{ "type": "URL", "indicator": "https://databrokers.deleteme.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://databrokers.deleteme.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4241126714, "indicator": "https://databrokers.deleteme.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "6a072d6e63719d3b162ebbe6", "name": "Black Vine", "description": "This isnt targeted at meta, I am unable go copy or paste at present to show the data I wanted. Briefly, MIS Order Status 2012- unsigned and expired [vb][exe] + the pointer is as well from 2019. Interesting strings: Lanmanserver > Namespace tree control", "modified": "2026-05-18T11:46:12.838000", "created": "2026-05-15T14:27:58.281000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 32, "hostname": 47, "URL": 103, "IPv4": 5, "CVE": 1 }, "indicator_count": 188, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a072d6da4f04abc83c98eec", "name": "Black Vine", "description": "This isnt targeted at meta, I am unable go copy or paste at present to show the data I wanted. Briefly, MIS Order Status 2012- unsigned and expired [vb][exe] + the pointer is as well from 2019. Interesting strings: Lanmanserver > Namespace tree control", "modified": "2026-05-18T11:46:11.754000", "created": "2026-05-15T14:27:57.929000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 37, "URL": 90, "IPv4": 5, "CVE": 1 }, "indicator_count": 151, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d6585753bfdc08890a4", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:54:34.222000", "created": "2026-05-06T13:08:53.749000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 662, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7, "CVE": 1 }, "indicator_count": 2687, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d632800402652054b73", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:51.417000", "created": "2026-05-06T13:08:51.417000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d628de55fd4fef0e2bc", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:50.546000", "created": "2026-05-06T13:08:50.546000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d5b5642ffb183d38fa8", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:43.093000", "created": "2026-05-06T13:08:43.093000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d58494c7b444832ea5b", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:40.248000", "created": "2026-05-06T13:08:40.248000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d5596fa1ad26e3f4319", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:37.416000", "created": "2026-05-06T13:08:37.416000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a8b5fe3394293df8d730ab", "name": "Great Service (intent to help reduce malware)", "description": "A malicious file has been found on the website of Deleteme.com, a website set up by a US-based company and run by the former president of the United States, Barack Obama.", "modified": "2026-04-03T23:13:53.390000", "created": "2026-03-04T22:45:18.393000", "tags": [ "united", "as13335", "unknown", "aaaa", "as14061", "as8075", "asnone country", "date", "cname", "united kingdom", "title", "body", "encrypt" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 104, "FileHash-SHA1": 2, "domain": 166, "hostname": 53, "FileHash-SHA256": 18, "email": 2 }, "indicator_count": 345, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "57 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO", "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 3058 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/deleteme.com", "whois": "http://whois.domaintools.com/deleteme.com", "domain": "deleteme.com", "hostname": "databrokers.deleteme.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "6a072d6e63719d3b162ebbe6", "name": "Black Vine", "description": "This isnt targeted at meta, I am unable go copy or paste at present to show the data I wanted. Briefly, MIS Order Status 2012- unsigned and expired [vb][exe] + the pointer is as well from 2019. Interesting strings: Lanmanserver > Namespace tree control", "modified": "2026-05-18T11:46:12.838000", "created": "2026-05-15T14:27:58.281000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 32, "hostname": 47, "URL": 103, "IPv4": 5, "CVE": 1 }, "indicator_count": 188, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a072d6da4f04abc83c98eec", "name": "Black Vine", "description": "This isnt targeted at meta, I am unable go copy or paste at present to show the data I wanted. Briefly, MIS Order Status 2012- unsigned and expired [vb][exe] + the pointer is as well from 2019. Interesting strings: Lanmanserver > Namespace tree control", "modified": "2026-05-18T11:46:11.754000", "created": "2026-05-15T14:27:57.929000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 18, "hostname": 37, "URL": 90, "IPv4": 5, "CVE": 1 }, "indicator_count": 151, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "12 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d6585753bfdc08890a4", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:54:34.222000", "created": "2026-05-06T13:08:53.749000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 662, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7, "CVE": 1 }, "indicator_count": 2687, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d632800402652054b73", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:51.417000", "created": "2026-05-06T13:08:51.417000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d628de55fd4fef0e2bc", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:50.546000", "created": "2026-05-06T13:08:50.546000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d5b5642ffb183d38fa8", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:43.093000", "created": "2026-05-06T13:08:43.093000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d58494c7b444832ea5b", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:40.248000", "created": "2026-05-06T13:08:40.248000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d5596fa1ad26e3f4319", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:37.416000", "created": "2026-05-06T13:08:37.416000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69a8b5fe3394293df8d730ab", "name": "Great Service (intent to help reduce malware)", "description": "A malicious file has been found on the website of Deleteme.com, a website set up by a US-based company and run by the former president of the United States, Barack Obama.", "modified": "2026-04-03T23:13:53.390000", "created": "2026-03-04T22:45:18.393000", "tags": [ "united", "as13335", "unknown", "aaaa", "as14061", "as8075", "asnone country", "date", "cname", "united kingdom", "title", "body", "encrypt" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 104, "FileHash-SHA1": 2, "domain": 166, "hostname": 53, "FileHash-SHA256": 18, "email": 2 }, "indicator_count": 345, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "57 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://databrokers.deleteme.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://databrokers.deleteme.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780222541.6073267 }