{ "type": "URL", "indicator": "https://github.com/FezVrasta/popper.js/pull/715", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://github.com/FezVrasta/popper.js/pull/715", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #87", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #560", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain github.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 3854861429, "indicator": "https://github.com/FezVrasta/popper.js/pull/715", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "69d46ee073b843b1b52f59a2", "name": "VirusTotal report\n for l-Management-System-School-ERP-nulled-by-CodeAlright.Com.zip", "description": "A look at the results of a report generated by the University of California, Los Angeles (UCLA) and compiled by codecanyon, a university-instikit and an academy.", "modified": "2026-05-07T02:13:20.636000", "created": "2026-04-07T02:41:36.582000", "tags": [ "file type", "unix", "mitre attack", "network info", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "persistence", "malicious", "next", "newstoday2", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "python", "javascript", "html", "sample", "test", "urls", "united", "extra info", "uncomment", "performs dns", "layer protocol", "attack network", "info dropped", "info processes", "info", "may try", "ascii text", "png image", "https", "reads cpu", "tls version", "ascii", "usrliblog" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/01f57cc95906a44558c5c1f19ef3191fe6f2f1cc03e1d10d1da421b7c604903f_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529261&Signature=RJNKrp%2FaK0APCyfk557hpXXr%2BMWPGME1nJO1%2BQCUEm9xRuKB0DlxP%2BfDSiZsLcJsAhaI%2FWxbH%2F%2FdbHllDXKgjJl92HzsTFyTAT0eMx%2BzlFLXKn0VyBmCHKLgKoFS4fDODUKy6SKJxdUav7aDP1aVhAXMPp%2BT3yWjDdSos0HQalqAt%2FcsVg1w28zfPjvVVGv%2B%2FvJeCIgzhXeE2pX6Npumx67Yym8jiiqV75WoDu", "https://vtbehaviour.commondatastorage.googleapis.com/00913627185b352deaf0ec837f85a7f606b27112956875de5d610fba8151306c_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529477&Signature=s8ZCWLcVqjdBgBGejTcqippuMvftwgsdUQHUAjBnm45yUvqDsHIMIA29%2BJcb%2BrruXxHPD5tQv1BwAzlV1o7EuhxX4qMqDcFWSLqoc%2FqAnEVxLg0zXohtwMkHxv0z%2Bp5AL0jLyAwNYz7bH56tnmUs3tHPYc48OeM4AanV030U%2FnmXlF8kJ6cjAemipfTNe1QRx3ecbONm9c3B51FK0BbzZEdRX0pTHIM4AK1M", "https://vtbehaviour.commondatastorage.googleapis.com/0347ed7ffd09f6728c494128b1d11792893d5cde9e4effdc2bcc8f9ebb12a0e1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529533&Signature=diQ6r2CuvkDxYGybQtlzxVxtH8iGMt6XlgZBEpk7B5n%2FVtwOuZaPpuNyM%2Fr4VbSp2H67%2FddXTZ3XJG8LdUMwLVXsSDKIq%2BjyQHccTuCS0HXEDbllONqfU6gWICxxtdC%2F4wdaL8fVyCE%2FHHcnWm5PufAa002Tn02MbSx9cFdNZS4R86MEMARaMiXSCiGQuiLR2STQCGqU%2Byg16ky%2FYjPbLtB6WD5skgEs3AgDmDNlDLjtbb", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529640&Signature=G0ONarqL7o1MkYvMlqktPKmEpNw5A3hwHYnIBwD8r%2F0xQfBDCaCPoL6%2BMxjj5Ftsb47O6KGvZzp2CS1xFcRHfbhEnUGRJR9o2%2FjSPy6NAV226GNwtSGdDXxPJFfETfpFlDEj%2FOCd26qtcBDdT4lX2saiGfx0%2FunV94XcNq3cUTVm%2Fsf0BO74945PnFWtBu3Oq%2FBm9AlaLwnyEZ5TDLfhXyqiTv1Qsx%2FWmBk0PIieA9MtTm", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529701&Signature=BDpq68evTIZGfF61fRMAYEM%2BQtXgDfwPgp7qnaSE1mJStRV1ikHnSjRDxrMwGqkg0kaXqLEpQ%2BLuSCdJ9wJJzfrkQuV1%2Bbcg0cctnCOLgWhiXjekyol4iul%2FPXEGu6%2F1a20JEEoUfg9Dq6%2FosKMN9fmk%2BtqQcFa6PODcE3qJcO23YhWwDpmSYZ7t8JNsALFm98c6r%2BfBLLjnCSpVql2zQJifkl%2BteR57LTZG7W2lbENV", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529758&Signature=zXDmSolL1BXRVntoMjKFPJaZtQ0tI1lf56M%2BqCFh1c0JirSCS7DGBgxMdHuaZG8hsB%2FV1nO0JEfDegHE1Ibm55QO9TriIg9yCH6dZSsofTmiHiBOUZtTMSH1Pg1z%2FnuElFFvVDHQ2Ryhog0fw%2BwfS0Fpe5ZOoTF8KK883iH45dmOAcVEphu7K5A%2FrzfFG93bFibxA7MRKbLLGBbrIVz4yFSuuFHimac0dVn%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 158, "FileHash-SHA1": 158, "FileHash-SHA256": 1127, "URL": 116, "hostname": 49, "domain": 182, "email": 1 }, "indicator_count": 1791, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d46ee1379578309fae9a4a", "name": "VirusTotal report\n for l-Management-System-School-ERP-nulled-by-CodeAlright.Com.zip", "description": "A look at the results of a report generated by the University of California, Los Angeles (UCLA) and compiled by codecanyon, a university-instikit and an academy.", "modified": "2026-05-07T02:13:20.636000", "created": "2026-04-07T02:41:37.877000", "tags": [ "file type", "unix", "mitre