLSsItJmNBqGgWLySJ6U0nGICmzJVo0byP8H6%2Fd3HprkIH74LXAL%2FamR8rSKAlS1VWW%2FnGofIVc0zLtQeJdz%2BAMpNC0WX4pzvsIv2uagnjpUxUyVUykArW18%2FIapRYlTQZ0g4MdrwH%2FZ7h%2F0u9jGUM6rAiCBz33EYObn4aNb", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019946&Signature=JcVZlsCApsz0O52G3FOi%2BaimamYfGaduCcu4UnDC9VmXvZgqZ7fDxGeCnZM9NPUhmq0561rZ8PRIqA52RiBX3KnC7vhJa9PFjro5MHPo48Ypu9wL0RVB7C0RmZ3osycpkpyxEhtxKbIBAhFSEeMaEF%2F1BQw5%2BiCzEgPRP4X89bIAzw2EDpi3ulfCz8hms3FgCvWD6JMXBGKQJt1aE58BlUPY7ZhwLtbK4kOd4wzZjtfRjMqcTIEH7E0l", "https://vtbehaviour.commondatastorage.googleapis.com/3aebd918df444e5261a70a7b9957a04b62899583cca94cb90078ee348988691e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020086&Signature=vMuNzon2yUMc%2F5PXmshAS3lf0MVaReBDP3dcoOo82NLL71xjFa%2F0VIEFo55JjUmKlOHvhj6b0rJp8aIUUpsBDR%2FLZqmeDT44n0TYUkzfcIlLutGzkvs51q5mrJeeemJL6QT8bKwOFyLEXXO4SZPPduUilqL%2B1j79%2BDUni60qslB23F%2FgjYjG0edIuIfW6yq1yjBgsR34RyCGI5Lc8I%2FVLrF4ZjzIswsIHyhorBolKc7rKhoDz6masxaT", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020136&Signature=H%2FVhg6NRizidJvYP4bRaC%2B%2Fuh8%2F0Z5Rd0CKbYgwrqTxA%2B2BloALbxPU70bhu3eDWE1sqvRizm6xer2MkUeNtxL9kjtBPDD7Vpxe6Oq6R6o22ZN5vWg%2BqZnbM3PVA3wfuJwZ1sZaO7gv79Bd4iyuD9687aMdFTrD5BJ%2Fbd2rKn063HRKOwRubgTuKJwxXlPjVI0ocAdDIvmmDac1rsWOYTbcHVCIKUVrpUCmnjpXsSag%2BZTA", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020243&Signature=H1wTQxzrttgLCjJhjhriXYwMDCRB5ydjPUCYh9LS7Sqr42Y7WZzXZe0hC7YLFaTXYy2N3AsSr89gjIRZR80Jda4iLYyDlgohE9qQ3kFeKNZ%2FNp7IQu5FZY%2FpXRI7rsIlJnvlZmpbI006al7O0LQV5CrC797x%2FTp6jmAxmP5TS7NA%2BGfaDL14G7dIIeHtBoHxi7cbP%2Fe3qT1q3LcRk5oN%2FRV8TXEhpggMmbhYUEmK6ATwmwrh", "https://vtbehaviour.commondatastorage.googleapis.com/005fdc2438f1b1e58ea5e4d9c396feea40ad8a4788e90da06ecea60c5a8d79c2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020323&Signature=Mogy01Itx6r1B%2BxNe8ittQgO%2FxZRRAb%2F9lJynhxwSVOzHX7CsWRLBNEGHRp0B9k%2Bg%2FHO2jb5K65QRLLPyqkoA45n8CsH6T5790n7E0fsbYtOvp04eV28khNlOt2b%2Feh0a3nwcC%2BNAmxEHgqzaCfQlHBqBjk2ErpfhlpC5uQJchq%2BBgGeuPcFc8YRy4RCmaBiaTeD2V%2FJD7lssTzQfnZhLNMSLqEISDCN7TYsfL1%2BJREl4wSO7C", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 302, "FileHash-SHA1": 71, "FileHash-SHA256": 78, "IPv4": 206, "URL": 181, "domain": 34, "hostname": 237 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69dbeabe5c5690d468b08e7a", "name": "CAPE Sandbox", "description": "A full report on Google Tag Manager for GA4, available to download on the web at any time, here is the full set of key points and key details for the report: .", "modified": "2026-04-12T18:55:58.319000", "created": "2026-04-12T18:55:58.319000", "tags": [ "default", "typelib", "parent pid", "full path", "command line", "inprocserver32", "accept", "shell folders", "host", "cname", "install", "agent", "shutdown", "win64", "back", "info", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "estonia", "body", "performs