{ "type": "URL", "indicator": "https://crbug.com/12966352", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://crbug.com/12966352", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4291820933, "indicator": "https://crbug.com/12966352", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "69cefd4604a91bf7ca712de4", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "Researchers have identified the source of a malware that has infected more than 100,000 computers in the past month and is believed to have been linked to a network known as the \"Pulses\".", "modified": "2026-04-03T00:09:14.952000", "created": "2026-04-02T23:35:34.946000", "tags": [ "filehash", "pulse pulses", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "malicious ids", "query", "united", "as4249", "location united", "america flag", "america asn", "dns resolutions", "domain", "pulses", "related tags", "indicator facts", "creation date", "name servers", "ddos mitigation", "expiration date", "ip address", "asn as4249", "whois registrar", "rethem hosting", "date", "name", "billing city", "billing country", "billing email", "billing state", "create date", "expiry date", "query time", "available from", "code", "registry tech", "server", "registrar abuse", "email", "admin country", "registry domain", "registrar iana", "thumbprint", "ipv4", "active related", "pulses ipv4", "unknown" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 25, "FileHash-SHA256": 769, "IPv4": 25, "domain": 116, "hostname": 248, "URL": 351, "email": 4, "CVE": 1 }, "indicator_count": 1558, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cefd455bb5b78f3a3644bd", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "Researchers have identified the source of a malware that has infected more than 100,000 computers in the past month and is believed to have been linked to a network known as the \"Pulses\".", "modified": "2026-04-03T00:08:47.559000", "created": "2026-04-02T23:35:33.326000", "tags": [ "filehash", "pulse pulses", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "malicious ids", "query", "united", "as4249", "location united", "america flag", "america asn", "dns resolutions", "domain", "pulses", "related tags", "indicator facts", "creation date", "name servers", "ddos mitigation", "expiration date", "ip address", "asn as4249", "whois registrar", "rethem hosting", "date", "name", "billing city", "billing country", "billing email", "billing state", "create date", "expiry date", "query time", "available from", "code", "registry tech", "server", "registrar abuse", "email", "admin country", "registry domain", "registrar iana", "thumbprint", "ipv4", "active related", "pulses ipv4", "unknown" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 25, "FileHash-SHA256": 769, "IPv4": 25, "domain": 116, "hostname": 248, "URL": 351, "email": 4, "CVE": 1 }, "indicator_count": 1558, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec51dc2c14c906bce0b67", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.", "modified": "2026-04-02T19:35:57.899000", "created": "2026-04-02T19:35:57.899000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "png image", "ascii text", "json", "united", "malicious", "code", "persistence", "phishing", "next", "10px", "ad code", "please", "antiddos", "firewall", "helvetica", "noscript", "request", "doctype html", "ieedge", "title", "body", "span", "android", "gmt p3p", "idc dsp", "cor adm", "devi taii", "psa psd", "ivai ivdi", "coni his", "our ind", "data", "contenttype", "performs dns", "https", "mitre attack", "network info", "processes extra", "html page", "t1055 process", "layer protocol", "overview", "overview zenbox" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 281, "URL": 91, "FileHash-MD5": 9, "FileHash-SHA1": 8, "IPv4": 40, "domain": 8, "hostname": 102 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec51dd4caf951207fb1a8", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.", "modified": "2026-04-02T19:35:57.845000", "created": "2026-04-02T19:35:57.845000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "png image", "ascii text", "json", "united", "malicious", "code", "persistence", "phishing", "next", "10px", "ad code", "please", "antiddos", "firewall", "helvetica", "noscript", "request", "doctype html", "ieedge", "title", "body", "span", "android", "gmt p3p", "idc dsp", "cor adm", "devi taii", "psa