attack", "network info", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "persistence", "malicious", "next", "newstoday2", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "python", "javascript", "html", "sample", "test", "urls", "united", "extra info", "uncomment", "performs dns", "layer protocol", "attack network", "info dropped", "info processes", "info", "may try", "ascii text", "png image", "https", "reads cpu", "tls version", "ascii", "usrliblog" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/01f57cc95906a44558c5c1f19ef3191fe6f2f1cc03e1d10d1da421b7c604903f_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529261&Signature=RJNKrp%2FaK0APCyfk557hpXXr%2BMWPGME1nJO1%2BQCUEm9xRuKB0DlxP%2BfDSiZsLcJsAhaI%2FWxbH%2F%2FdbHllDXKgjJl92HzsTFyTAT0eMx%2BzlFLXKn0VyBmCHKLgKoFS4fDODUKy6SKJxdUav7aDP1aVhAXMPp%2BT3yWjDdSos0HQalqAt%2FcsVg1w28zfPjvVVGv%2B%2FvJeCIgzhXeE2pX6Npumx67Yym8jiiqV75WoDu", "https://vtbehaviour.commondatastorage.googleapis.com/00913627185b352deaf0ec837f85a7f606b27112956875de5d610fba8151306c_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529477&Signature=s8ZCWLcVqjdBgBGejTcqippuMvftwgsdUQHUAjBnm45yUvqDsHIMIA29%2BJcb%2BrruXxHPD5tQv1BwAzlV1o7EuhxX4qMqDcFWSLqoc%2FqAnEVxLg0zXohtwMkHxv0z%2Bp5AL0jLyAwNYz7bH56tnmUs3tHPYc48OeM4AanV030U%2FnmXlF8kJ6cjAemipfTNe1QRx3ecbONm9c3B51FK0BbzZEdRX0pTHIM4AK1M", "https://vtbehaviour.commondatastorage.googleapis.com/0347ed7ffd09f6728c494128b1d11792893d5cde9e4effdc2bcc8f9ebb12a0e1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529533&Signature=diQ6r2CuvkDxYGybQtlzxVxtH8iGMt6XlgZBEpk7B5n%2FVtwOuZaPpuNyM%2Fr4VbSp2H67%2FddXTZ3XJG8LdUMwLVXsSDKIq%2BjyQHccTuCS0HXEDbllONqfU6gWICxxtdC%2F4wdaL8fVyCE%2FHHcnWm5PufAa002Tn02MbSx9cFdNZS4R86MEMARaMiXSCiGQuiLR2STQCGqU%2Byg16ky%2FYjPbLtB6WD5skgEs3AgDmDNlDLjtbb", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529640&Signature=G0ONarqL7o1MkYvMlqktPKmEpNw5A3hwHYnIBwD8r%2F0xQfBDCaCPoL6%2BMxjj5Ftsb47O6KGvZzp2CS1xFcRHfbhEnUGRJR9o2%2FjSPy6NAV226GNwtSGdDXxPJFfETfpFlDEj%2FOCd26qtcBDdT4lX2saiGfx0%2FunV94XcNq3cUTVm%2Fsf0BO74945PnFWtBu3Oq%2FBm9AlaLwnyEZ5TDLfhXyqiTv1Qsx%2FWmBk0PIieA9MtTm", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529701&Signature=BDpq68evTIZGfF61fRMAYEM%2BQtXgDfwPgp7qnaSE1mJStRV1ikHnSjRDxrMwGqkg0kaXqLEpQ%2BLuSCdJ9wJJzfrkQuV1%2Bbcg0cctnCOLgWhiXjekyol4iul%2FPXEGu6%2F1a20JEEoUfg9Dq6%2FosKMN9fmk%2BtqQcFa6PODcE3qJcO23YhWwDpmSYZ7t8JNsALFm98c6r%2BfBLLjnCSpVql2zQJifkl%2BteR57LTZG7W2lbENV", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529758&Signature=zXDmSolL1BXRVntoMjKFPJaZtQ0tI1lf56M%2BqCFh1c0JirSCS7DGBgxMdHuaZG8hsB%2FV1nO0JEfDegHE1Ibm55QO9TriIg9yCH6dZSsofTmiHiBOUZtTMSH1Pg1z%2FnuElFFvVDHQ2Ryhog0fw%2BwfS0Fpe5ZOoTF8KK883iH45dmOAcVEphu7K5A%2FrzfFG93bFibxA7MRKbLLGBbrIVz4yFSuuFHimac0dVn%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 158, "FileHash-SHA1": 158, "FileHash-SHA256": 1127, "URL": 110, "hostname": 45, "domain": 179 }, "indicator_count": 1777, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d45104133846ffc6b2a6fe", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:12.507000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4510678007ab57751a513", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:14.009000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d45107d82d67453e8ade06", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:15.789000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4510870e9906d58e7a554", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:16.928000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4569a944adf94a75efcf9", "name": "VirusTotal report\n for download.rar", "description": "0347ed7f6728c494128d5cde9e4effdc2bcc8f944d78bca8d, as well as 1.3m2.", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:58:02.158000", "tags": [ "json text", "json" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 287, "FileHash-SHA1": 283, "FileHash-SHA256": 2301, "URL": 113, "domain": 169, "hostname": 75 }, "indicator_count": 3228, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4569dc87656b4a255a124", "name": "VirusTotal report\n for download.rar", "description": "0347ed7f6728c494128d5cde9e4effdc2bcc8f944d78bca8d, as well as 1.3m2.", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:58:05.842000", "tags": [ "json text", "json" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 281, "FileHash-SHA1": 277, "FileHash-SHA256": 