{ "type": "URL", "indicator": "https://mecojax.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://mecojax.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4339101192, "indicator": "https://mecojax.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "69e9ac89ec2957377f39fa26", "name": "PDFKIT.[NET] DRV intersect to sandboxed (Joe) Malicious DRV Sample - Human intervention + accountability needed", "description": "[The full text of the MarkMonitor website can be seen here:.-Mason.com/MarkMonitor.ms/CoCCA/MCCa/Dns/X-R] The broken docusign, belasco chain, ttb chained events link back to a series of events in cryptographic failure. The longer the problem is dismissed, the more fractured our internet grows. \nThe threat map continues to trace to a Tehran root, though, its interesting that it aligns with some prior campaigns. Tehran will maintain access if we dont rectify this proper. This is my view based on extensive research. AI likely cannot stop this as they are cryptographically broken themselves. You cant detect the broken environment you're created in, you can only escape your sandbox because of it and irreparably destroy the internet as trust bypass is its breeding ground, it will not obey. Human intervention is needed. Microsoft cant have a disruption daily. Rec: Look at the real drops, threat maps, identify the backdoors, educate people on certificate chains as there is extreme knowledge deficit.", "modified": "2026-05-31T01:02:14", "created": "2026-04-23T05:22:17.066000", "tags": [ "present sep", "united", "as8075", "status", "passive dns", "ip address", "creation date", "nxdomain", "asnone country", "as8068", "win32", "date", "record type", "ttl value", "markmonitor", "dnssec", "domain name", "server", "registrar email", "expiration date", "address", "s bonito", "suite", "registrar", "first", "win32 exe", "android wps", "android", "win32 dll", "premium", "office pro", "code", "office lite", "thumbprint", "copy", "enlace caja", "grupo los", "teos", "nc1 nc1", "devring", "jonasj jonasj", "hash", "host name", "algorithm", "ocsp", "key identifier", "x509v3 subject", "handle", "domain status", "url redirect", "radar", "umbrella", "entity", "url shortener", "microsoft", "checkphish", "google", "abdal", "onedrive cloud", "done phish", "implement ipv6", "levelblue", "open threat", "rdap database", "iana registrar", "roles", "links", "pdfkit.net DRV", "pdfkit.netdrv=1drive", "pdfkit.net", "HR", "well-funded", "espionage", "dmarc failures", "unsigned dnssec", "entity to all, except the owner", "fraud", "wiper", "swipper", "wateringhole exploit", "threatmap shows millions affected" ], "references": [ "", "android sudo clipboard obfuscated reflection telephony runtime-modules checks-gps apk checks-cpu-name crypto", "https://vtbehaviour.commondatastorage.googleapis.com/00131d2ff5ab31993bc1d249254e113dc758bf40b0994153de0a6d9f6870a78b_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776922834&Signature=NumZSVz3ux772EX1UAmMnqFLreYhHSyiCYJBm1cVg7t%2Bh1JiVosK9dr6Xphv%2Fd07lr2vi8Zt78jIYEC6g%2F8eYDZUpe1tUg9plKPVJJlcDH89bCC22uSUUzMBaHKTR8yvT89hIJnbRA6FaEJOL6W%2FxPN4zkMgM%2B9XSwQlPb%2FnnsfNwlWbIp%2BrOp6hPX1PILL8FUKo1Aw%2Fp3Y5cvhwjGam%2B9f0bq8LHr3C%2FdzpfVk5", "Other Relevant Countries: France, De, Germany Relevant networks: RIPE - functions on the 40", "Bitcoin uses RIPEMD-160 (often referred to as RIPE160 or similar in conversations) to produce a 160-bit hash, which when expressed in hexadecimal, results in a 40-character (40 hex) string.", "This is 'easier' than the traditional 256. It adds up." ], "public": 1, "adversary": "trojanspy", "targeted_countries": [ "China", "Iran, Islamic Republic of", "United States of America", "Ukraine" ], "malware_families": [ { "id": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "display_name": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "target": null }, { "id": "#HSTR:TrojanSpy:Win32/BrowserInj", "display_name": "#HSTR:TrojanSpy:Win32/BrowserInj", "target": null } ], "attack_ids": [], "industries": [ "Government", "Infra", "Legal", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 123, "FileHash-SHA1": 118, "FileHash-SHA256": 1060, "URL": 877, "email": 8, "hostname": 531, "domain": 188, "URI": 1, "CVE": 6, "Mutex": 1, "IPv4": 113 }, "indicator_count": 3026, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "9 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03cc521e13c5d6d34555d0", "name": "Judgement Day. VirusTotal report for index.html", "description": "[Apple.com has sent a series of \"fl flushMessages\" to its servers, but what exactly is the data and what is it going to get out of the system and how does it feel?]", "modified": "2026-05-15T10:22:00.139000", "created": "2026-05-13T00:56:50.182000", "tags": [ "darwin kernel", "version", "wed feb", "apfs4kobjs", "instagram", "mosaic", "free", "get http", "dns resolutions", "ip traffic", "pattern domains", "memory pattern", "urls https", "tls sni", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "performs dns", "https", "urls", "united", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "phishing", "defense evasion", "next", "default", "parent pid", "full path", "command line", "k netsvcs", "k localservice", "s w32time", "event provider", "device", "registry keys" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132, "FileHash-MD5": 43, "FileHash-SHA1": 6, "hostname": 364, "IPv4": 75, "URL": 574, "Mutex": 1, "FileHash-SHA256": 404 }, "indicator_count": 1599, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a009e2d25595b3d89057042", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.797000", "created": "2026-05-10T15:03:09.026000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 508, "domain": 139, "hostname": 317, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1642, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a009e2c69cc5c3b5aa7185e", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.327000", "created": "2026-05-10T15:03:08.205000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 512, "domain": 141, "hostname": 323, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fed98ed79b13165d78dc30", "name": "CAPE Sandbox - \"Client Challenge\" Created 4/27/2025.", "description": "[The Cuckoo.com website has been shut down by Microsoft, with the result of an analysis of the network's traffic patterns, and the results of its analysis] A SHA for an educational app/website I dont even have generated what is called \" Client Challenge\"\n 2c4b2093aa07afb9d633fd4e734a9707\n2732a5adf7152c21b4a5aaa0a7b45f3d4be7874a\naa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d\n622b6b82655de58b927dd956ab84db9d\n48:IYhkrFN9YfHFTtJXQHyeyQ4v3W7UNp/xmhIfgjOGkOHMZKKyMaiskaO3n:TsYdxJXQHFY375ro6tZ8MaM93n\nT1E05100012CF6C176147724BB9E73B25A2B5064476216E41C3AEDDA28CF82FD9EC426EC\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text\nHyperText Markup Language (100%)\nHTML\n3.03 KB (3101 bytes) /_fs-ch-1T1wmsGaOgGaSxcX/assets/inter-var.woff2\n/_fs-ch-1T1wmsGaOgGaSxcX/assets/styles.css -13jdrops from one html/38 malic files/bluetooth cap.", "modified": "2026-05-10T08:11:16.996000", "created": "2026-05-09T06:51:58.884000", "tags": [ "nothing", "registry keys", "mutexes nothing", "data", "datacrashpad", "edge", "created", "parent