{ "type": "URL", "indicator": "https://csp.withgoogle.com/csp/clientupdate-aus/1", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://csp.withgoogle.com/csp/clientupdate-aus/1", "type": "url", "type_title": "URL", "validation": [ { "source": "whitelist", "message": "Whitelisted domain withgoogle.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain withgoogle.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3823689585, "indicator": "https://csp.withgoogle.com/csp/clientupdate-aus/1", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "6a147a0bf4e914672a802773", "name": "forever-canadian[.]ca - 05.25.26", "description": "This is a grassroots political advocacy initiative focused on keeping Alberta in Canada, driven by Lukaszuk and volunteers in response to separatist sentiments in the province. Curiously, it appears they have fallen victim to #Cybercrime. Status of Website: Hacked. Participant Data: Active Distribution (i.e. Data in active use by Cybercriminals). Safety of visiting website: unknown (verdict by HA = Malicious).", "modified": "2026-05-25T16:46:06.153000", "created": "2026-05-25T16:34:19.519000", "tags": [ "entity", "geoip", "as13335", "cloudflarenet", "cloudflare", "as16509", "amazon02", "vercel geoip", "google llc", "as396982", "facebook", "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "please", "javascript", "sandbox", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "temp", "ansi", "translate", "downloadbubble", "webbluetooth", "passkeyauth", "fencedframes", "fledge", "pcap processing", "pcap", "win64", "date", "null", "accept", "path", "suspicious", "comspec", "cookie", "mozilla", "hybrid", "defense evasion", "close", "model", "click", "hosts", "patch", "over", "general", "encrypt", "level", "wind", "window", "strings", "contact", "url", "website", "web", "scanner", "analyze", "analyzer", "search", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login" ], "references": [ "https://www.virustotal.com/graph/embed/g5467d8748b4f4a739e6f5d84e15a0a36c60806dc093a4a9ba27ed4a08df63187?theme=dark", "https://www.filescan.io/uploads/6a146fa8efbd399b39ccfd7b/reports/3a0b8fe6-3657-400e-9cfa-eead3847b2b6/overview", "https://www.virustotal.com/gui/collection/bc6e1feb3491c0f9e455e1f513d44afbbcfce4084e6b506c80a19e54f934adf9/summary", "https://www.virustotal.com/gui/collection/bc6e1feb3491c0f9e455e1f513d44afbbcfce4084e6b506c80a19e54f934adf9/iocs", "https://hybrid-analysis.com/sample/93395b86310fc54df817f2898de3874ff2317dce2f10b95200d1c6f73162e987", "https://hybrid-analysis.com/sample/93395b86310fc54df817f2898de3874ff2317dce2f10b95200d1c6f73162e987/6a14751933f72f34d60993b8", "https://urlscan.io/search", "https://viz.greynoise.io/ip/analysis/585ba692-65c8-4295-a308-0914d3378b41" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 94, "URL": 397, "domain": 34, "hostname": 59, "FileHash-MD5": 12, "FileHash-SHA1": 11, "FileHash-SHA256": 5, "SSLCertFingerprint": 11, "email": 4 }, "indicator_count": 627, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de653101bee17699c7d1e8", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.690000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6531bfca82db8c335ebb", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.171000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 66, "FileHash-SHA1": 39, "FileHash-SHA256": 323, "URL": 126, "hostname": 255, "domain": 87 }, "indicator_count": 896, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6532d8458a36f68ce083", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:58.015000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/collection/bc6e1feb3491c0f9e455e1f513d44afbbcfce4084e6b506c80a19e54f934adf9/iocs", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://www.filescan.io/uploads/6a146fa8efbd399b39ccfd7b/reports/3a0b8fe6-3657-400e-9cfa-eead3847b2b6/overview", "https://www.virustotal.com/graph/embed/g5467d8748b4f4a739e6f5d84e15a0a36c60806dc093a4a9ba27ed4a08df63187?theme=dark", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://hybrid-analysis.com/sample/93395b86310fc54df817f2898de3874ff2317dce2f10b95200d1c6f73162e987/6a14751933f72f34d60993b8", "https://viz.greynoise.io/ip/analysis/585ba692-65c8-4295-a308-0914d3378b41", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://urlscan.io/search", "https://www.virustotal.com/gui/collection/bc6e1feb3491c0f9e455e1f513d44afbbcfce4084e6b506c80a19e54f934adf9/summary", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://hybrid-analysis.com/sample/93395b86310fc54df817f2898de3874ff2317dce2f10b95200d1c6f73162e987" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [ "Government" ], "unique_indicators": 1187 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/withgoogle.com", "whois": "http://whois.domaintools.com/withgoogle.com", "domain": "withgoogle.com", "hostname": "csp.withgoogle.