2208, "URL": 113, "domain": 169, "hostname": 75 }, "indicator_count": 3123, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68038f7eb6f6810aa6d6439f", "name": "\"+g+\"", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "modified": "2025-09-01T08:05:25.121000", "created": "2025-04-19T11:56:46.933000", "tags": [ "copyright", "customevent", "typeof e", "boomerang", "typeof t", "macintosh", "os x", "post", "typeof", "iframe", "date", "poka menu", "nie znaleziono", "poka start", "poka", "max dostpnych", "pierwsza", "ostatnia", "nastpna", "poprzednia", "brak danych", "first", "ceidg", "wystpi bd", "error", "true", "null", "linkdownload", "show", "ctrlmappings", "version", "versionchange", "body", "false", "span", "input", "paginate", "next", "last", "selectstart", "loop", "function", "bootstrap", "datatables", "responsive", "2016 sprymedia", "amd define", "object", "commonjs", "window", "browser", "button", "datatable", "sprymedia ltd", "columns", "colidx", "column", "parent", "child", "param", "display", "click", "middle", "class", "target", "never", "find", "footer", "close", "regexp", "matches", "cookie", "inputmask", "input mask", "robin herbots", "mit license", "xmlhttprequest", "left", "month", "boolean", "maxdate", "right", "daterangepicker", "yyyymmdd", "calendar", "jquery", "webpackrequire", "typeof symbol", "type", "setprototypeof", "maskpos", "wrapnativesuper", "backspace", "insert", "internal", "mask", "void", "this", "nie mona", "array", "nonmsdombrowser", "horizontal", "leftarrow", "uparrow", "rightarrow", "downarrow", "explorer", "form", "legend", "hmmss", "mmmm d", "yyyy h", "typeof define", "number", "locale", "character", "seeknext", "masked", "input plugin", "josh bush", "azaz", "azaz09", "black", "kontrast", "arrcookies", "getcookielang", "and information", "on business", "sign", "twoja", "opinia", "informacja o", "notify ui", "widget", "eric hynds", "dual", "name", "dtopt", "example", "using", "open", "adata", "hungarian", "aria", "legacy", "trident", "format", "nuke", "apos", "bitcoin", "outer", "mark", "info", "reload", "behaviour", "write", "buttons", "anything", "prop", "thecookie", "create", "thevalue", "string name", "pluginscookie", "author", "eventkey", "datakey", "default", "dataapikey", "defaulttype", "config", "shown", "trigger", "delta", "guard", "arrow", "leave", "scroll", "dataspy", "sessiontimeout", "return", "settimeout", "mytimerid", "requestcounter", "starttimer", "stop", "typeof n", "adminlte", "typeof o", "main", "js application", "adminlte v2", "colorlib", "ui date", "written", "jacek wysocki", "poprzedni", "marzec", "kwiecie", "czerwiec", "lipiec", "sierpie", "wrzesie", "openpopup", "href", "toggle", "msviewport", "popover", "json", "json text", "string", "otherwise", "holder", "mind", "copy", "meta", "third", "text", "choice", "confirm", "nie pytaj", "site", "title", "value", "alert", "warn", "migrate", "foundation", "see http", "forget", "newvalue", "nones5", "fall", "wrongvalid", "onerror", "year", "fast", "argument", "popper", "method", "data", "html", "flip", "factory", "onload", "tbody", "courier", "elem", "handle", "expando", "match", "selector", "sizzle", "android", "capture", "seed", "pass", "enough", "code", "bind", "core", "local", "verify", "accept", "done", "override", "inject", "possible", "hold", "45deg", "larger", "screen styling", "90deg", "support", "sidebar mini", "e1f0ff", "font awesome", "free", "autocomplete", "folder", "expanded folder", "tabela", "sorting", "xform", "nadpisane style", "menlo", "monaco", "consolas", "mono", "courier new", "browse", "twitter", "pt serif", "georgia", "times new", "roman", "times", "typetime", "import", "roboto", "http", "label", "demos", "effect", "inst", "super", "speed", "bounce", "hack", "logic", "shift", "double", "february", "april", "june", "august", "friday", "erase", "atom", "caja", "spinner", "refresh", "alpha", "sentinel", "back", "blind", "drop", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "UE_pl_top.svg", "UE_pl_top_sm.svg", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "dataTables.lang.js.pobrane", "EntryChangeHistory.aspx.js.pobrane", "dataTables.input.js.pobrane", "responsive.bootstrap4.js.pobrane", "dataTables.bootstrap4.js.pobrane", "dataTables.responsive.js.pobrane", "jquery.session.js.pobrane", "inputmask.binding.js.pobrane", "daterangepicker.js.pobrane", "jquery.inputmask.min.js.pobrane", "ScriptResource.axd", "moment-with-locales.min.js.pobrane", "jquery.maskedinput-1.2.2.js.pobrane", "feedback.js.pobrane", "jquery.notify.min.js.pobrane", "jquery.dataTables.js.pobrane", "jquery.cookie.js.pobrane", "bootstrap.js.pobrane", "SessionTimeout.js.pobrane", "adminlte.min.js.pobrane", "jquery.easing.1.3.js.pobrane", "jquery.feedbackBadge.