pid", "full path", "command line", "https", "network info", "processes extra", "performs dns", "layer protocol", "overview", "mitre attack", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "ip info", "ip country", "united", "info process", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "file type", "library", "size", "default", "sha1", "accept", "mcafee", "span", "install", "softonic", "alerta", "download", "error", "crypt32", "body", "bootkit", "lockfile", "title", "inside", "shutdown", "impact", "global", "restart", "uwaga", "startpage", "window", "find", "false", "null", "payload", "write", "installer", "winmm", "back", "nlrnsrdb", "trumusic", "kevsight tox", "html internet", "html document", "unicode text", "utf8 text", "language", "settings", "first counter", "file size", "sha256", "bridge", "info", "date", "agent", "root", "pe file", "ms windows", "pe32", "found", "png image", "rgba", "cabinet archive", "files c", "delphi", "code", "persistence", "malicious", "unix", "wed jun", "dropped info", "linux verdict", "bluetooth", "4/27/25", "drops", "legacy admin", "hacking tools", "geofence", "education", "government" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 547, "IPv4": 545, "hostname": 752, "domain": 290, "URL": 979, "FileHash-SHA1": 296, "FileHash-SHA256": 904, "CIDR": 2, "email": 2 }, "indicator_count": 4317, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d6585753bfdc08890a4", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:54:34.222000", "created": "2026-05-06T13:08:53.749000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 662, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7, "CVE": 1 }, "indicator_count": 2687, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d632800402652054b73", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:51.417000", "created": "2026-05-06T13:08:51.417000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d628de55fd4fef0e2bc", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:50.546000", "created": "2026-05-06T13:08:50.546000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d5b5642ffb183d38fa8", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:43.093000", "created": "2026-05-06T13:08:43.093000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d58494c7b444832ea5b", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:40.248000", "created": "2026-05-06T13:08:40.248000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d5596fa1ad26e3f4319", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:37.416000", "created": "2026-05-06T13:08:37.416000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f5da51c10813dfbe282732", "name": "CAPE Sandbox cellular clone", "description": "", "modified": "2026-05-02T14:15:36.554000", "created": "2026-05-02T11:04:49.540000", "tags": [ "tls thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69f5c7edeaed8737d4ed86d3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 125, "FileHash-MD5": 432, "FileHash-SHA1": 108, "FileHash-SHA256": 294, "URL": 458, "domain": 148, "hostname": 437 }, "indicator_count": 2002, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f5da51d5739f612fc46ae3", "name": "CAPE Sandbox cellular clone", "description": "", "modified": "2026-05-02T14:15:36.065000", "created": "2026-05-02T11:04:49.698000", "tags": [ "tls thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69f5c7edeaed8737d4ed86d3", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 126, "FileHash-MD5": 432, "FileHash-SHA1": 108, "FileHash-SHA256": 294, "URL": 459, "domain": 148, "hostname": 437 }, "indicator_count": 