{ "type": "URL", "indicator": "https://clients2.google.co", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://clients2.google.co", "type": "url", "type_title": "URL", "validation": [ { "source": "whitelist", "message": "Whitelisted domain google.co", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain google.co", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4285630454, "indicator": "https://clients2.google.co", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-04-08T06:33:21.505000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 64, "FileHash-SHA1": 61, "FileHash-SHA256": 274, "IPv4": 337, "domain": 46, "hostname": 388, "URL": 275, "CIDR": 1, "email": 3 }, "indicator_count": 1449, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-04-08T06:26:04.469000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "IPv4": 342, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7, "IPv6": 2 }, "indicator_count": 2048, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d0ac87c6799549809753ce", "name": "VirusTotal report\n for Other-20230212T074754Z-001.zip", "description": "com - is the name of a German domain registered with the United-Domains AG.\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.", "modified": "2026-04-04T06:43:37.685000", "created": "2026-04-04T06:15:35.668000", "tags": [ "date", "server", "registrar abuse", "postal code", "registrant name", "expiration date", "registry domain", "registrar iana", "registrar url", "registrant city", "ascii text", "javascript", "mitre attack", "network info", "dropped info", "file type", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "persistence", "next", "pe file", "text format", "ansi", "ms windows", "zip archive", "found", "crlf line", "windows start", "default", "delphi", "code", "malicious", "windows sandbox", "calls clear", "ascii", "java source", "web open", "font format", "truetype", "version", "python", "cape sandbox", "machine summary", "report time", "machine name", "analysis id", "machine label", "duration", "machine manager", "kvm os", "shutdown", "https", "shpk", "performs dns", "t1055 process", "layer protocol", "overview", "title", "phishing", "loader", "script", "meta", "albania", "structured data", "artan lenja", "street", "building", "tiran", "body", "icloud", "free", "apple", "link", "style", "doctype html", "timestamp", "sectigo", "official", "disney", "walt disney", "countryus", "center", "head", "forbidden", "creates", "command", "clear filters", "sigma", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG", "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com", "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM", "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky", "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD", "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA", "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 204, "email": 2, "hostname": 470, "URL": 746, "FileHash-SHA256": 827, "FileHash-MD5": 19, "FileHash-SHA1": 17, "IPv4": 187 }, "indicator_count": 2472, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d0ac884cb646fac0b8d3d4", "name": "VirusTotal report\n for Other-20230212T074754Z-001.zip", "description": "com - is the name of a German domain registered with the United-Domains AG.