psd", "ivai ivdi", "coni his", "our ind", "data", "contenttype", "performs dns", "https", "mitre attack", "network info", "processes extra", "html page", "t1055 process", "layer protocol", "overview", "overview zenbox" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 281, "URL": 91, "FileHash-MD5": 9, "FileHash-SHA1": 8, "IPv4": 40, "domain": 8, "hostname": 102 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec51c08c81128a8e46bd9", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.", "modified": "2026-04-02T19:35:56.216000", "created": "2026-04-02T19:35:56.216000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "png image", "ascii text", "json", "united", "malicious", "code", "persistence", "phishing", "next", "10px", "ad code", "please", "antiddos", "firewall", "helvetica", "noscript", "request", "doctype html", "ieedge", "title", "body", "span", "android", "gmt p3p", "idc dsp", "cor adm", "devi taii", "psa psd", "ivai ivdi", "coni his", "our ind", "data", "contenttype", "performs dns", "https", "mitre attack", "network info", "processes extra", "html page", "t1055 process", "layer protocol", "overview", "overview zenbox" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 281, "URL": 91, "FileHash-MD5": 9, "FileHash-SHA1": 8, "IPv4": 40, "domain": 8, "hostname": 102 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec10621c1502a529923bb", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:30.126000", "created": "2026-04-02T19:18:30.126000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec0fd4e0b04227b505a5f", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:21.797000", "created": "2026-04-02T19:18:21.797000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 3082 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/crbug.com", "whois": "http://whois.domaintools.com/crbug.com", "domain": "crbug.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "69cefd4604a91bf7ca712de4", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "Researchers have identified the source of a malware that has infected more than 100,000 computers in the past month and is believed to have been linked to a network known as the \"Pulses\".", "modified": "2026-04-03T00:09:14.952000", "created": "2026-04-02T23:35:34.946000", "tags": [ "filehash", "pulse pulses", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "malicious ids", "query", "united", "as4249", "location united", "america flag", "america asn", "dns resolutions", "domain", "pulses", "related tags", "indicator facts", "creation date", "name servers", "ddos mitigation", "expiration date", "ip address", "asn as4249", "whois registrar", "rethem hosting", "date", "name", "billing city", "billing country", "billing email", "billing state", "create date", "expiry date", "query time", "available from", "code", "registry tech", "server", "registrar abuse", "email", "admin country", "registry domain", "registrar iana", "thumbprint", "ipv4", "active related", "pulses ipv4", "unknown" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 25, "FileHash-SHA256": 769, "IPv4": 25, "domain": 116, "hostname": 248, "URL": 351, "email": 4, "CVE": 1 }, "indicator_count": 1558, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cefd455bb5b78f3a3644bd", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "Researchers have identified the source of a malware that has infected more than 100,000 computers in the past month and is believed to have been linked to a network known as the \"Pulses\".", "modified": "2026-04-03T00:08:47.559000", "created": "2026-04-02T23:35:33.326000", "tags": [ "filehash", "pulse pulses", "av detections", "ids detections", "yara detections", "alerts", "analysis date", "file score", "malicious ids", "query", "united", "as4249", "location united", "america flag", "america asn", "dns resolutions", "domain", "pulses", "related tags", "indicator facts", "creation date", "name servers", "ddos mitigation", "expiration date", "ip address", "asn as4249", "whois registrar", "rethem hosting", "date", "name", "billing city", "billing country", "billing email", "billing state", "create date", "expiry date", "query time", "available from", "code", "registry tech", "server", "registrar abuse", "email", "admin country", "registry domain", "registrar iana", "thumbprint", "ipv4", "active related", "pulses ipv4", "unknown" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 