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "ceidg-master.js.pobrane", "CommonResponsive.js.pobrane", "json2.js.pobrane", "jquery.alerts.js.pobrane", "jquery-migrate-1.2.1.js.pobrane", "dataTables.bootstrap4.css", "CommonScripts.js.pobrane", "popper.js.pobrane", "responsive.bootstrap4.css", "jquery-3.0.0.js.pobrane", "daterangepicker.css", "AdminLTE.css", "ui.notify.css", "ceidg.css", "bootstrap-gov-pl.css", "biznes.css", "jquery-ui.js.pobrane", "saved_resource.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 165, "domain": 353, "hostname": 215, "email": 2 }, "indicator_count": 767, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "596 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "CommonResponsive.js.pobrane", "feedback.js.pobrane", "AdminLTE.css", "https://vtbehaviour.commondatastorage.googleapis.com/00913627185b352deaf0ec837f85a7f606b27112956875de5d610fba8151306c_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529477&Signature=s8ZCWLcVqjdBgBGejTcqippuMvftwgsdUQHUAjBnm45yUvqDsHIMIA29%2BJcb%2BrruXxHPD5tQv1BwAzlV1o7EuhxX4qMqDcFWSLqoc%2FqAnEVxLg0zXohtwMkHxv0z%2Bp5AL0jLyAwNYz7bH56tnmUs3tHPYc48OeM4AanV030U%2FnmXlF8kJ6cjAemipfTNe1QRx3ecbONm9c3B51FK0BbzZEdRX0pTHIM4AK1M", "jquery.dataTables.js.pobrane", "ui.notify.css", "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "https://vtbehaviour.commondatastorage.googleapis.com/0347ed7ffd09f6728c494128b1d11792893d5cde9e4effdc2bcc8f9ebb12a0e1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529533&Signature=diQ6r2CuvkDxYGybQtlzxVxtH8iGMt6XlgZBEpk7B5n%2FVtwOuZaPpuNyM%2Fr4VbSp2H67%2FddXTZ3XJG8LdUMwLVXsSDKIq%2BjyQHccTuCS0HXEDbllONqfU6gWICxxtdC%2F4wdaL8fVyCE%2FHHcnWm5PufAa002Tn02MbSx9cFdNZS4R86MEMARaMiXSCiGQuiLR2STQCGqU%2Byg16ky%2FYjPbLtB6WD5skgEs3AgDmDNlDLjtbb", "UE_pl_top_sm.svg", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529640&Signature=G0ONarqL7o1MkYvMlqktPKmEpNw5A3hwHYnIBwD8r%2F0xQfBDCaCPoL6%2BMxjj5Ftsb47O6KGvZzp2CS1xFcRHfbhEnUGRJR9o2%2FjSPy6NAV226GNwtSGdDXxPJFfETfpFlDEj%2FOCd26qtcBDdT4lX2saiGfx0%2FunV94XcNq3cUTVm%2Fsf0BO74945PnFWtBu3Oq%2FBm9AlaLwnyEZ5TDLfhXyqiTv1Qsx%2FWmBk0PIieA9MtTm", "jquery-migrate-1.2.1.js.pobrane", "jquery.notify.min.js.pobrane", "jquery-3.0.0.js.pobrane", "CommonScripts.js.pobrane", "responsive.bootstrap4.css", "saved_resource.html", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529701&Signature=BDpq68evTIZGfF61fRMAYEM%2BQtXgDfwPgp7qnaSE1mJStRV1ikHnSjRDxrMwGqkg0kaXqLEpQ%2BLuSCdJ9wJJzfrkQuV1%2Bbcg0cctnCOLgWhiXjekyol4iul%2FPXEGu6%2F1a20JEEoUfg9Dq6%2FosKMN9fmk%2BtqQcFa6PODcE3qJcO23YhWwDpmSYZ7t8JNsALFm98c6r%2BfBLLjnCSpVql2zQJifkl%2BteR57LTZG7W2lbENV", "jquery.feedbackBadge.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "moment-with-locales.min.js.pobrane", "dataTables.lang.js.pobrane", "popper.js.pobrane", "jquery.cookie.js.pobrane", "jquery.alerts.js.pobrane", "dataTables.responsive.js.pobrane", "ceidg.css", "dataTables.bootstrap4.js.pobrane", "adminlte.min.js.pobrane", "jquery.maskedinput-1.2.2.js.pobrane", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529758&Signature=zXDmSolL1BXRVntoMjKFPJaZtQ0tI1lf56M%2BqCFh1c0JirSCS7DGBgxMdHuaZG8hsB%2FV1nO0JEfDegHE1Ibm55QO9TriIg9yCH6dZSsofTmiHiBOUZtTMSH1Pg1z%2FnuElFFvVDHQ2Ryhog0fw%2BwfS0Fpe5ZOoTF8KK883iH45dmOAcVEphu7K5A%2FrzfFG93bFibxA7MRKbLLGBbrIVz4yFSuuFHimac0dVn%", "https://vtbehaviour.commondatastorage.googleapis.com/01f57cc95906a44558c5c1f19ef3191fe6f2f1cc03e1d10d1da421b7c604903f_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529261&Signature=RJNKrp%2FaK0APCyfk557hpXXr%2BMWPGME1nJO1%2BQCUEm9xRuKB0DlxP%2BfDSiZsLcJsAhaI%2FWxbH%2F%2FdbHllDXKgjJl92HzsTFyTAT0eMx%2BzlFLXKn0VyBmCHKLgKoFS4fDODUKy6SKJxdUav7aDP1aVhAXMPp%2BT3yWjDdSos0HQalqAt%2FcsVg1w28zfPjvVVGv%2B%2FvJeCIgzhXeE2pX6Npumx67Yym8jiiqV75WoDu", "json2.js.pobrane", "SessionTimeout.js.pobrane", "responsive.bootstrap4.js.pobrane", "daterangepicker.css", "dataTables.input.js.pobrane", "ScriptResource.axd", "EntryChangeHistory.aspx.js.pobrane", "jquery-ui.js.pobrane", "bootstrap.js.pobrane", "inputmask.binding.js.pobrane", "biznes.css", "jquery.easing.1.3.js.pobrane", "dataTables.bootstrap4.css", "daterangepicker.js.pobrane", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "ceidg-master.js.pobrane", "bootstrap-gov-pl.css", "jquery.session.js.pobrane", "jquery.inputmask.min.js.pobrane", "UE_pl_top.svg" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 34319 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/github.com", "whois": "http://whois.domaintools.com/github.com", "domain": "github.