\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.", "modified": "2026-04-04T06:43:36.558000", "created": "2026-04-04T06:15:36.916000", "tags": [ "date", "server", "registrar abuse", "postal code", "registrant name", "expiration date", "registry domain", "registrar iana", "registrar url", "registrant city", "ascii text", "javascript", "mitre attack", "network info", "dropped info", "file type", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "persistence", "next", "pe file", "text format", "ansi", "ms windows", "zip archive", "found", "crlf line", "windows start", "default", "delphi", "code", "malicious", "windows sandbox", "calls clear", "ascii", "java source", "web open", "font format", "truetype", "version", "python", "cape sandbox", "machine summary", "report time", "machine name", "analysis id", "machine label", "duration", "machine manager", "kvm os", "shutdown", "https", "shpk", "performs dns", "t1055 process", "layer protocol", "overview", "title", "phishing", "loader", "script", "meta", "albania", "structured data", "artan lenja", "street", "building", "tiran", "body", "icloud", "free", "apple", "link", "style", "doctype html", "timestamp", "sectigo", "official", "disney", "walt disney", "countryus", "center", "head", "forbidden", "creates", "command", "clear filters", "sigma", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG", "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com", "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM", "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky", "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD", "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA", "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 359, "email": 2, "hostname": 664, "URL": 794, "FileHash-SHA256": 827, "FileHash-MD5": 21, "FileHash-SHA1": 17, "IPv4": 187 }, "indicator_count": 2871, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd2453535ddbc214f9f14e", "name": "VirusTotal report\n for document.html", "description": "A security alert has been issued over the weekend, with links to the linkedin.com website being linked to a security breach dating back to 1970. and the first of its kind in the UK.", "modified": "2026-04-01T14:00:58.107000", "created": "2026-04-01T13:57:39.026000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next", "time", "request header", "host", "windows nt", "win64", "khtml", "gecko", "acceptencoding", "accept", "response header", "path" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775051777&Signature=GZlu6DPN6v98tQo25y0w35JRTEJsBkTkPLCQXMwbY176auYdg37%2BQIH9jW5Wh4nYP8f6x5qDbT8ZRIrB%2F96cNxUefW8t5sDbBJCeNdsv9V8E4wYdpc7CBgWCor2MyxnMXcxHpOmCSm6wJbTfHBXSyUc4wjlxVdCTO1HagMSjZd3NdM4v03ffHl6LHo7%2F489GG%2F0zDmAfW0%2FiRbo%2BvTafEPW%2F6U23SdWnNFliaiQc9322wEBIipDEgFtt", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_SecneurX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775051972&Signature=yYtfMjbzEmeyxRDO6eroUm%2FGh1NSAK3rD42UZEkTrX5h37NifJZ2K0WMJrux%2BcsrnR2Q5bIMs0HvMko%2BkDcC%2FsC4aXHIwkfRwv%2B7sXalRONuRPyS04YJ7NLS7LOp9%2FJ%2B%2Fwr0pR6MJ%2BKk96cKBP8wRR%2FwG%2Bl8Vf8YWHaP5QmY9c2Xz%2FlCc886XMqqgIGd84UaXsgrCTJ%2B18x90esVg0VGP94wCuOZOztw%2FyPeWTLW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 5, "FileHash-SHA256": 23, "IPv4": 35, "URL": 54, "hostname": 20, "domain": 13 }, "indicator_count": 164, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca2e8e0f640c7e322bb2e7", "name": "VirusTotal report\n for document.html", "description": "A full list of details about the X-MSEdge, or \"X-MS\" as it is more commonly known, following the release of an unauthorised version of the software.", "modified": "2026-03-30T08:04:30.953000", "created": "2026-03-30T08:04:30.953000", "tags": [ "ref b", "gmt xmsversion", "gmt xccc", "by1edge0406 ref", "wed mar", "pst contenttype", "wstedge0207 ref", "fri