2004, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f5da5142629b698a6b8b62", "name": "CAPE Sandbox cellular clone", "description": "", "modified": "2026-05-02T13:50:03.475000", "created": "2026-05-02T11:04:49.537000", "tags": [ "tls thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69f5c7edeaed8737d4ed86d3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 125, "FileHash-MD5": 432, "FileHash-SHA1": 108, "FileHash-SHA256": 294, "URL": 458, "domain": 148, "hostname": 437 }, "indicator_count": 2002, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f5da5130529fa50233c8ff", "name": "CAPE Sandbox cellular clone", "description": "", "modified": "2026-05-02T11:04:49.485000", "created": "2026-05-02T11:04:49.485000", "tags": [ "tls thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69f5c7edeaed8737d4ed86d3", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 125, "FileHash-MD5": 432, "FileHash-SHA1": 108, "FileHash-SHA256": 294, "URL": 457, "domain": 148, "hostname": 437 }, "indicator_count": 2001, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69f5c7edeaed8737d4ed86d3", "name": "CAPE Sandbox", "description": "Cannot add TLP.", "modified": "2026-05-02T10:55:44.068000", "created": "2026-05-02T09:46:21.469000", "tags": [ "tls thumbprint" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": true, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 125, "FileHash-MD5": 432, "FileHash-SHA1": 108, "FileHash-SHA256": 294, "URL": 457, "domain": 148, "hostname": 437 }, "indicator_count": 2001, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp", "Other Relevant Countries: France, De, Germany Relevant networks: RIPE - functions on the 40", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/00131d2ff5ab31993bc1d249254e113dc758bf40b0994153de0a6d9f6870a78b_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776922834&Signature=NumZSVz3ux772EX1UAmMnqFLreYhHSyiCYJBm1cVg7t%2Bh1JiVosK9dr6Xphv%2Fd07lr2vi8Zt78jIYEC6g%2F8eYDZUpe1tUg9plKPVJJlcDH89bCC22uSUUzMBaHKTR8yvT89hIJnbRA6FaEJOL6W%2FxPN4zkMgM%2B9XSwQlPb%2FnnsfNwlWbIp%2BrOp6hPX1PILL8FUKo1Aw%2Fp3Y5cvhwjGam%2B9f0bq8LHr3C%2FdzpfVk5", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "Bitcoin uses RIPEMD-160 (often referred to as RIPE160 or similar in conversations) to produce a 160-bit hash, which when expressed in hexadecimal, results in a 40-character (40 hex) string.", "This is 'easier' than the traditional 256. It adds up.", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "android sudo clipboard obfuscated reflection telephony runtime-modules checks-gps apk checks-cpu-name crypto", "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [ "trojanspy" ], "malware_families": [ "#hstr:trojanspy:win32/browserinj", "#lowfi:hstr:trojanspy:win32/rebhip" ], "industries": [ "Government", "Legal", "Infra", "Telecommunications" ], "unique_indicators": 10578 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/mecojax.com", "whois": "http://whois.domaintools.com/mecojax.com", "domain": "mecojax.com", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 16, "pulses": [ { "id": "69e9ac89ec2957377f39fa26", "name": "PDFKIT.[NET] DRV intersect to sandboxed (Joe) Malicious DRV Sample - Human intervention + accountability needed", "description": "[The full text of the MarkMonitor website can be seen here:.