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "69d46ee073b843b1b52f59a2", "name": "VirusTotal report\n for l-Management-System-School-ERP-nulled-by-CodeAlright.Com.zip", "description": "A look at the results of a report generated by the University of California, Los Angeles (UCLA) and compiled by codecanyon, a university-instikit and an academy.", "modified": "2026-05-07T02:13:20.636000", "created": "2026-04-07T02:41:36.582000", "tags": [ "file type", "unix", "mitre attack", "network info", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "persistence", "malicious", "next", "newstoday2", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "python", "javascript", "html", "sample", "test", "urls", "united", "extra info", "uncomment", "performs dns", "layer protocol", "attack network", "info dropped", "info processes", "info", "may try", "ascii text", "png image", "https", "reads cpu", "tls version", "ascii", "usrliblog" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/01f57cc95906a44558c5c1f19ef3191fe6f2f1cc03e1d10d1da421b7c604903f_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529261&Signature=RJNKrp%2FaK0APCyfk557hpXXr%2BMWPGME1nJO1%2BQCUEm9xRuKB0DlxP%2BfDSiZsLcJsAhaI%2FWxbH%2F%2FdbHllDXKgjJl92HzsTFyTAT0eMx%2BzlFLXKn0VyBmCHKLgKoFS4fDODUKy6SKJxdUav7aDP1aVhAXMPp%2BT3yWjDdSos0HQalqAt%2FcsVg1w28zfPjvVVGv%2B%2FvJeCIgzhXeE2pX6Npumx67Yym8jiiqV75WoDu", "https://vtbehaviour.commondatastorage.googleapis.com/00913627185b352deaf0ec837f85a7f606b27112956875de5d610fba8151306c_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529477&Signature=s8ZCWLcVqjdBgBGejTcqippuMvftwgsdUQHUAjBnm45yUvqDsHIMIA29%2BJcb%2BrruXxHPD5tQv1BwAzlV1o7EuhxX4qMqDcFWSLqoc%2FqAnEVxLg0zXohtwMkHxv0z%2Bp5AL0jLyAwNYz7bH56tnmUs3tHPYc48OeM4AanV030U%2FnmXlF8kJ6cjAemipfTNe1QRx3ecbONm9c3B51FK0BbzZEdRX0pTHIM4AK1M", "https://vtbehaviour.commondatastorage.googleapis.com/0347ed7ffd09f6728c494128b1d11792893d5cde9e4effdc2bcc8f9ebb12a0e1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529533&Signature=diQ6r2CuvkDxYGybQtlzxVxtH8iGMt6XlgZBEpk7B5n%2FVtwOuZaPpuNyM%2Fr4VbSp2H67%2FddXTZ3XJG8LdUMwLVXsSDKIq%2BjyQHccTuCS0HXEDbllONqfU6gWICxxtdC%2F4wdaL8fVyCE%2FHHcnWm5PufAa002Tn02MbSx9cFdNZS4R86MEMARaMiXSCiGQuiLR2STQCGqU%2Byg16ky%2FYjPbLtB6WD5skgEs3AgDmDNlDLjtbb", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529640&Signature=G0ONarqL7o1MkYvMlqktPKmEpNw5A3hwHYnIBwD8r%2F0xQfBDCaCPoL6%2BMxjj5Ftsb47O6KGvZzp2CS1xFcRHfbhEnUGRJR9o2%2FjSPy6NAV226GNwtSGdDXxPJFfETfpFlDEj%2FOCd26qtcBDdT4lX2saiGfx0%2FunV94XcNq3cUTVm%2Fsf0BO74945PnFWtBu3Oq%2FBm9AlaLwnyEZ5TDLfhXyqiTv1Qsx%2FWmBk0PIieA9MtTm", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529701&Signature=BDpq68evTIZGfF61fRMAYEM%2BQtXgDfwPgp7qnaSE1mJStRV1ikHnSjRDxrMwGqkg0kaXqLEpQ%2BLuSCdJ9wJJzfrkQuV1%2Bbcg0cctnCOLgWhiXjekyol4iul%2FPXEGu6%2F1a20JEEoUfg9Dq6%2FosKMN9fmk%2BtqQcFa6PODcE3qJcO23YhWwDpmSYZ7t8JNsALFm98c6r%2BfBLLjnCSpVql2zQJifkl%2BteR57LTZG7W2lbENV", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529758&Signature=zXDmSolL1BXRVntoMjKFPJaZtQ0tI1lf56M%2BqCFh1c0JirSCS7DGBgxMdHuaZG8hsB%2FV1nO0JEfDegHE1Ibm55QO9TriIg9yCH6dZSsofTmiHiBOUZtTMSH1Pg1z%2FnuElFFvVDHQ2Ryhog0fw%2BwfS0Fpe5ZOoTF8KK883iH45dmOAcVEphu7K5A%2FrzfFG93bFibxA7MRKbLLGBbrIVz4yFSuuFHimac0dVn%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 158, "FileHash-SHA1": 158, "FileHash-SHA256": 1127, "URL": 116, "hostname": 49, "domain": 182, "email": 1 }, "indicator_count": 1791, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d46ee1379578309fae9a4a", "name": "VirusTotal report\n for l-Management-System-School-ERP-nulled-by-CodeAlright.Com.zip", "description": "A look at the results of a report generated by the University of California, Los Angeles (UCLA) and compiled by codecanyon, a university-instikit and an academy.", "modified": "2026-05-07T02:13:20.636000", "created": "2026-04-07T02:41:37.877000", "tags": [ "file