mar", "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774858040&Signature=hG6Y1tljsPDs7D5y1rIFJaLyHYZogB0OI27tbdVtNBiWLF2aDkCX8f93POBzZ%2FIi55TCmkwKaZHqxgp6Tzi52MitxupPQjjg1Ic0mtrpy2X0kfjM9MSTcl7HU4V2vYM7x%2Fm1uYUGJ2A%2F8DnrPbS2TN0eWVmCj6BK%2BwkS6zzJv88QDC22Ttzau6kp07SdD0k01HfVLDtSiEvX8mhUcPj9CcmyDj84GNaX2d0h1%2FKLbhATOYMfd%2Fk9jaG%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 2, "FileHash-SHA256": 27, "IPv4": 4, "URL": 4, "hostname": 5, "domain": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca2c8d7c15bbf801f131a8", "name": "VirusTotal report\n for document.html", "description": "Unnacceptable. Temporary Name Shifting", "modified": "2026-03-30T07:55:57.125000", "created": "2026-03-30T07:55:57.125000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774857587&Signature=CoWkkopAoYhXLAbjIsT03x%2FN14CV1m0Xwv5G4q2CITxSbRqIu8pcwygWva11d%2FJy1K2Jd6%2Bjq8Kyhmti3bp%2BnmF%2FZXcCgKp4uiWUBuQ8RBreNkrsKYkuKLup0pCZcDv36%2B24mnbaorDBw9Yf7QH8qwdVzqMJmcLDo80gY66qBrvjjUhPtAkuG1v3fP99JJrh4g8eVGSIkAqhXr%2FDL6PXL1Z4RMXjn8pcLCwBUX1vte%2FjgFYsjdEhyz" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca0f15d9509a962aab0687", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-03-30T05:50:13.576000", "created": "2026-03-30T05:50:13.576000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774849955&Signature=EQa43KZSKEXz1x76oGV4sTel%2F0se%2B8StmMU5OFObLpGAb7sVMy%2B12JPLrCVdI20iycwk3v0GJigTThy6x5w4FPc%2BcoMATyWiYIcLgy5%2FkEviCctqhGwTIaPw%2Fk9Tw2mWoGCdyaTpvZr1iQpBuKLnOjHZ%2Fql90t0iIyQH5KPMk%2B%2FI4ypRJ%2FFUkW0okqvhBdLQvziYOUlNOVkTn%2BpqJqJ2QgaPytZLOjfADA9C5kD8x%2BLdRK" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca0f150f4ca2fba81ea15c", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-03-30T05:50:13.044000", "created": "2026-03-30T05:50:13.044000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774849955&Signature=EQa43KZSKEXz1x76oGV4sTel%2F0se%2B8StmMU5OFObLpGAb7sVMy%2B12JPLrCVdI20iycwk3v0GJigTThy6x5w4FPc%2BcoMATyWiYIcLgy5%2FkEviCctqhGwTIaPw%2Fk9Tw2mWoGCdyaTpvZr1iQpBuKLnOjHZ%2Fql90t0iIyQH5KPMk%2B%2FI4ypRJ%2FFUkW0okqvhBdLQvziYOUlNOVkTn%2BpqJqJ2QgaPytZLOjfADA9C5kD8x%2BLdRK" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca0f140825fa11618163b6", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-03-30T05:50:12.916000", "created": "2026-03-30T05:50:12.916000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774849955&Signature=EQa43KZSKEXz1x76oGV4sTel%2F0se%2B8StmMU5OFObLpGAb7sVMy%2B12JPLrCVdI20iycwk3v0GJigTThy6x5w4FPc%2BcoMATyWiYIcLgy5%2FkEviCctqhGwTIaPw%2Fk9Tw2mWoGCdyaTpvZr1iQpBuKLnOjHZ%2Fql90t0iIyQH5KPMk%2B%2FI4ypRJ%2FFUkW0okqvhBdLQvziYOUlNOVkTn%2BpqJqJ2QgaPytZLOjfADA9C5kD8x%2BLdRK" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774857587&Signature=CoWkkopAoYhXLAbjIsT03x%2FN14CV1m0Xwv5G4q2CITxSbRqIu8pcwygWva11d%2FJy1K2Jd6%2Bjq8Kyhmti3bp%2BnmF%2FZXcCgKp4uiWUBuQ8RBreNkrsKYkuKLup0pCZcDv36%2B24mnbaorDBw9Yf7QH8qwdVzqMJmcLDo80gY66qBrvjjUhPtAkuG1v3fP99JJrh4g8eVGSIkAqhXr%2FDL6PXL1Z4RMXjn8pcLCwBUX1vte%2FjgFYsjdEhyz", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774858040&Signature=hG6Y1tljsPDs7D5y1rIFJaLyHYZogB0OI27tbdVtNBiWLF2aDkCX8f93POBzZ%2FIi55TCmkwKaZHqxgp6Tzi52MitxupPQjjg1Ic0mtrpy2X0kfjM9MSTcl7HU4V2vYM7x%2Fm1uYUGJ2A%2F8DnrPbS2TN0eWVmCj6BK%2BwkS6zzJv88QDC22Ttzau6kp07SdD0k01HfVLDtSiEvX8mhUcPj9CcmyDj84GNaX2d0h1%2FKLbhATOYMfd%2Fk9jaG%2B", "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_SecneurX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775051972&Signature=yYtfMjbzEmeyxRDO6eroUm%2FGh1NSAK3rD42UZEkTrX5h37NifJZ2K0WMJrux%2BcsrnR2Q5bIMs0HvMko%2BkDcC%2FsC4aXHIwkfRwv%2B7sXalRONuRPyS04YJ7NLS7LOp9%2FJ%2B%2Fwr0pR6MJ%2BKk96cKBP8wRR%2FwG%2Bl8Vf8YWHaP5QmY9c2Xz%2FlCc886XMqqgIGd84UaXsgrCTJ%2B18x90esVg0VGP94wCuOZOztw%2FyPeWTLW", "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD", "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774849955&Signature=EQa43KZSKEXz1x76oGV4sTel%2F0se%2B8StmMU5OFObLpGAb7sVMy%2B12JPLrCVdI20iycwk3v0GJigTThy6x5w4FPc%2BcoMATyWiYIcLgy5%2FkEviCctqhGwTIaPw%2Fk9Tw2mWoGCdyaTpvZr1iQpBuKLnOjHZ%2Fql90t0iIyQH5KPMk%2B%2FI4ypRJ%2FFUkW0okqvhBdLQvziYOUlNOVkTn%2BpqJqJ2QgaPytZLOjfADA9C5kD8x%2BLdRK", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775051777&Signature=GZlu6DPN6v98tQo25y0w35JRTEJsBkTkPLCQXMwbY176auYdg37%2BQIH9jW5Wh4nYP8f6x5qDbT8ZRIrB%2F96cNxUefW8t5sDbBJCeNdsv9V8E4wYdpc7CBgWCor2MyxnMXcxHpOmCSm6wJbTfHBXSyUc4wjlxVdCTO1HagMSjZd3NdM4v03ffHl6LHo7%2F489GG%2F0zDmAfW0%2FiRbo%2BvTafEPW%2F6U23SdWnNFliaiQc9322wEBIipDEgFtt", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 4711 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/google.co", "whois": "http://whois.domaintools.com/google.co", "domain": "google.co", "hostname": "clients2.google.co" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-04-08T06:33:21.505000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 64, "FileHash-SHA1": 61, "FileHash-SHA256": 274, "IPv4": 337, "domain": 46, "hostname": 388, "URL": 275, "CIDR": 1, "email": 3 }, "indicator_count": 1449, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-04-08T06:26:04.469000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "IPv4": 342, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7, "IPv6": 2 }, "indicator_count": 2048, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d0ac87c6799549809753ce", "name": "VirusTotal report\n for Other-20230212T074754Z-001.zip", "description": "com - is the name of a German domain registered with the United-Domains AG.\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.", "modified": "2026-04-04T06:43:37.685000", "created": "2026-04-04T06:15:35.668000", "tags": [ "date", "server", "registrar abuse", "postal code", "registrant name", "expiration date", "registry domain", "registrar iana", "registrar url", "registrant city", "ascii text", "javascript", "mitre attack", "network info", "dropped info", "file type", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "persistence", "next", "pe file", "text format", "ansi", "ms windows", "zip archive", "found", "crlf line", "windows start", "default", "delphi", "code", "malicious", "windows sandbox", "calls clear", "ascii", "java source", "web open", "font format", "truetype", "version", "python", "cape sandbox", "machine summary", "report time", "machine name", "analysis id", "machine label", "duration", "machine manager", "kvm os", "shutdown", "https", "shpk", "performs dns", "t1055 process", "layer protocol", "overview", "title", "phishing", "loader", "script", "meta", "albania", "structured data", "artan lenja", "street", "building", "tiran", "body", "icloud", "free", "apple", "link", "style", "doctype html", "timestamp", "sectigo", "official", "disney", "walt disney", "countryus", "center", "head", "forbidden", "creates", "command", "clear filters", "sigma", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG", "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com", "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM", "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky", "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD", "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA", "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 204, "email": 2, "hostname": 470, "URL": 746, "FileHash-SHA256": 827, "FileHash-MD5": 19, "FileHash-SHA1": 17, "IPv4": 187 }, "indicator_count": 2472, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d0ac884cb646fac0b8d3d4", "name": "VirusTotal report\n for Other-20230212T074754Z-001.zip", "description": "com - is the name of a German domain registered with the United-Domains AG.