19, "FileHash-SHA1": 25, "FileHash-SHA256": 769, "IPv4": 25, "domain": 116, "hostname": 248, "URL": 351, "email": 4, "CVE": 1 }, "indicator_count": 1558, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec51dc2c14c906bce0b67", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.", "modified": "2026-04-02T19:35:57.899000", "created": "2026-04-02T19:35:57.899000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "png image", "ascii text", "json", "united", "malicious", "code", "persistence", "phishing", "next", "10px", "ad code", "please", "antiddos", "firewall", "helvetica", "noscript", "request", "doctype html", "ieedge", "title", "body", "span", "android", "gmt p3p", "idc dsp", "cor adm", "devi taii", "psa psd", "ivai ivdi", "coni his", "our ind", "data", "contenttype", "performs dns", "https", "mitre attack", "network info", "processes extra", "html page", "t1055 process", "layer protocol", "overview", "overview zenbox" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 281, "URL": 91, "FileHash-MD5": 9, "FileHash-SHA1": 8, "IPv4": 40, "domain": 8, "hostname": 102 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec51dd4caf951207fb1a8", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.", "modified": "2026-04-02T19:35:57.845000", "created": "2026-04-02T19:35:57.845000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "png image", "ascii text", "json", "united", "malicious", "code", "persistence", "phishing", "next", "10px", "ad code", "please", "antiddos", "firewall", "helvetica", "noscript", "request", "doctype html", "ieedge", "title", "body", "span", "android", "gmt p3p", "idc dsp", "cor adm", "devi taii", "psa psd", "ivai ivdi", "coni his", "our ind", "data", "contenttype", "performs dns", "https", "mitre attack", "network info", "processes extra", "html page", "t1055 process", "layer protocol", "overview", "overview zenbox" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 281, "URL": 91, "FileHash-MD5": 9, "FileHash-SHA1": 8, "IPv4": 40, "domain": 8, "hostname": 102 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec51c08c81128a8e46bd9", "name": "VirusTotal report\n for ul Business Intelligence. Moving Beyond the Obvious 2007.pdf", "description": "The full text of this page, which contains the following text, has been published on the website of Civicplus.com, the social networking site, for the first time since its launch in 2008.", "modified": "2026-04-02T19:35:56.216000", "created": "2026-04-02T19:35:56.216000", "tags": [ "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "png image", "ascii text", "json", "united", "malicious", "code", "persistence", "phishing", "next", "10px", "ad code", "please", "antiddos", "firewall", "helvetica", "noscript", "request", "doctype html", "ieedge", "title", "body", "span", "android", "gmt p3p", "idc dsp", "cor adm", "devi taii", "psa psd", "ivai ivdi", "coni his", "our ind", "data", "contenttype", "performs dns", "https", "mitre attack", "network info", "processes extra", "html page", "t1055 process", "layer protocol", "overview", "overview zenbox" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158226&Signature=3QddteTdwd75BU6tgEH4xfsAlwIG9pwNTU%2B8HvPznGKaEJfuEtDcpYQyXWaSVlGW29PwL%2Fps1Qfqzxq9FuYI6MpYw3Bx7KqBKoEqzG%2BfIDblZaHtF%2Bq57ipRLnJbyvLR8w%2B1bXr7vwOsQlnBMQPRzC9hK4UR1xQRt%2BFkGma5x53fb1ICCz4wT7DcsKUsrwBYrNpWD3InFukyHR38M91oretTmUAb2PGAKNugUwaY22shu94UubqcBJGvmX", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158347&Signature=sEbgpIc1%2BiCg1xj63drTjLA1epwJeKE9CT6C%2FnPtDvvNsLwbXXgIXmkAt2dKfK5cqb2MQ6rWSIcBDnierzZWQvJ%2F%2BpnBcvgW3mwnRqcrPKCIDaXkVSOfCziQhhgU%2F0YIEehdmBIxg%2BcMlXk6Ub0B3YYdlFlz4c%2Ft13IcN1R6g1%2FPy4zGIhnQQvcGI78vhrb0VqY48%2BeoY5%2FROErUXojoI%2Bi8IP%2FrmkiUEspZnd", "https://vtbehaviour.commondatastorage.googleapis.com/9ca5c168d3a3b77403a468a247b08f3987c9baee621bc93a1330d4343d5167e6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775158717&Signature=0%2FgP6zQY0JvD44dS9aqwH0bqe9ln9c3valuyOk8IADGwNXhOIDcXq6ivyb5hcITWzdHmiMnds3LC6HH6Dw9JXfM47tiL9OKF%2BbTQPz9B8Fr2JanaTSCRjOV2H%2FXW1wZjSdhhcSQyWhw97q4rqKyI%2F1VEbewxt2wrLP0TazgfCoHOCU2Qh08l7nSN%2F1idGUl5yUkmlHE60kQxe%2BHjcktoYejJf6exwwI9QED8MFrrm%2BGEwdmILRQtAbLe" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 281, "URL": 91, "FileHash-MD5": 9, "FileHash-SHA1": 8, "IPv4": 40, "domain": 8, "hostname": 102 }, "indicator_count": 539, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec10621c1502a529923bb", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:30.126000", "created": "2026-04-02T19:18:30.126000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69cec0fd4e0b04227b505a5f", "name": "VirusTotal report\n for AccountingAll-in-OneForDummiesPDFDrive.pdf", "description": "Researchers at Researchgate.com have published their findings in a series of articles on the subject of cyber-security, security and privacy. and the use of OTX, also known as \"Pulses\".