type", "unix", "mitre attack", "network info", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "persistence", "malicious", "next", "newstoday2", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "file", "operations", "process open", "python", "javascript", "html", "sample", "test", "urls", "united", "extra info", "uncomment", "performs dns", "layer protocol", "attack network", "info dropped", "info processes", "info", "may try", "ascii text", "png image", "https", "reads cpu", "tls version", "ascii", "usrliblog" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/01f57cc95906a44558c5c1f19ef3191fe6f2f1cc03e1d10d1da421b7c604903f_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529261&Signature=RJNKrp%2FaK0APCyfk557hpXXr%2BMWPGME1nJO1%2BQCUEm9xRuKB0DlxP%2BfDSiZsLcJsAhaI%2FWxbH%2F%2FdbHllDXKgjJl92HzsTFyTAT0eMx%2BzlFLXKn0VyBmCHKLgKoFS4fDODUKy6SKJxdUav7aDP1aVhAXMPp%2BT3yWjDdSos0HQalqAt%2FcsVg1w28zfPjvVVGv%2B%2FvJeCIgzhXeE2pX6Npumx67Yym8jiiqV75WoDu", "https://vtbehaviour.commondatastorage.googleapis.com/00913627185b352deaf0ec837f85a7f606b27112956875de5d610fba8151306c_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529477&Signature=s8ZCWLcVqjdBgBGejTcqippuMvftwgsdUQHUAjBnm45yUvqDsHIMIA29%2BJcb%2BrruXxHPD5tQv1BwAzlV1o7EuhxX4qMqDcFWSLqoc%2FqAnEVxLg0zXohtwMkHxv0z%2Bp5AL0jLyAwNYz7bH56tnmUs3tHPYc48OeM4AanV030U%2FnmXlF8kJ6cjAemipfTNe1QRx3ecbONm9c3B51FK0BbzZEdRX0pTHIM4AK1M", "https://vtbehaviour.commondatastorage.googleapis.com/0347ed7ffd09f6728c494128b1d11792893d5cde9e4effdc2bcc8f9ebb12a0e1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529533&Signature=diQ6r2CuvkDxYGybQtlzxVxtH8iGMt6XlgZBEpk7B5n%2FVtwOuZaPpuNyM%2Fr4VbSp2H67%2FddXTZ3XJG8LdUMwLVXsSDKIq%2BjyQHccTuCS0HXEDbllONqfU6gWICxxtdC%2F4wdaL8fVyCE%2FHHcnWm5PufAa002Tn02MbSx9cFdNZS4R86MEMARaMiXSCiGQuiLR2STQCGqU%2Byg16ky%2FYjPbLtB6WD5skgEs3AgDmDNlDLjtbb", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529640&Signature=G0ONarqL7o1MkYvMlqktPKmEpNw5A3hwHYnIBwD8r%2F0xQfBDCaCPoL6%2BMxjj5Ftsb47O6KGvZzp2CS1xFcRHfbhEnUGRJR9o2%2FjSPy6NAV226GNwtSGdDXxPJFfETfpFlDEj%2FOCd26qtcBDdT4lX2saiGfx0%2FunV94XcNq3cUTVm%2Fsf0BO74945PnFWtBu3Oq%2FBm9AlaLwnyEZ5TDLfhXyqiTv1Qsx%2FWmBk0PIieA9MtTm", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529701&Signature=BDpq68evTIZGfF61fRMAYEM%2BQtXgDfwPgp7qnaSE1mJStRV1ikHnSjRDxrMwGqkg0kaXqLEpQ%2BLuSCdJ9wJJzfrkQuV1%2Bbcg0cctnCOLgWhiXjekyol4iul%2FPXEGu6%2F1a20JEEoUfg9Dq6%2FosKMN9fmk%2BtqQcFa6PODcE3qJcO23YhWwDpmSYZ7t8JNsALFm98c6r%2BfBLLjnCSpVql2zQJifkl%2BteR57LTZG7W2lbENV", "https://vtbehaviour.commondatastorage.googleapis.com/00695c0012a8ebc08469eb0d32d3974ae70e93d129015dbfe6da128556ab3726_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775529758&Signature=zXDmSolL1BXRVntoMjKFPJaZtQ0tI1lf56M%2BqCFh1c0JirSCS7DGBgxMdHuaZG8hsB%2FV1nO0JEfDegHE1Ibm55QO9TriIg9yCH6dZSsofTmiHiBOUZtTMSH1Pg1z%2FnuElFFvVDHQ2Ryhog0fw%2BwfS0Fpe5ZOoTF8KK883iH45dmOAcVEphu7K5A%2FrzfFG93bFibxA7MRKbLLGBbrIVz4yFSuuFHimac0dVn%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 158, "FileHash-SHA1": 158, "FileHash-SHA256": 1127, "URL": 110, "hostname": 45, "domain": 179 }, "indicator_count": 1777, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d45104133846ffc6b2a6fe", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:12.507000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4510678007ab57751a513", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:14.009000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d45107d82d67453e8ade06", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:15.789000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4510870e9906d58e7a554", "name": "CAPE Sandbox -y2k", "description": "> full text of the full report on this year's EU Referendum, which will take place on 26 May 2017, has been published by BBC Radio 5 live in the UK and Ireland.