\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.", "modified": "2026-04-04T06:43:36.558000", "created": "2026-04-04T06:15:36.916000", "tags": [ "date", "server", "registrar abuse", "postal code", "registrant name", "expiration date", "registry domain", "registrar iana", "registrar url", "registrant city", "ascii text", "javascript", "mitre attack", "network info", "dropped info", "file type", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "persistence", "next", "pe file", "text format", "ansi", "ms windows", "zip archive", "found", "crlf line", "windows start", "default", "delphi", "code", "malicious", "windows sandbox", "calls clear", "ascii", "java source", "web open", "font format", "truetype", "version", "python", "cape sandbox", "machine summary", "report time", "machine name", "analysis id", "machine label", "duration", "machine manager", "kvm os", "shutdown", "https", "shpk", "performs dns", "t1055 process", "layer protocol", "overview", "title", "phishing", "loader", "script", "meta", "albania", "structured data", "artan lenja", "street", "building", "tiran", "body", "icloud", "free", "apple", "link", "style", "doctype html", "timestamp", "sectigo", "official", "disney", "walt disney", "countryus", "center", "head", "forbidden", "creates", "command", "clear filters", "sigma", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V", "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ", "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F", "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG", "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com", "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM", "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky", "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD", "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA", "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 359, "email": 2, "hostname": 664, "URL": 794, "FileHash-SHA256": 827, "FileHash-MD5": 21, "FileHash-SHA1": 17, "IPv4": 187 }, "indicator_count": 2871, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cd2453535ddbc214f9f14e", "name": "VirusTotal report\n for document.html", "description": "A security alert has been issued over the weekend, with links to the linkedin.com website being linked to a security breach dating back to 1970. and the first of its kind in the UK.", "modified": "2026-04-01T14:00:58.107000", "created": "2026-04-01T13:57:39.026000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next", "time", "request header", "host", "windows nt", "win64", "khtml", "gecko", "acceptencoding", "accept", "response header", "path" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775051777&Signature=GZlu6DPN6v98tQo25y0w35JRTEJsBkTkPLCQXMwbY176auYdg37%2BQIH9jW5Wh4nYP8f6x5qDbT8ZRIrB%2F96cNxUefW8t5sDbBJCeNdsv9V8E4wYdpc7CBgWCor2MyxnMXcxHpOmCSm6wJbTfHBXSyUc4wjlxVdCTO1HagMSjZd3NdM4v03ffHl6LHo7%2F489GG%2F0zDmAfW0%2FiRbo%2BvTafEPW%2F6U23SdWnNFliaiQc9322wEBIipDEgFtt", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_SecneurX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775051972&Signature=yYtfMjbzEmeyxRDO6eroUm%2FGh1NSAK3rD42UZEkTrX5h37NifJZ2K0WMJrux%2BcsrnR2Q5bIMs0HvMko%2BkDcC%2FsC4aXHIwkfRwv%2B7sXalRONuRPyS04YJ7NLS7LOp9%2FJ%2B%2Fwr0pR6MJ%2BKk96cKBP8wRR%2FwG%2Bl8Vf8YWHaP5QmY9c2Xz%2FlCc886XMqqgIGd84UaXsgrCTJ%2B18x90esVg0VGP94wCuOZOztw%2FyPeWTLW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 14, "FileHash-SHA1": 5, "FileHash-SHA256": 23, "IPv4": 35, "URL": 54, "hostname": 20, "domain": 13 }, "indicator_count": 164, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "18 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca2e8e0f640c7e322bb2e7", "name": "VirusTotal