> A little bird finch and its fingerprint.", "modified": "2026-04-02T19:18:21.797000", "created": "2026-04-02T19:18:21.797000", "tags": [ "united", "as14061", "present apr", "script urls", "as13335", "as13768 aptum", "singapore", "aaaa", "as31898 oracle", "united kingdom", "date", "win32", "body", "title", "fury", "file type", "chrome cache", "entry", "cache entry", "jpeg image", "jfif", "gif image", "png image", "ascii text", "malicious", "next", "windows sandbox", "calls process", "default", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "accept", "shutdown", "json", "code", "persistence", "phishing", "value a", "pdf document", "adobe portable", "document format", "algorithm", "key identifier", "number", "cus ogoogle", "trust", "cnwe1 validity", "subject public", "key info", "key algorithm", "ec oid", "germany create", "domain", "expiry date", "name", "germany update", "researchgate", "discover", "research jobs", "gate", "find", "access", "join", "login", "email", "password", "x509v3 subject", "v3 serial", "issuer", "cbe cnalphassl", "sha256", "g2 oglobalsign", "validity", "public key", "info" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775156982&Signature=znZpp83KdT%2FL36sTf3QDOLLEWAh8ItKSUewNDuebW619kEzy7PG1q%2FF6ZK6IuxQU10CCVqA3cCW1MIaTpquBgPPjimEvkDVxx048Qv1%2FKzCnW00QhsQIQADWcfKI698TukLc8c3aCnBN%2BFMdkbsjgO4S6oFCJM5E9pIb9VJOdL6TDfSSIOQNyAYAL%2FCcOxwKRPBIY6l5X%2Bmxgvz5VObSKoxZWT7JmNyorS%2BPVLPOPtXbOJhdlDwk8aZ%", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157018&Signature=W6qmB2oXejWMekcxPwU%2BM2fTZ5XRnQ6InXQPfLl7OncG%2Bm3HPNHB%2FE6ygE96KZy32X4QvwY6orT3%2FSHlwBzQ3ckqedAXsZhwPNwVPN1eTjUL7BWQCVX7GFYabhv9AzqEnPZYWIUOa2P939ct2GWgfgTEtbesebRwyMue5ihDtUAV6qU1l2OuJfoS8C8GD%2FSlNeMBOTUymlaK4UmL9nmgOTq1McS%2BuJtgWwgJbI3sN9bR", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157047&Signature=yuzPVsphC0bG%2Bv9BmK3MOvfpxh2YUvj6B1ka6wchodQJMU0J7e6vH%2FwYLHWFiCIN7j4R6UxFeJ3ThZWdjJpObTpbPOwGZXiMlrPzB92hnLu9glo0Nxb3vEs2ztzgdkEKdSbu9SiyFyYZxQ4iwu6gfvEjT9bmVEcbVLcQEpNIevi9TPnEv%2B5D4yDqAalQb40r%2BCw%2FskC1Scj3bYgWKAGigIanlWXa0tIUmOIyNMnl6Oiq%2FRCzi7", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157115&Signature=IGbBEZp40pDgcnEOLyVLG6NGd0gM9ah6hwV8nmKkZpUvBN%2Fjn1v5XN0%2FGEFFk20komfUqhGI4zwklt2Bb3VyRLNwH5yCYd80ojWWC2ZPFlaKaLhRXD4OzOrLnAG4GyZ21SRFjULCGxXx6RaUuwulye8wG52yQ5yk0cXHuHPcowCLNbfY9ZWAQs6buavYGnYInBF0LCu3CboQBrgkhANmTmmtyrV9vDfS0Bz6fsJz%2BgmmwlGNpV0NA4IJTJeZmXCh", "https://vtbehaviour.commondatastorage.googleapis.com/000ea1a97119456bc0d73d6f04298896bcf8a014015dd5a3854db979acc33ba4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157142&Signature=YUKsrID6gK5Kkp3Ztlp37D19a5zJHrHMGp%2Bp3gyGO0BDcTOWmIH2IIADOlf7ZwEyxpzvT8ZH%2Bbv2TFx8h6B1n9NuatpuXqxe%2FVfKTCmILqh1vZsKMh8%2BTSQQu0uemPproGACNc8JtbCaAHd7gAzuT9xa01vD4Yzcag%2Bm2nc3OjhRI0359dkuzw5Z5%2BRRcM80c0kY6Z%2FSDz4nFU9x8Gxbbcq6adN4uDjcooa9W%2F%2", "https://vtbehaviour.commondatastorage.googleapis.com/00355f383cdfd3953bdb773247bcb38864e00fbc02f21c99bc85b9ae8a8de83c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775157171&Signature=wFaORSlZpOsDwaGFds40nh57Lh3vd%2BvFdqSDta%2BWapU98lkn38TsyUct5yym%2BseDovUqyvdVIXZauUtEnGqxpvYZximpwbeAbVtdc6MMBncoC78dOKoQbxtA3BT%2BzwKOs8jR1Cx7UYScBA2n%2BKi%2FUFE%2Fl3GvZGMSh8ekSTJNnrypI82Qa2rexteHlB8MZEdOGi15TMATCoi5SOQkKul2b5wy62%2BDaZblJEMMeN9AJYTgVYyUOZe6vM" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 272, "IPv4": 218, "FileHash-MD5": 149, "FileHash-SHA1": 151, "FileHash-SHA256": 783, "IPv6": 6, "domain": 140, "email": 4, "hostname": 144 }, "indicator_count": 1867, "is_author": false, "is_subscribing": null, "subscriber_count": 48, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://crbug.com/12966352", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://crbug.com/12966352", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1776641600.8172 }