{ "type": "URL", "indicator": "https://d.symcb.Com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://d.symcb.Com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 2800321481, "indicator": "https://d.symcb.Com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "6a051c0938484a8a43d4084b", "name": "Clone by DorkingBeauty1 ['/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/\"] 2022-year", "description": "", "modified": "2026-05-14T00:49:13.494000", "created": "2026-05-14T00:49:13.494000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "62f27865570c2cb418127dd0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709134e73d6efb17198811", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "", "modified": "2023-12-06T15:20:20.504000", "created": "2023-12-06T15:20:20.504000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA256": 976, "hostname": 203, "URL": 789, "domain": 17, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ff8e1cd2e25819001c6", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "", "modified": "2023-12-06T15:15:04.906000", "created": "2023-12-06T15:15:04.906000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "FileHash-MD5": 68, "CVE": 1, "domain": 22, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f27865570c2cb418127dd0", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "Cert Hell brought to you bt CN probably via M$", "modified": "2022-08-09T15:08:21.620000", "created": "2022-08-09T15:08:21.620000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1390 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bc6e8c81962fea1a414234", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "Boom_Beach-soft32epic99.exe\nCVE-2021-22941", "modified": "2022-07-29T00:00:24.010000", "created": "2022-06-29T15:23:56.541000", "tags": [ "ck id", "installer", "powershell", "media", "delphi", "february", "template", "april", "august", "launch", "install", "null", "blank", "green", "spool", "little", "team", "ip check", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "references": [ "http://checkip.dyndns.org/Gelir_idaresi_Baskanligi/gib.exe", "http://84.22.104.244/data.exe", "http://iphones5sg.name/data.exe", "http://comslibingmakk.asia/data.exe", "https://hybrid-analysis.com/sample/4681d0b707c72394d9951a96d1bbdd4749299437dd4d43e0c9e63fb7a84f9cd1/62bc6a0a3092241dc7209dd2", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "domain": 22, "CVE": 1, "FileHash-MD5": 68, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1402 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627a43a7c8ff93929ea9bfa7", "name": "BootTime.exe x.symcb.com = CVE-2021-22941", "description": "Pattern match: \"http://sf.symcb.com/sf.crl0a\"\nPattern match: \"https://d.symcb.com/cps0%\"\nPattern match: \"https://d.symcb.com/rpa0\"\nPattern match: \"http://sf.symcd.com0&\"\nPattern match: \"http://sf.symcb.com/sf.crt0\"", "modified": "2022-06-09T00:00:13.607000", "created": "2022-05-10T10:51:19.919000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "runtime data", "pattern match", "ck id", "show stream", "verisign", "service", "raw size", "error", "suspicious", "path", "delphi", "class", "dcom", "write", "hybrid", "close", "click", "form", "stack", "win32", "general", "strings", "malicious", "team", "february" ], "references": [ "https://hybrid-analysis.com/sample/656485427e26f58123770c5796281f4544f9381962b1d89f9d3c6bffe41bb814/5c271c687ca3e1086f44e819", "BootTime.exe", "656485427e26f58123770c5796281f4544f9381962b1d89f9d3c6bffe41bb814" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1002", "name": "Data Compressed", "display_name": "T1002 - Data Compressed" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1076", "name": "Remote Desktop Protocol", "display_name": "T1076 - Remote Desktop Protocol" }, { "id": "T1116", "name": "Code Signing", "display_name": "T1116 - Code Signing" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1215", "name": "Kernel Modules and Extensions", "display_name": "T1215 - Kernel Modules and Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12, "hostname": 4, "FileHash-SHA256": 57, "CVE": 1, "FileHash-MD5": 11, "FileHash-SHA1": 1, "SSLCertFingerprint": 4 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1452 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN", "https://hybrid-analysis.com/sample/4681d0b707c72394d9951a96d1bbdd4749299437dd4d43e0c9e63fb7a84f9cd1/62bc6a0a3092241dc7209dd2", "http://comslibingmakk.asia/data.exe", "http://iphones5sg.name/data.exe", "Boom_Beach-soft32epic99.exe", "656485427e26f58123770c5796281f4544f9381962b1d89f9d3c6bffe41bb814", "http://checkip.dyndns.org/Gelir_idaresi_Baskanligi/gib.exe", "https://hybrid-analysis.com/sample/656485427e26f58123770c5796281f4544f9381962b1d89f9d3c6bffe41bb814/5c271c687ca3e1086f44e819", "BootTime.exe", "CVE-2021-22941", "http://84.22.104.244/data.exe" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 