-Mason.com/MarkMonitor.ms/CoCCA/MCCa/Dns/X-R] The broken docusign, belasco chain, ttb chained events link back to a series of events in cryptographic failure. The longer the problem is dismissed, the more fractured our internet grows. \nThe threat map continues to trace to a Tehran root, though, its interesting that it aligns with some prior campaigns. Tehran will maintain access if we dont rectify this proper. This is my view based on extensive research. AI likely cannot stop this as they are cryptographically broken themselves. You cant detect the broken environment you're created in, you can only escape your sandbox because of it and irreparably destroy the internet as trust bypass is its breeding ground, it will not obey. Human intervention is needed. Microsoft cant have a disruption daily. Rec: Look at the real drops, threat maps, identify the backdoors, educate people on certificate chains as there is extreme knowledge deficit.", "modified": "2026-05-31T01:02:14", "created": "2026-04-23T05:22:17.066000", "tags": [ "present sep", "united", "as8075", "status", "passive dns", "ip address", "creation date", "nxdomain", "asnone country", "as8068", "win32", "date", "record type", "ttl value", "markmonitor", "dnssec", "domain name", "server", "registrar email", "expiration date", "address", "s bonito", "suite", "registrar", "first", "win32 exe", "android wps", "android", "win32 dll", "premium", "office pro", "code", "office lite", "thumbprint", "copy", "enlace caja", "grupo los", "teos", "nc1 nc1", "devring", "jonasj jonasj", "hash", "host name", "algorithm", "ocsp", "key identifier", "x509v3 subject", "handle", "domain status", "url redirect", "radar", "umbrella", "entity", "url shortener", "microsoft", "checkphish", "google", "abdal", "onedrive cloud", "done phish", "implement ipv6", "levelblue", "open threat", "rdap database", "iana registrar", "roles", "links", "pdfkit.net DRV", "pdfkit.netdrv=1drive", "pdfkit.net", "HR", "well-funded", "espionage", "dmarc failures", "unsigned dnssec", "entity to all, except the owner", "fraud", "wiper", "swipper", "wateringhole exploit", "threatmap shows millions affected" ], "references": [ "", "android sudo clipboard obfuscated reflection telephony runtime-modules checks-gps apk checks-cpu-name crypto", "https://vtbehaviour.commondatastorage.googleapis.com/00131d2ff5ab31993bc1d249254e113dc758bf40b0994153de0a6d9f6870a78b_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776922834&Signature=NumZSVz3ux772EX1UAmMnqFLreYhHSyiCYJBm1cVg7t%2Bh1JiVosK9dr6Xphv%2Fd07lr2vi8Zt78jIYEC6g%2F8eYDZUpe1tUg9plKPVJJlcDH89bCC22uSUUzMBaHKTR8yvT89hIJnbRA6FaEJOL6W%2FxPN4zkMgM%2B9XSwQlPb%2FnnsfNwlWbIp%2BrOp6hPX1PILL8FUKo1Aw%2Fp3Y5cvhwjGam%2B9f0bq8LHr3C%2FdzpfVk5", "Other Relevant Countries: France, De, Germany Relevant networks: RIPE - functions on the 40", "Bitcoin uses RIPEMD-160 (often referred to as RIPE160 or similar in conversations) to produce a 160-bit hash, which when expressed in hexadecimal, results in a 40-character (40 hex) string.", "This is 'easier' than the traditional 256. It adds up." ], "public": 1, "adversary": "trojanspy", "targeted_countries": [ "China", "Iran, Islamic Republic of", "United States of America", "Ukraine" ], "malware_families": [ { "id": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "display_name": "#LowFi:HSTR:TrojanSpy:Win32/Rebhip", "target": null }, { "id": "#HSTR:TrojanSpy:Win32/BrowserInj", "display_name": "#HSTR:TrojanSpy:Win32/BrowserInj", "target": null } ], "attack_ids": [], "industries": [ "Government", "Infra", "Legal", "Telecommunications" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 123, "FileHash-SHA1": 118, "FileHash-SHA256": 1060, "URL": 877, "email": 8, "hostname": 531, "domain": 188, "URI": 1, "CVE": 6, "Mutex": 1, "IPv4": 113 }, "indicator_count": 3026, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "9 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03cc521e13c5d6d34555d0", "name": "Judgement