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "6a147a0bf4e914672a802773", "name": "forever-canadian[.]ca - 05.25.26", "description": "This is a grassroots political advocacy initiative focused on keeping Alberta in Canada, driven by Lukaszuk and volunteers in response to separatist sentiments in the province. Curiously, it appears they have fallen victim to #Cybercrime. Status of Website: Hacked. Participant Data: Active Distribution (i.e. Data in active use by Cybercriminals). Safety of visiting website: unknown (verdict by HA = Malicious).", "modified": "2026-05-25T16:46:06.153000", "created": "2026-05-25T16:34:19.519000", "tags": [ "entity", "geoip", "as13335", "cloudflarenet", "cloudflare", "as16509", "amazon02", "vercel geoip", "google llc", "as396982", "facebook", "malware", "virus", "trojan", "ransomware", "static", "analysis", "indicator of compromise", "ioc", "extraction", "emulation", "online", "submit", "sample", "download", "platform", "please", "javascript", "sandbox", "vxstream", "apt", "hybrid analysis", "api key", "vetting process", "please note", "temp", "ansi", "translate", "downloadbubble", "webbluetooth", "passkeyauth", "fencedframes", "fledge", "pcap processing", "pcap", "win64", "date", "null", "accept", "path", "suspicious", "comspec", "cookie", "mozilla", "hybrid", "defense evasion", "close", "model", "click", "hosts", "patch", "over", "general", "encrypt", "level", "wind", "window", "strings", "contact", "url", "website", "web", "scanner", "analyze", "analyzer", "search", "search api", "make sure", "domain", "and not", "page", "home search", "live api", "blog docs", "pricing login" ], "references": [ "https://www.virustotal.com/graph/embed/g5467d8748b4f4a739e6f5d84e15a0a36c60806dc093a4a9ba27ed4a08df63187?theme=dark", "https://www.filescan.io/uploads/6a146fa8efbd399b39ccfd7b/reports/3a0b8fe6-3657-400e-9cfa-eead3847b2b6/overview", "https://www.virustotal.com/gui/collection/bc6e1feb3491c0f9e455e1f513d44afbbcfce4084e6b506c80a19e54f934adf9/summary", "https://www.virustotal.com/gui/collection/bc6e1feb3491c0f9e455e1f513d44afbbcfce4084e6b506c80a19e54f934adf9/iocs", "https://hybrid-analysis.com/sample/93395b86310fc54df817f2898de3874ff2317dce2f10b95200d1c6f73162e987", "https://hybrid-analysis.com/sample/93395b86310fc54df817f2898de3874ff2317dce2f10b95200d1c6f73162e987/6a14751933f72f34d60993b8", "https://urlscan.io/search", "https://viz.greynoise.io/ip/analysis/585ba692-65c8-4295-a308-0914d3378b41" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada" ], "malware_families": [], "attack_ids": [ { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1048", "name": "Exfiltration Over Alternative Protocol", "display_name": "T1048 - Exfiltration Over Alternative Protocol" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1132", "name": "Data Encoding", "display_name": "T1132 - Data Encoding" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "UCP_GoA23", "id": "382539", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_382539/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 94, "URL": 397, "domain": 34, "hostname": 59, "FileHash-MD5": 12, "FileHash-SHA1": 11, "FileHash-SHA256": 5, "SSLCertFingerprint": 11, "email": 4 }, "indicator_count": 627, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de653101bee17699c7d1e8", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.690000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6531bfca82db8c335ebb", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.171000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 66, "FileHash-SHA1": 39, "FileHash-SHA256": 323, "URL": 126, "hostname": 255, "domain": 87 }, "indicator_count": 896, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6532d8458a36f68ce083", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:58.015000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://csp.withgoogle.com/csp/clientupdate-aus/1", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://csp.withgoogle.com/csp/clientupdate-aus/1", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780349608.2157218 }