2441 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/symcb.Com", "whois": "http://whois.domaintools.com/symcb.Com", "domain": "symcb.Com", "hostname": "d.symcb.Com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "6a051c0938484a8a43d4084b", "name": "Clone by DorkingBeauty1 ['/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/\"] 2022-year", "description": "", "modified": "2026-05-14T00:49:13.494000", "created": "2026-05-14T00:49:13.494000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "62f27865570c2cb418127dd0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709134e73d6efb17198811", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "", "modified": "2023-12-06T15:20:20.504000", "created": "2023-12-06T15:20:20.504000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA256": 976, "hostname": 203, "URL": 789, "domain": 17, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ff8e1cd2e25819001c6", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "", "modified": "2023-12-06T15:15:04.906000", "created": "2023-12-06T15:15:04.906000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "FileHash-MD5": 68, "CVE": 1, "domain": 22, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f27865570c2cb418127dd0", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "Cert Hell brought to you bt CN probably via M$", "modified": "2022-08-09T15:08:21.620000", "created": "2022-08-09T15:08:21.620000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1390 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bc6e8c81962fea1a414234", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "Boom_Beach-soft32epic99.exe\nCVE-2021-22941", "modified": "2022-07-29T00:00:24.010000", "created": "2022-06-29T15:23:56.541000", "tags": [ "ck id", "installer", "powershell", "media", "delphi", "february", "template", "april", "august", "launch", "install", "null", "blank", "green", "spool", "little", "team", "ip check", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "references": [ "http://checkip.dyndns.org/Gelir_idaresi_Baskanligi/gib.exe", "http://84.22.104.244/data.exe", "http://iphones5sg.name/data.exe", "http://comslibingmakk.asia/data.exe", "https://hybrid-analysis.com/sample/4681d0b707c72394d9951a96d1bbdd4749299437dd4d43e0c9e63fb7a84f9cd1/62bc6a0a3092241dc7209dd2", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "domain": 22, "CVE": 1, "FileHash-MD5": 68, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1402 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "627a43a7c8ff93929ea9bfa7", "name": "BootTime.exe x.symcb.com = CVE-2021-22941", "description": "Pattern match: \"http://sf.symcb.com/sf.crl0a\"\nPattern match: \"https://d.symcb.com/cps0%\"\nPattern match: \"https://d.symcb.com/rpa0\"\nPattern match: \"http://sf.symcd.com0&\"\nPattern match: \"http://sf.symcb.com/sf.crt0\"", "modified": "2022-06-09T00:00:13.607000", "created": "2022-05-10T10:51:19.919000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "runtime data", "pattern match", "ck id", "show stream", "verisign", "service", "raw size", "error", "suspicious", "path", "delphi", "class", "dcom", "write", "hybrid", "close", "click", "form", "stack", "win32", "general", "strings", "malicious", "team", "february" ], "references": [ "https://hybrid-analysis.com/sample/656485427e26f58123770c5796281f4544f9381962b1d89f9d3c6bffe41bb814/5c271c687ca3e1086f44e819", "BootTime.exe", "656485427e26f58123770c5796281f4544f9381962b1d89f9d3c6bffe41bb814" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1002", "name": "Data Compressed", "display_name": "T1002 - Data Compressed" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1076", "name": "Remote Desktop Protocol", "display_name": "T1076 - Remote Desktop Protocol" }, { "id": "T1116", "name": "Code Signing", "display_name": "T1116 - Code Signing" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1215", "name": "Kernel Modules and Extensions", "display_name": "T1215 - Kernel Modules and Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 12, "hostname": 4, "FileHash-SHA256": 57, "CVE": 1, "FileHash-MD5": 11, "FileHash-SHA1": 1, "SSLCertFingerprint": 4 }, "indicator_count": 90, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1452 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://d.symcb.Com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://d.symcb.Com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780223570.0978475 }