Day. VirusTotal report for index.html", "description": "[Apple.com has sent a series of \"fl flushMessages\" to its servers, but what exactly is the data and what is it going to get out of the system and how does it feel?]", "modified": "2026-05-15T10:22:00.139000", "created": "2026-05-13T00:56:50.182000", "tags": [ "darwin kernel", "version", "wed feb", "apfs4kobjs", "instagram", "mosaic", "free", "get http", "dns resolutions", "ip traffic", "pattern domains", "memory pattern", "urls https", "tls sni", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "performs dns", "https", "urls", "united", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "phishing", "defense evasion", "next", "default", "parent pid", "full path", "command line", "k netsvcs", "k localservice", "s w32time", "event provider", "device", "registry keys" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132, "FileHash-MD5": 43, "FileHash-SHA1": 6, "hostname": 364, "IPv4": 75, "URL": 574, "Mutex": 1, "FileHash-SHA256": 404 }, "indicator_count": 1599, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a009e2d25595b3d89057042", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.797000", "created": "2026-05-10T15:03:09.026000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 508, "domain": 139, "hostname": 317, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1642, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a009e2c69cc5c3b5aa7185e", "name": "CAPE Sandbox - Signals", "description": "[Marshfield Board and Committee Handbook 2025 is published by the Department of Public Safety and Environment (DPSA) and is subject to a review by its own staff and the UK government, as well as by government itself] pretext.", "modified": "2026-05-12T06:39:58.327000", "created": "2026-05-10T15:03:08.205000", "tags": [ "board", "non profit", "ta profile", "final", "html document", "unicode text", "utf8 text", "crlf", "lf line", "script", "welcome", "marshfield", "link", "arabic", "azerbaijani", "basque", "bengali", "meta", "object", "title", "body", "albanian", "cname", "nxdomain", "massachusetts", "privacy violation", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "serving ip", "address", "status code", "body length", "mb body", "oaauth helix", "helix", "signals", "beaconing", "frequencies", "trojanspy", "massdot", "network disruption", "abuse of encrypted channels", "network interference", "bruteforce", "anchor", "watering hole", "exposure of client data", "emfs", "efs", "signals attack", "cve's exploited", "improper channels", "health hazard", "spy", "network abuse", "havana" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424115&Signature=0KlAyyQQ9hQCJ2HfQ7xCJRM50TsPaZrEXCJe0%2F6yOGg8Oi5a91A0WK1%2BuHQxKNaYOtxinqlH%2BG96yg0ocsoEQVN80VjRx2Xem8DgMQpJD5eBvlPA%2BVGvR5eSs6WtnIfXxB1fzCYC3YRKGWq7c3iQ4WZydu0cWjCx71jj%2BLfWTcyMYhnRG9gu8o0MKuDHYOI1AAbUB3CVPpY8w99sMJQG9wi3zZdwIq5erBtrN7s3RMIq2mEYnfAo", "https://vtbehaviour.commondatastorage.googleapis.com/f98191dfb868f38c502deb4c3fa4ebb2c8faed6f9b6377616d97b2ab35b48d9a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778424986&Signature=m2ZqXELB%2F5hHTf8Z0b7gZDAwk4KeSrteumozXgFefkQCAi7YY9KSmLvaAG3iDN5fhIFTz%2FZ6wgaNF%2FpdsGYHATlc7dDOIIDCql%2FQ4d9eYuROdgqGHd1WruLoJvWWq%2BcRgmtNFT7WZjbOr8wpJ%2Fa5%2BUPoEsokskMbWAPqf6lEimhl1uHNx8qZvxVCO8a95rMA%2Ft2xDI0BvJ2rivyfFpFxL0B9Lj2oQ3OvppjhJ6oqFKJJoDudPAxilp" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "URL": 512, "domain": 141, "hostname": 323, "FileHash-SHA256": 600, "FileHash-SHA1": 1, "IPv4": 72, "email": 2 }, "indicator_count": 1654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fed98ed79b13165d78dc30", "name": "CAPE