dns", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "overview zenbox", "verdict", "phishing", "next", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "urls", "has permission", "united", "sim provider", "may check", "tls version", "persistence", "pe file", "pe32", "intel", "ms windows", "sample", "spawns", "found", "drops pe", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/007b0aa19218de7fe7b47dc785b345e4e09f8c8a133c689dafc778cf793e3ce0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019916&Signature=xU%2B28g7ql0wStAL7V97bG%2Bu0WHtev4OIGz8U3iqDKd%2FVNVlrDQ3vuAEteGPtDDR7qOlLSsItJmNBqGgWLySJ6U0nGICmzJVo0byP8H6%2Fd3HprkIH74LXAL%2FamR8rSKAlS1VWW%2FnGofIVc0zLtQeJdz%2BAMpNC0WX4pzvsIv2uagnjpUxUyVUykArW18%2FIapRYlTQZ0g4MdrwH%2FZ7h%2F0u9jGUM6rAiCBz33EYObn4aNb", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019946&Signature=JcVZlsCApsz0O52G3FOi%2BaimamYfGaduCcu4UnDC9VmXvZgqZ7fDxGeCnZM9NPUhmq0561rZ8PRIqA52RiBX3KnC7vhJa9PFjro5MHPo48Ypu9wL0RVB7C0RmZ3osycpkpyxEhtxKbIBAhFSEeMaEF%2F1BQw5%2BiCzEgPRP4X89bIAzw2EDpi3ulfCz8hms3FgCvWD6JMXBGKQJt1aE58BlUPY7ZhwLtbK4kOd4wzZjtfRjMqcTIEH7E0l", "https://vtbehaviour.commondatastorage.googleapis.com/3aebd918df444e5261a70a7b9957a04b62899583cca94cb90078ee348988691e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020086&Signature=vMuNzon2yUMc%2F5PXmshAS3lf0MVaReBDP3dcoOo82NLL71xjFa%2F0VIEFo55JjUmKlOHvhj6b0rJp8aIUUpsBDR%2FLZqmeDT44n0TYUkzfcIlLutGzkvs51q5mrJeeemJL6QT8bKwOFyLEXXO4SZPPduUilqL%2B1j79%2BDUni60qslB23F%2FgjYjG0edIuIfW6yq1yjBgsR34RyCGI5Lc8I%2FVLrF4ZjzIswsIHyhorBolKc7rKhoDz6masxaT", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020136&Signature=H%2FVhg6NRizidJvYP4bRaC%2B%2Fuh8%2F0Z5Rd0CKbYgwrqTxA%2B2BloALbxPU70bhu3eDWE1sqvRizm6xer2MkUeNtxL9kjtBPDD7Vpxe6Oq6R6o22ZN5vWg%2BqZnbM3PVA3wfuJwZ1sZaO7gv79Bd4iyuD9687aMdFTrD5BJ%2Fbd2rKn063HRKOwRubgTuKJwxXlPjVI0ocAdDIvmmDac1rsWOYTbcHVCIKUVrpUCmnjpXsSag%2BZTA", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020243&Signature=H1wTQxzrttgLCjJhjhriXYwMDCRB5ydjPUCYh9LS7Sqr42Y7WZzXZe0hC7YLFaTXYy2N3AsSr89gjIRZR80Jda4iLYyDlgohE9qQ3kFeKNZ%2FNp7IQu5FZY%2FpXRI7rsIlJnvlZmpbI006al7O0LQV5CrC797x%2FTp6jmAxmP5TS7NA%2BGfaDL14G7dIIeHtBoHxi7cbP%2Fe3qT1q3LcRk5oN%2FRV8TXEhpggMmbhYUEmK6ATwmwrh", "https://vtbehaviour.commondatastorage.googleapis.com/005fdc2438f1b1e58ea5e4d9c396feea40ad8a4788e90da06ecea60c5a8d79c2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020323&Signature=Mogy01Itx6r1B%2BxNe8ittQgO%2FxZRRAb%2F9lJynhxwSVOzHX7CsWRLBNEGHRp0B9k%2Bg%2FHO2jb5K65QRLLPyqkoA45n8CsH6T5790n7E0fsbYtOvp04eV28khNlOt2b%2Feh0a3nwcC%2BNAmxEHgqzaCfQlHBqBjk2ErpfhlpC5uQJchq%2BBgGeuPcFc8YRy4RCmaBiaTeD2V%2FJD7lssTzQfnZhLNMSLqEISDCN7TYsfL1%2BJREl4wSO7C", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 302, "FileHash-SHA1": 71, "FileHash-SHA256": 