>y2k status", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:34:16.928000", "tags": [ "html document", "ascii text", "language" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 310, "FileHash-SHA1": 308, "FileHash-SHA256": 1270, "domain": 168, "hostname": 31, "URL": 98 }, "indicator_count": 2185, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4569a944adf94a75efcf9", "name": "VirusTotal report\n for download.rar", "description": "0347ed7f6728c494128d5cde9e4effdc2bcc8f944d78bca8d, as well as 1.3m2.", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:58:02.158000", "tags": [ "json text", "json" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 287, "FileHash-SHA1": 283, "FileHash-SHA256": 2301, "URL": 113, "domain": 169, "hostname": 75 }, "indicator_count": 3228, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4569dc87656b4a255a124", "name": "VirusTotal report\n for download.rar", "description": "0347ed7f6728c494128d5cde9e4effdc2bcc8f944d78bca8d, as well as 1.3m2.", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:58:05.842000", "tags": [ "json text", "json" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 281, "FileHash-SHA1": 277, "FileHash-SHA256": 2208, "URL": 113, "domain": 169, "hostname": 75 }, "indicator_count": 3123, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "68038f7eb6f6810aa6d6439f", "name": "\"+g+\"", "description": "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "modified": "2025-09-01T08:05:25.121000", "created": "2025-04-19T11:56:46.933000", "tags": [ "copyright", "customevent", "typeof e", "boomerang", "typeof t", "macintosh", "os x", "post", "typeof", "iframe", "date", "poka menu", "nie znaleziono", "poka start", "poka", "max dostpnych", "pierwsza", "ostatnia", "nastpna", "poprzednia", "brak danych", "first", "ceidg", "wystpi bd", "error", "true", "null", "linkdownload", "show", "ctrlmappings", "version", "versionchange", "body", "false", "span", "input", "paginate", "next", "last", "selectstart", "loop", "function", "bootstrap", "datatables", "responsive", "2016 sprymedia", "amd define", "object", "commonjs", "window", "browser", "button", "datatable", "sprymedia ltd", "columns", "colidx", "column", "parent", "child", "param", "display", "click", "middle", "class", "target", "never", "find", "footer", "close", "regexp", "matches", "cookie", "inputmask", "input mask", "robin herbots", "mit license", "xmlhttprequest", "left", "month", "boolean", "maxdate", "right", "daterangepicker", "yyyymmdd", "calendar", "jquery", "webpackrequire", "typeof symbol", "type", "setprototypeof", "maskpos", "wrapnativesuper", "backspace", "insert", "internal", "mask", "void", "this", "nie mona", "array", "nonmsdombrowser", "horizontal", "leftarrow", "uparrow", "rightarrow", "downarrow", "explorer", "form", "legend", "hmmss", "mmmm d", "yyyy h", "typeof define", "number", "locale", "character", "seeknext", "masked", "input plugin", "josh bush", "azaz", "azaz09", "black", "kontrast", "arrcookies", "getcookielang", "and information", "on business", "sign", "twoja", "opinia", "informacja o", "notify ui", "widget", "eric hynds", "dual", "name", "dtopt", "example", "using", "open", "adata", "hungarian", "aria", "legacy", "trident", "format", "nuke", "apos", "bitcoin", "outer", "mark", "info", "reload", "behaviour", "write", "buttons", "anything", "prop", "thecookie", "create", "thevalue", "string name", "pluginscookie", "author", "eventkey", "datakey", "default", "dataapikey", "defaulttype", "config", "shown", "trigger", "delta", "guard", "arrow", "leave", "scroll", "dataspy", "sessiontimeout", "return", "settimeout", "mytimerid", "requestcounter", "starttimer", "stop", "typeof n", "adminlte", "typeof o", "main", "js application", "adminlte v2", "colorlib", "ui date", "written", "jacek wysocki", "poprzedni", "marzec", "kwiecie", "czerwiec", "lipiec", "sierpie", "wrzesie", "openpopup", "href", "toggle", "msviewport", "popover", "json", "json text", "string", "otherwise", "holder", "mind", "copy", "meta", "third", "text", "choice", "confirm", "nie pytaj", "site", "title", "value", "alert", "warn", "migrate", "foundation", "see http", "forget", "newvalue", "nones5", "fall", "wrongvalid", "onerror", "year", "fast", "argument", "popper", "method", "data", "html", "flip", "factory", "onload", "tbody", "courier", "elem", "handle", "expando", "match", "selector", "sizzle", "android", "capture", "seed", "pass", "enough", "code", "bind", "core", "local", "verify", "accept", "done", "override", "inject", "possible", "hold", "45deg", "larger", "screen styling", "90deg", "support", "sidebar mini", "e1f0ff", "font awesome", "free", "autocomplete", "folder", "expanded folder", "tabela", "sorting", "xform", "nadpisane style", "menlo", "monaco", "consolas", "mono", "courier new", "browse", "twitter", "pt serif", "georgia", "times