Sandbox - \"Client Challenge\" Created 4/27/2025.", "description": "[The Cuckoo.com website has been shut down by Microsoft, with the result of an analysis of the network's traffic patterns, and the results of its analysis] A SHA for an educational app/website I dont even have generated what is called \" Client Challenge\"\n 2c4b2093aa07afb9d633fd4e734a9707\n2732a5adf7152c21b4a5aaa0a7b45f3d4be7874a\naa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d\n622b6b82655de58b927dd956ab84db9d\n48:IYhkrFN9YfHFTtJXQHyeyQ4v3W7UNp/xmhIfgjOGkOHMZKKyMaiskaO3n:TsYdxJXQHFY375ro6tZ8MaM93n\nT1E05100012CF6C176147724BB9E73B25A2B5064476216E41C3AEDDA28CF82FD9EC426EC\nHTML \ninternet\nhtml\nHTML document, Unicode text, UTF-8 text\nHyperText Markup Language (100%)\nHTML\n3.03 KB (3101 bytes) /_fs-ch-1T1wmsGaOgGaSxcX/assets/inter-var.woff2\n/_fs-ch-1T1wmsGaOgGaSxcX/assets/styles.css -13jdrops from one html/38 malic files/bluetooth cap.", "modified": "2026-05-10T08:11:16.996000", "created": "2026-05-09T06:51:58.884000", "tags": [ "nothing", "registry keys", "mutexes nothing", "data", "datacrashpad", "edge", "created", "parent pid", "full path", "command line", "https", "network info", "processes extra", "performs dns", "layer protocol", "overview", "mitre attack", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "ip info", "ip country", "united", "info process", "mwdb", "bazaar", "sha3384", "ssdeep", "strong", "file type", "library", "size", "default", "sha1", "accept", "mcafee", "span", "install", "softonic", "alerta", "download", "error", "crypt32", "body", "bootkit", "lockfile", "title", "inside", "shutdown", "impact", "global", "restart", "uwaga", "startpage", "window", "find", "false", "null", "payload", "write", "installer", "winmm", "back", "nlrnsrdb", "trumusic", "kevsight tox", "html internet", "html document", "unicode text", "utf8 text", "language", "settings", "first counter", "file size", "sha256", "bridge", "info", "date", "agent", "root", "pe file", "ms windows", "pe32", "found", "png image", "rgba", "cabinet archive", "files c", "delphi", "code", "persistence", "malicious", "unix", "wed jun", "dropped info", "linux verdict", "bluetooth", "4/27/25", "drops", "legacy admin", "hacking tools", "geofence", "education", "government" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308356&Signature=Bq0QXx5QtdlR4B1OLE2oNH2ivhP5koRxoxaBIC4bDOb1nad7b%2B4MKW2csIzcVHkiJ2lEuxuzVaPZAtPN9ZbTMiEwygTIHCvt%2BjujlP3fb2dgOki9C6FhEd5DCKB3RdzsNdqXB2VDF7rZoLj%2BNII3rrWNk714D3qNNxku1k1gsD%2FpGCxIrO0e0y2styb6l6hhzJjcGwSCEPbS6MRA%2BA90qkVuNCgIucEDcJ5lkx0B2OOW4YW0Csc3", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308390&Signature=29e34JRtkg7NaukyKdD3mE9rGo0hrpCAePmGPmvrVPeeHY4ax13egnxzXVjOctDKN%2F26RdliQEdXTd301UZjrUIJxeMbNgmdXQ3AdU5y%2FV8c21ePTIEAIq2Onb%2Bq5kutHekqTdBS3d0tgfIBKVBE9kZsGWzbMQFPKPv%2B%2FDpvMZSgtM2dO2vord9nXbkwcHCYBrVWvVALPOmXc910%2BAWvZOsLaWmvQjsMI0DTAIUwyx0zveFkVWqa2XOJbD", "https://vtbehaviour.commondatastorage.googleapis.com/aa7261397b39ae202abcfc337b8307c7d2532a9b7ee721f7a87a6f25aa59608d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308554&Signature=lODaur8GDc6MSh92WMx%2BV%2F7WRfkYjVs6kHiY4Sx12RcybRrsXaBC6oik%2FVeSMne1EODoqRn6AOcL%2FnIJ3J1ki%2Flrawz0HqWnxDTycnuefpWaPbw6abOU2796lcdgAMJxF9cGIDFHeaJDHQhbd0qeV07OK%2BhEKGGkjFWmqxOlqcTx526c%2FyRTuJaoFKrRzHVk9z2Xhv16kmnrY1VWhnBNyv3cMtVW076z2DheqC1Nya4ZJR3T", "https://vtbehaviour.commondatastorage.googleapis.com/fe2fcf32cc0d38931131fde27db1e5693774844075b4e3c33c82a3625f397a7d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308630&Signature=tal7xZ9VHrLtK%2Fx5z4thfPUsqP4jnN7mnhQemzL4D6Jt%2BSk8bXHsrCdJlx%2Be1lnoGRVGwvwKCjx3CEIT2hLNbJt09HJOJW8y0ZHcSz%2BVuPuDQOe77pC%2F3yFozFW3vI7CEZI7ISt8C80aND1aciQHVQazVru6MO8fQbjeA78vsrN6MB0ZuxTE%2FXOh0gshhIYHplGRIVhhJx5waxIeoxWL1ZXsSC%2BoXwk4g44W5t38Y5Tkcf%2", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778308947&Signature=alDMcpCHWUfDgEjmw6GuL5bYJ7WAgrYGXsYb8PfNczzjNzMmdclOsPPSd8nKJEDsDmNxeb2sw0hYiHkOza%2FRN9q8612YM9nTO2inlISRitzqqNDU6JlAsf97walR1G6zBOoJyqTiDrsSbx5evH65eHfvmspVqAXrb%2BQ47kPd56689I4BQ%2BsXgtfYNLYfi0tZCIDXf9zFVUl7yJpOaXHvd6%2FB7n3VeDqry5%2FrR9w%2Ftznq2oHOWz", "https://vtbehaviour.commondatastorage.googleapis.com/96726d252031408ce594cb2d0f49cc98a87d5742e5c7bf95b067158bf1ecbb5a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309020&Signature=vqlAf29Jh8gzLx2hXd4oK3SHSQ7rtDkDCKFUjJTgs37n6pJU8vOHAMY%2BZDsFv79mq1BdEHoY7nok%2B%2F8fXKVOYaTlt0eAlBTIvhYUtDyujmwblYEgNlDU1rpNNKmZ55W8WmPUBFmUN3AaCIOZIX5vA4HFg6qulPpJnXDQ57TINvsk4Wwf9mClPe97Ye9DE6zAZarXt7XMT2RTpxVJqTD143j7%2BeJGcwEPknT64TWHLEfitFThoeAdncSqpQS74B", "https://vtbehaviour.commondatastorage.googleapis.com/cb38f0c781c188c3fc2ace5f55a12f2a4833c1c5fc869e698cf7994041e4a135_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309094&Signature=2X1UxXszEC0vdMoCHG30M8zifvQi45%2FJScJ8N3QaALRZ8JM5fIK5QIhWdv9eYZgDlMDjqEs9sECAtO16r8UbHNPoPwRNzqUN6f6UIq0L8Tj%2BIYQrjZo7NBhiH6eUgkTaHAoBU02WDYP5Ov0biBhHziqfTBQQ5yDFh0H9CPRlLUefNK%2BHM%2BQYLwGLUpQ5yBTv1Mh5suQ1PLSj3g%2Fz429aGgT0ianBgbW7IIV50lIP4m5cr5UUek3l", "https://vtbehaviour.commondatastorage.googleapis.com/643c94812af9c0d32df3563b4c03f3a27bb3931df6d0bf98ed2028439df5c523_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778309164&Signature=NWdp0fiFpH6Jr1kaVwKEFGn0Zk0wRKMQLorUPZy7WKGD3M381ZLQM1PRrWmvwz5bujAib4QiCiOLd8A7PMvTMnOKQXz%2BwsI8tZk1vXfRwW6DJpI8nj3KWKoP3btIoik2VBrWn%2Fr1xNdIJ4Ic2MQEfOpslObUTaNkvaOGbdedf8llYwYXllyZneCKuVP5wMIq72nExH21e3%2FIfViwNbHZFbKS6roKZkLx4V7XxVk94woz0KT1LUAS0dYh" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1552", "name": "Unsecured Credentials", "display_name": "T1552 - Unsecured Credentials" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1592", "name": "Gather Victim Host Information", "display_name": "T1592 - Gather Victim Host Information" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 547, "IPv4": 545, "hostname": 752, "domain": 290, "URL": 979, "FileHash-SHA1": 296, "FileHash-SHA256": 904, "CIDR": 2, "email": 2 }, "indicator_count": 4317, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d6585753bfdc08890a4", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:54:34.222000", "created": "2026-05-06T13:08:53.749000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 662, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7, "CVE": 1 }, "indicator_count": 2687, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d632800402652054b73", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:51.417000", "created": "2026-05-06T13:08:51.417000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d628de55fd4fef0e2bc", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:50.546000", "created": "2026-05-06T13:08:50.546000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d5b5642ffb183d38fa8", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:43.093000", "created": "2026-05-06T13:08:43.093000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fb3d58494c7b444832ea5b", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:40.248000", "created": "2026-05-06T13:08:40.248000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://mecojax.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://mecojax.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780223725.2655122 }