78, "IPv4": 206, "URL": 181, "domain": 34, "hostname": 237 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69dbeabd47b6e788ecf7fc32", "name": "CAPE Sandbox", "description": "A full report on Google Tag Manager for GA4, available to download on the web at any time, here is the full set of key points and key details for the report: .", "modified": "2026-04-12T18:55:57.872000", "created": "2026-04-12T18:55:57.872000", "tags": [ "default", "typelib", "parent pid", "full path", "command line", "inprocserver32", "accept", "shell folders", "host", "cname", "install", "agent", "shutdown", "win64", "back", "info", "file type", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "estonia", "body", "performs dns", "https", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "overview zenbox", "verdict", "phishing", "next", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "urls", "has permission", "united", "sim provider", "may check", "tls version", "persistence", "pe file", "pe32", "intel", "ms windows", "sample", "spawns", "found", "drops pe", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/007b0aa19218de7fe7b47dc785b345e4e09f8c8a133c689dafc778cf793e3ce0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019916&Signature=xU%2B28g7ql0wStAL7V97bG%2Bu0WHtev4OIGz8U3iqDKd%2FVNVlrDQ3vuAEteGPtDDR7qOlLSsItJmNBqGgWLySJ6U0nGICmzJVo0byP8H6%2Fd3HprkIH74LXAL%2FamR8rSKAlS1VWW%2FnGofIVc0zLtQeJdz%2BAMpNC0WX4pzvsIv2uagnjpUxUyVUykArW18%2FIapRYlTQZ0g4MdrwH%2FZ7h%2F0u9jGUM6rAiCBz33EYObn4aNb", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776019946&Signature=JcVZlsCApsz0O52G3FOi%2BaimamYfGaduCcu4UnDC9VmXvZgqZ7fDxGeCnZM9NPUhmq0561rZ8PRIqA52RiBX3KnC7vhJa9PFjro5MHPo48Ypu9wL0RVB7C0RmZ3osycpkpyxEhtxKbIBAhFSEeMaEF%2F1BQw5%2BiCzEgPRP4X89bIAzw2EDpi3ulfCz8hms3FgCvWD6JMXBGKQJt1aE58BlUPY7ZhwLtbK4kOd4wzZjtfRjMqcTIEH7E0l", "https://vtbehaviour.commondatastorage.googleapis.com/3aebd918df444e5261a70a7b9957a04b62899583cca94cb90078ee348988691e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020086&Signature=vMuNzon2yUMc%2F5PXmshAS3lf0MVaReBDP3dcoOo82NLL71xjFa%2F0VIEFo55JjUmKlOHvhj6b0rJp8aIUUpsBDR%2FLZqmeDT44n0TYUkzfcIlLutGzkvs51q5mrJeeemJL6QT8bKwOFyLEXXO4SZPPduUilqL%2B1j79%2BDUni60qslB23F%2FgjYjG0edIuIfW6yq1yjBgsR34RyCGI5Lc8I%2FVLrF4ZjzIswsIHyhorBolKc7rKhoDz6masxaT", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020136&Signature=H%2FVhg6NRizidJvYP4bRaC%2B%2Fuh8%2F0Z5Rd0CKbYgwrqTxA%2B2BloALbxPU70bhu3eDWE1sqvRizm6xer2MkUeNtxL9kjtBPDD7Vpxe6Oq6R6o22ZN5vWg%2BqZnbM3PVA3wfuJwZ1sZaO7gv79Bd4iyuD9687aMdFTrD5BJ%2Fbd2rKn063HRKOwRubgTuKJwxXlPjVI0ocAdDIvmmDac1rsWOYTbcHVCIKUVrpUCmnjpXsSag%2BZTA", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020243&Signature=H1wTQxzrttgLCjJhjhriXYwMDCRB5ydjPUCYh9LS7Sqr42Y7WZzXZe0hC7YLFaTXYy2N3AsSr89gjIRZR80Jda4iLYyDlgohE9qQ3kFeKNZ%2FNp7IQu5FZY%2FpXRI7rsIlJnvlZmpbI006al7O0LQV5CrC797x%2FTp6jmAxmP5TS7NA%2BGfaDL14G7dIIeHtBoHxi7cbP%2Fe3qT1q3LcRk5oN%2FRV8TXEhpggMmbhYUEmK6ATwmwrh", "https://vtbehaviour.commondatastorage.googleapis.com/005fdc2438f1b1e58ea5e4d9c396feea40ad8a4788e90da06ecea60c5a8d79c2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776020323&Signature=Mogy01Itx6r1B%2BxNe8ittQgO%2FxZRRAb%2F9lJynhxwSVOzHX7CsWRLBNEGHRp0B9k%2Bg%2FHO2jb5K65QRLLPyqkoA45n8CsH6T5790n7E0fsbYtOvp04eV28khNlOt2b%2Feh0a3nwcC%2BNAmxEHgqzaCfQlHBqBjk2ErpfhlpC5uQJchq%2BBgGeuPcFc8YRy4RCmaBiaTeD2V%2FJD7lssTzQfnZhLNMSLqEISDCN7TYsfL1%2BJREl4wSO7C", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 302, "FileHash-SHA1": 71, "FileHash-SHA256": 78, "IPv4": 206, "URL": 181, "domain": 34, "hostname": 237 }, "indicator_count": 1109, "is_author": false, "is_subscribing": null, "subscriber_count": 47, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69db4698d0cd0d278dc7ebac", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T11:31:40.754000", "created": "2026-04-12T07:15:36.900000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69db469af0e341420764ab93", "name": "VirusTotal report\n for base.apk", "description": "A sample of malicious code has been found on an Android phone running on the operating system, and it is believed to have been installed on a device that is currently running in the UK and Ireland.", "modified": "2026-04-12T07:15:38.372000", "created": "2026-04-12T07:15:38.372000", "tags": [ "mitre attack", "network info", "file type", "loads", "has permission", "accesses", "sim provider", "mccmnc", "mobile", "t1430 location", "persistence", "fraud", "cloud", "malicious", "next", "performs dns", "processes extra", "sigma", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "script", "navigation", "doctype html", "public", "w3cdtd html", "transitionalen", "canceled", "title", "head", "body", "span", "refresh", "urls", "https", "united", "may check", "tls version", "xffxf0 xffxf0", "xffxee xffxee", "xffxef xffxef", "xffxeb xffxeb", "px9d", "xe4x84", "fxf8", "x94 x94", "xc1 xc1", "xffxf1 xffxf1", "info", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "text", "json", "in a", "accept", "estonia", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/0000d7e596a5738d6310974ef61ee238316ed03bc97d4cb358617932ad8d1ef2_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977719&Signature=nkKRbhcDpxdw98on7aVclCyF9iaYOrdx7xghDa6jjq48R1HK6lCpP2H%2Fv6rxdPNWs11JoBFgE3MwA1ZYRN8Agx6yaHEpe7UOXVn2H3IXFXu5iRM5sSelXe0sVXAZNiCnIpmLyM8VdDWBLCF6TJhhCNb%2BA7JeJFY4BXuE0JCylFC6IfrK2KyhsCqwoOPL%2BxBN22zBWM88MDh7fIROoVS%2BgBZTK6Ae1KM9I0JmsvqNh%2BZskj06IC", "https://vtbehaviour.commondatastorage.googleapis.com/d45818a5cd5d41133eeb2bb915b70591823526786936d1ff425c82957057a080_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977759&Signature=NBaN%2BKLt4kQxB6lxMAKf0PJGXB22KDgo54085YsLIZeKYr%2FZMbLuFYa65quTdyB8OT20aOMsT%2Bx7n2Nv%2BpBu9tlcAvqR27Q83JBzoWGOiDxS79sdgdFXXcK1fvBAY1%2BjtLvoBhQMAK7BZO3%2BuKbWEabvTF9p9Cwjhp%2FMQXMHRl%2BuPqE6REp29LQImSxPlNb5PmpRdhhhBX877q%2F6YPIpViq1j4uEa5xeFaF%2BLHuli03Gs93pzj", "https://hybrid-analysis.com/sample/4e4fa68c1c4d2cfee133c31432dd303bb5746f7094b5a6832a25e47e6279171c", "https://vtbehaviour.commondatastorage.googleapis.com/00000048b1c9e60c14a6619f0292dea96df7f10c11cfa9ae28693219c0ae844b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775977932&Signature=PwcvGhj2aoTTZWuXQAV%2Fk5iqc79LFl%2F4vKRmiwCg0lEljeWcXw48JPCdvRXB9d8jKJ3YlawrM8K3jVgBiRkawNtXHGkhIZp3kMOBGXmjii0zJ%2B%2BFryjqy3dSwsNCbzYOZqPvS38JrUto12cWGOcLXru%2F%2FaLJkK%2F5LZojEPdv487hPxxjaJl3q6IRjJ7RCeN6j7Rm9uA2EA2m0Di4VgQGK9uqgl04AslRkB8MiwSQ4TaGSHjp", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978086&Signature=WBIzRJW%2FxjBBOf%2F0opd6hlj72t0fu7SbhJLmf%2FDLtoe3li5SgoZEYUg2Ogq0NvkC4WzbpRmzXeV1QmUY%2BooYwl%2BVNRjyw6fZqkbp%2FboMFSfQmgHU%2FQfi99Ch5BqGcNZge1bx9lbHBAP%2BY3QDDA3xzFU9c9aMJAaBlGjFT4TeXALcU00PEYHA95tX7zddbMc5uQhfHfn7fKlyKlmRq25jp6vA4xQImQFJc3s3pQ7WePxp", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978167&Signature=ukCrMHPUqB9sAvA3sCKxfTpKsnpIxfU1vyE1t7AsEZ2JBslXLn0KOjAMFlqSS33UscXS2xVpcOB1wOgX5ZbIlIX0m19OZ79aq1QXdbgZcRdsQ%2B07tzoo82jk6i7wuXsvtA8Lg1oPdLiq15X99Ey1Q4Qu%2F0YpJnHHOQ8zJCsmJIL%2BCV7ZRaam44zjH9hrfu2RFHKg7UN%2F%2BePHS%2FGSY3JiZ4dG10ymuI%2BSbNuvxnx4LIP9iAnFi", "https://vtbehaviour.commondatastorage.googleapis.com/3b145ee102848506dc7551758ee869b43a1753f06fabcbcf9ca574cb7843d60e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978199&Signature=N0Ry%2FbV%2BEAaGir5ToqgdLRpeg4LWS2qRlbG%2BPBgtoRM6IQyD7i%2FhtGHNcbCN9KZuxWP1kCJkqKu4dA%2BNcMjY450Zs5KmCD%2B78YZCte4YHq%2F3f2T0AuO7ero3nBCqlX8fVA62q8eDZQiroHG4hX0gMIaxBXDwUeQa0F%2FQpNa72K2aN4rAajClR%2BuBVPy1fnaokrr7bsvK6JvnhFwrTdLQq6%2Fd%2BulnVIbTCK1oSGXF", "https://vtbehaviour.commondatastorage.googleapis.com/00000722ff984d5cd9cd766d12c70eecc7a2ad7502999c5a99d582c79b92c1a6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775978364&Signature=yFKLOW7cLGxEDj33tw1mRKNjyzUXQUuQpv%2FrA3D2X5q8rw9kMCREsBLs%2F%2FNYRFxARS3RB5Lk4O6CmSWhNnG3A6HL18Gz6MgwskKshWmxISeMPsHS3bV%2F%2FfnGBWAext5N5I8M1E3kyouF%2FSW3NwXOVYP%2FTI%2BQ1I%2FDzIIYwu8Da44roDqJL3wQaxKZjyUAXa6fTXFaFor%2FO9DxLhb3cHkFxY9PbZuvVGjWowadR80d" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 91, "FileHash-SHA1": 86, "FileHash-SHA256": 101, "URL": 271, "domain": 43, "IPv4": 165, "hostname": 306 }, "indicator_count": 1063, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "8 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://api.box.com/2.0/users/me", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://api.box.com/2.0/users/me", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776732679.2083259 }