report\n for document.html", "description": "A full list of details about the X-MSEdge, or \"X-MS\" as it is more commonly known, following the release of an unauthorised version of the software.", "modified": "2026-03-30T08:04:30.953000", "created": "2026-03-30T08:04:30.953000", "tags": [ "ref b", "gmt xmsversion", "gmt xccc", "by1edge0406 ref", "wed mar", "pst contenttype", "wstedge0207 ref", "fri mar", "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774858040&Signature=hG6Y1tljsPDs7D5y1rIFJaLyHYZogB0OI27tbdVtNBiWLF2aDkCX8f93POBzZ%2FIi55TCmkwKaZHqxgp6Tzi52MitxupPQjjg1Ic0mtrpy2X0kfjM9MSTcl7HU4V2vYM7x%2Fm1uYUGJ2A%2F8DnrPbS2TN0eWVmCj6BK%2BwkS6zzJv88QDC22Ttzau6kp07SdD0k01HfVLDtSiEvX8mhUcPj9CcmyDj84GNaX2d0h1%2FKLbhATOYMfd%2Fk9jaG%2B" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 4, "FileHash-SHA1": 2, "FileHash-SHA256": 27, "IPv4": 4, "URL": 4, "hostname": 5, "domain": 1 }, "indicator_count": 47, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca2c8d7c15bbf801f131a8", "name": "VirusTotal report\n for document.html", "description": "Unnacceptable. Temporary Name Shifting", "modified": "2026-03-30T07:55:57.125000", "created": "2026-03-30T07:55:57.125000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774857587&Signature=CoWkkopAoYhXLAbjIsT03x%2FN14CV1m0Xwv5G4q2CITxSbRqIu8pcwygWva11d%2FJy1K2Jd6%2Bjq8Kyhmti3bp%2BnmF%2FZXcCgKp4uiWUBuQ8RBreNkrsKYkuKLup0pCZcDv36%2B24mnbaorDBw9Yf7QH8qwdVzqMJmcLDo80gY66qBrvjjUhPtAkuG1v3fP99JJrh4g8eVGSIkAqhXr%2FDL6PXL1Z4RMXjn8pcLCwBUX1vte%2FjgFYsjdEhyz" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca0f15d9509a962aab0687", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-03-30T05:50:13.576000", "created": "2026-03-30T05:50:13.576000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774849955&Signature=EQa43KZSKEXz1x76oGV4sTel%2F0se%2B8StmMU5OFObLpGAb7sVMy%2B12JPLrCVdI20iycwk3v0GJigTThy6x5w4FPc%2BcoMATyWiYIcLgy5%2FkEviCctqhGwTIaPw%2Fk9Tw2mWoGCdyaTpvZr1iQpBuKLnOjHZ%2Fql90t0iIyQH5KPMk%2B%2FI4ypRJ%2FFUkW0okqvhBdLQvziYOUlNOVkTn%2BpqJqJ2QgaPytZLOjfADA9C5kD8x%2BLdRK" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca0f150f4ca2fba81ea15c", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-03-30T05:50:13.044000", "created": "2026-03-30T05:50:13.044000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774849955&Signature=EQa43KZSKEXz1x76oGV4sTel%2F0se%2B8StmMU5OFObLpGAb7sVMy%2B12JPLrCVdI20iycwk3v0GJigTThy6x5w4FPc%2BcoMATyWiYIcLgy5%2FkEviCctqhGwTIaPw%2Fk9Tw2mWoGCdyaTpvZr1iQpBuKLnOjHZ%2Fql90t0iIyQH5KPMk%2B%2FI4ypRJ%2FFUkW0okqvhBdLQvziYOUlNOVkTn%2BpqJqJ2QgaPytZLOjfADA9C5kD8x%2BLdRK" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ca0f140825fa11618163b6", "name": "VirusTotal report\n for document.html", "description": "", "modified": "2026-03-30T05:50:12.916000", "created": "2026-03-30T05:50:12.916000", "tags": [ "file type", "spawns", "https", "urls", "mitre attack", "network info", "malicious", "ascii text", "creates", "found", "phishing", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774849955&Signature=EQa43KZSKEXz1x76oGV4sTel%2F0se%2B8StmMU5OFObLpGAb7sVMy%2B12JPLrCVdI20iycwk3v0GJigTThy6x5w4FPc%2BcoMATyWiYIcLgy5%2FkEviCctqhGwTIaPw%2Fk9Tw2mWoGCdyaTpvZr1iQpBuKLnOjHZ%2Fql90t0iIyQH5KPMk%2B%2FI4ypRJ%2FFUkW0okqvhBdLQvziYOUlNOVkTn%2BpqJqJ2QgaPytZLOjfADA9C5kD8x%2BLdRK" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 4, "IPv4": 4, "URL": 3, "hostname": 5 }, "indicator_count": 18, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://clients2.google.co", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://clients2.google.co", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776630259.4183285 }