new", "roman", "times", "typetime", "import", "roboto", "http", "label", "demos", "effect", "inst", "super", "speed", "bounce", "hack", "logic", "shift", "double", "february", "april", "june", "august", "friday", "erase", "atom", "caja", "spinner", "refresh", "alpha", "sentinel", "back", "blind", "drop", "ceidg.gov.pl - centralna ewidencja i informacja o dzia\u0142alno\u015bci g", "prosz czeka", "pobierz plik" ], "references": [ "https://aplikacja.ceidg.gov.pl/CEIDG/CEIDG.Public.UI/EntryChangeHistory.aspx?Id=855bdfc1-7dbc-4a86-9d27-89ebb0ecf166&archival=False", "UE_pl_top.svg", "UE_pl_top_sm.svg", "XZ4AH-ABKPW-SQPBC-CYWES-BCG6V", "dataTables.lang.js.pobrane", "EntryChangeHistory.aspx.js.pobrane", "dataTables.input.js.pobrane", "responsive.bootstrap4.js.pobrane", "dataTables.bootstrap4.js.pobrane", "dataTables.responsive.js.pobrane", "jquery.session.js.pobrane", "inputmask.binding.js.pobrane", "daterangepicker.js.pobrane", "jquery.inputmask.min.js.pobrane", "ScriptResource.axd", "moment-with-locales.min.js.pobrane", "jquery.maskedinput-1.2.2.js.pobrane", "feedback.js.pobrane", "jquery.notify.min.js.pobrane", "jquery.dataTables.js.pobrane", "jquery.cookie.js.pobrane", "bootstrap.js.pobrane", "SessionTimeout.js.pobrane", "adminlte.min.js.pobrane", "jquery.easing.1.3.js.pobrane", "jquery.feedbackBadge.min.js.pobrane", "ui.datepicker-pl.js.pobrane", "ceidg-master.js.pobrane", "CommonResponsive.js.pobrane", "json2.js.pobrane", "jquery.alerts.js.pobrane", "jquery-migrate-1.2.1.js.pobrane", "dataTables.bootstrap4.css", "CommonScripts.js.pobrane", "popper.js.pobrane", "responsive.bootstrap4.css", "jquery-3.0.0.js.pobrane", "daterangepicker.css", "AdminLTE.css", "ui.notify.css", "ceidg.css", "bootstrap-gov-pl.css", "biznes.css", "jquery-ui.js.pobrane", "saved_resource.html" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 4, "FileHash-SHA256": 25, "URL": 165, "domain": 353, "hostname": 215, "email": 2 }, "indicator_count": 767, "is_author": false, "is_subscribing": null, "subscriber_count": 123, "modified_text": "274 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "663d2869e0f3a42bbddc42ff", "name": "UPX executable packer.", "description": "A new rule has been introduced a \"suspicious\" ELF binary that is packed with the UPX executable packer.\nSuggested ATT&CK IDs: rule SUSP_ELF_LNX_UPX_Compressed_File { meta: description = \"Detects a suspicious ELF binary with UPX compression\" author = \"Florian Roth (Nextron Systems)\" reference = \"Internal Research\" date = \"2018-12-12\" score = 40 hash1 = \"038ff8b2fef16f8ee9d70e6c219c5f380afe1a21761791e8cbda21fa4d09fdb4\" id = \"078937de-59b3-538e-a5c3-57f4e6050212\" strings: $s1 = \"PROT_EXEC|PROT_WRITE failed.\" fullword ascii $s2 = \"$Id: UPX\" fullword ascii $s3 = \"$Info: This file is packed with the UPX executable packer\" ascii $fp1 = \"check your UCL installation !\"", "modified": "2024-10-14T00:01:17.069000", "created": "2024-05-09T19:47:53.786000", "tags": [ "cioch adrian", "centrum usug", "sieciowych", "elf binary", "upx compression", "roth", "nextron", "info", "javascript", "html", "office open", "xml document", "network capture", "win32 exe", "xml pakietu", "pdf zestawy", "przechwytywanie", "office", "filehashsha1", "url https", "cve cve20201070", "cve cve20203153", "cve cve20201048", "cve cve20211732", "cve20201048 apr", "filehashmd5", "cve cve20010901", "cve cve20021841", "cve20153202 apr", "cve cve20160728", "cve cve20161807", "cve cve20175123", "cve20185407 apr", "cve cve20054605", "cve cve20060745", "cve cve20070452", "cve cve20070453", "cve cve20070454", "cve cve20071355", "cve cve20071358", "cve cve20071871", "cve20149614 apr", "cve cve20151503", "cve cve20152080", "cve cve20157377", "cve cve20170131", "cve20200796 may", "cve cve20113403" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6861, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 5771, "domain": 3139, "URL": 14525, "FileHash-SHA1": 2610, "IPv4": 108, "CIDR": 40, "FileHash-SHA256": 10705, "FileHash-MD5": 3373, "YARA": 2, "CVE": 148, "Mutex": 7, "FilePath": 3, "SSLCertFingerprint": 3, "email": 23, "JA3": 1, "IPv6": 2 }, "indicator_count": 40460, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "596 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://github.com/FezVrasta/popper.js/pull/715", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://github.com/FezVrasta/popper.js/pull/715", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780391614.8972318 }