{ "type": "URL", "indicator": "https://api.browser.yandex.net/q", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://api.browser.yandex.net/q", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #724", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain yandex.net", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain yandex.net", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4347097575, "indicator": "https://api.browser.yandex.net/q", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69fc18d0e4586dfaa5fc8e5e", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:55:20.865000", "created": "2026-05-07T04:45:04.790000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 190, "FileHash-SHA256": 789, "URL": 274, "domain": 95, "IPv4": 161, "hostname": 299, "email": 1 }, "indicator_count": 2231, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc18cd07af71dd4c1048a1", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:50:57.126000", "created": "2026-05-07T04:45:01.264000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 189, "FileHash-SHA256": 789, "URL": 191, "domain": 74, "IPv4": 145, "hostname": 225, "email": 1 }, "indicator_count": 2036, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc18ce74d03deacb8b8455", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:50:56.098000", "created": "2026-05-07T04:45:02.466000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 189, "FileHash-SHA256": 789, "URL": 191, "domain": 74, "IPv4": 145, "hostname": 225, "email": 1 }, "indicator_count": 2036, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc18cf1d3c2127ee8a4c0c", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:50:55.377000", "created": "2026-05-07T04:45:03.716000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 189, "FileHash-SHA256": 789, "URL": 191, "domain": 74, "IPv4": 145, "hostname": 225, "email": 1 }, "indicator_count": 2036, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 2139 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/yandex.net", "whois": "http://whois.domaintools.com/yandex.net", "domain": "yandex.net", "hostname": "api.browser.yandex.net" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69fc18d0e4586dfaa5fc8e5e", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:55:20.865000", "created": "2026-05-07T04:45:04.790000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 190, "FileHash-SHA256": 789, "URL": 274, "domain": 95, "IPv4": 161, "hostname": 299, "email": 1 }, "indicator_count": 2231, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc18cd07af71dd4c1048a1", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:50:57.126000", "created": "2026-05-07T04:45:01.264000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 189, "FileHash-SHA256": 789, "URL": 191, "domain": 74, "IPv4": 145, "hostname": 225, "email": 1 }, "indicator_count": 2036, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc18ce74d03deacb8b8455", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:50:56.098000", "created": "2026-05-07T04:45:02.466000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 189, "FileHash-SHA256": 789, "URL": 191, "domain": 74, "IPv4": 145, "hostname": 225, "email": 1 }, "indicator_count": 2036, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc18cf1d3c2127ee8a4c0c", "name": "VirusTotal report\n for Yandex.exe", "description": "[full report on the Yandex.exe malware, which was found on a Windows 11 operating system in the early hours of the morning, has been published by the University of South Africa.] Client changes iphone browser to Bing yesterday.", "modified": "2026-05-07T04:50:55.377000", "created": "2026-05-07T04:45:03.716000", "tags": [ "pe file", "file type", "https", "sample", "performs dns", "tls version", "creates", "urls", "ms windows", "aslr", "code", "persistence", "defense evasion", "malicious", "next", "getqueryurl412", "update with", "arguments", "info", "service", "verifymodule128", "stopservice815", "watchicufile185", "getqueryurl409", "installertype4", "windows sandbox", "calls process", "default", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "path c", "sha1", "crc32", "win64", "accept", "shutdown", "guard", "powershell", "payload", "back", "bing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128970&Signature=KvxEPuInqFwT1UVxhsUutlnt3Dx3pU%2FZPwCzlabMUZ%2BszI8kfcRbaoWeF5WPYmdf%2FEJWcFuOn%2FHMXzsDaz9mzSs6e%2F31BBO%2Bzn%2Bgsu6PQlevS5%2BPJLSpQQGdvdYxWvjgQtcWfWfdxLulfLOuewCybKwivHDsIS8nxzL4eilUywa96vdRGkU%2BzsWCuRt1DQdteRL%2B4xHM9Iw1lubk48EQZuLZn3%2BHW0WbWmPcpUDlpXmqRt%2", "https://www.virustotal.com/ui/file_behaviours/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_CAPE%20Sandbox/html", "https://vtbehaviour.commondatastorage.googleapis.com/88becfbea4b9c499c5d01f64204d5114ae0112d0853f0b752262cb831e3e30be_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129039&Signature=EvKpA%2FXa5Pim74y4ZyibLmu25RPaoFGwevAkAPfFbDMkvRXR3nSFuc8fVUtVm9cJPOxY5wIDwaEi%2FLJ9U9W0rvqiycITY9SGa7Vzv97CcCn6PTLJjwF2FShIZiE%2F3eg4zoFce1VJm7HNuAOkyhbu2qCGvF9aqduRhC3CpTxYAepP1kC2GZutTpWIjioblhbRHCSZ5Iz0zRjQaPTUea8mrqeQV2nFqz%2BDwKLItcpvI9yz5mZ7", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129141&Signature=CcrEA1ECv4wxj8UIdmJUnDUBSvoB167GojRL%2BfBa0mcSCEUDoTqJbuuDr0RdXoVPApAzwPy4sOskH98XfBt8CdHdW3GrxPCHjBQAPEn0vhKZPDzoZ4ABLKke%2BYz6uYY0gsF1HVfKzP5N%2FE1i5i2ufi5NAQ6HzeQLM3ynBwu6mwjG%2BrafkkgSaMV00ksubUJfq0zNgvrwUMp%2FS5gFLv66%2F%2B912bzg%2F7Qxk7HpJS3uzwjWJZ", "https://vtbehaviour.commondatastorage.googleapis.com/a86b6c59331a4bec79fbbe3b2e5bad589cd60824422d2662488ff6ec7db9cb17_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778129187&Signature=v%2FFdZTv2ZW8gkxMEiHXNqP%2BlysqiATUfJI4Sehiwpl6WMhtq%2BVWfqpe1WfCGvm2J4C1wbISRKhmXGECw7RM0BEKhPwTclqhKJwdtjPMZg%2BKxA5cYmTKM5xgkm0nf1bODU83vDlIhg1ue2cGQhGekvFc0J22ioNQvPNRhwSROTuqvRX9M6cFyV4S2OSwaPzfj24c8GEv%2FyUkWuUsxjSENS5gMNplle9E4Z%2B18BsVsSLO0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 422, "FileHash-SHA1": 189, "FileHash-SHA256": 789, "URL": 191, "domain": 74, "IPv4": 145, "hostname": 225, "email": 1 }, "indicator_count": 2036, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://api.browser.yandex.net/q", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://api.browser.yandex.net/q", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780261763.3612075 }