{ "type": "URL", "indicator": "https://polihroniskirkanidis.rocketmail.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://polihroniskirkanidis.rocketmail.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4277083149, "indicator": "https://polihroniskirkanidis.rocketmail.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69eae966e2994ca9410416e7", "name": "CAPE Sandbox - Watson", "description": "[full list of details about Akamai, the web hosting company, that has been abused on the internet for more than 20 years.. and the names of its users have been published.] pretext. Watson frequents. wizard8.", "modified": "2026-05-24T05:16:16.520000", "created": "2026-04-24T03:54:14.835000", "tags": [ "akamai", "city", "noc united", "orgid", "akamai ref", "net23", "net230000", "cidr", "orgabusehandle", "orgtechhandle" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 382, "FileHash-SHA1": 361, "FileHash-SHA256": 1250, "URL": 1436, "domain": 425, "hostname": 783, "CIDR": 1, "email": 29, "CVE": 1, "URI": 2 }, "indicator_count": 4670, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0ff878b8d1717e395e0d0a", "name": "Research part 4 * CAPE Sandbox", "description": "A Cuckoo has been running on a KVM operating system for the next two years. \u00c2\u00a31.5m.. and \u00e2\u201a\u00ac1m", "modified": "2026-05-23T03:58:21.402000", "created": "2026-05-22T06:32:24.666000", "tags": [ "default", "nothing", "file execution", "registry keys", "inprocserver32", "server", "parent pid", "full path", "command line", "files c", "cname", "accept", "ip address", "cape sandbox", "found", "center", "http", "port", "shutdown", "title", "performs dns", "mitre attack", "network info", "processes extra", "sigma", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "defense evasion", "next", "win1", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "acrongl integ", "adc4240758", "angsana new", "bootkit", "back", "p2404", "host", "cultureneutral", "p11750170564", "shell folders", "systemroot", "gmt range", "guard", "pe file", "file type", "creates", "extra info", "sample", "contains", "aslr", "binary", "command", "malicious" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/91031d16ab93fe5d7f8dc7a55b4bbb8e23742c774ad467f67e2e1681e5439fb9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431033&Signature=tDkjksSltx3F6MPqpr8Xf%2BIAVxBBNNTifbGimbXIX5DCrLCZugVQF%2B7kCV%2BJ3RQ1lKt1eMcfTaQ3FUvgjt7%2F3uEgdHY390sywG9OdYe2HZMJHg%2BYNxsAIe8n7UIa22pLVZNqhDSymVa0VyJAEZb8B2t7gNdGsBLQKQ7GyJ2iYAz4NklXYQPVUZoWObKt0eggHoV3wJUWM%2BQKxWSnPP6HQ8wusnitHIEqxdfckeRTMZR9zlIg31", "https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431302&Signature=VN0Lo6N8srKzgIyGy%2B2YBOQ%2BngCQJsbj8jycOiDUs3CpGIyP8pZyyC326od%2FfI41dky2kAUXq4L2f1AHLLukNksIcompwOACdBTaq%2B6r%2FyNhhrsOVLiVCA4wkuZX%2Bjz5eRA8KhG7BcGA1Z8ERy3OYr1b5gS4cUton8nwnqvSE7ZH6dFOkbdhFiX%2FwmTQbOzFCCqJWT0%2FJJZQaXyWSitlkG3IN8RyMOUpjxyT9fwh51%2FT", "https://vtbehaviour.commondatastorage.googleapis.com/f26944950ccf7fd4422662d575c0b3698670e1b19d76fe386c20058ea4ea991f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431338&Signature=FoZZNyxGwBJKtHZSxcj9EHaeRdEMbmfNE6I04ld5vuYz8v2b9G%2Bwt0JlXl6N1uR2a9k4YqZln0HWuPEsYhjLjy3e465eqqg1UIPsLLqvH%2BmT7ox8n7TU%2B54qFOkQtrqoj3cO%2BSeZXnlXHOzxx9rdozltX%2FZ%2BOw1i5z%2FzvLy%2FlI3NhUcyIPbiD3yhM6DqHS%2Fyt7x5bhd5cz18yhPyQq7CNoW%2Fx%2B5aj4d6lWRgPVoBfaoqi33C", "https://vtbehaviour.commondatastorage.googleapis.com/c915c30bfba565e05ccdea80427ffcba415831161e38e81eccbc893e8eb0bf83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431449&Signature=PDRco%2B36G08WhkVripJBX%2FKsew%2Fqdtv%2BE4v4qZ%2BxTtqIWv%2BbUShaZJk4oroxSc0hAtyIuEAY0Fl7s%2FjNS%2FYPoQ1iU9EMWYaxvd0Sl1%2F%2BEc%2Foq9dc3YP5F0muq56mEXdREOlePA54%2BObbmwRbWR4mwAkK%2FuAkYzpAtJKkLJRZ6GQ0sbyCC5VdaAT3OMhtFkTKCtx5Wk2ZTdGZT5ASe3hD4xmg219rX3t5uV8j", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431564&Signature=x%2BpjgWuHJOMK96wkAkxWnO%2BvWXDtko8QpNc0JQs9qrmHA1DtI9OB1F4jxixqRaySdJpP0JpTJK%2BRxE8sVad9wh3wtqgIhtbiihOX2%2FXHa7ukyAZOuMkh8fVLwIUVkxrObXKFDv8CiRAzdRemUPxSH%2FYmbOPY2eYs7UbUQp%2B93VYGCAMTuaztTey%2F1T8DM1tWLfxE5nKn3j7VigVpXMi8228oo%2B7ofaOVz3A%2FZKMZ1gKD", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431586&Signature=mg5jUjSQG5fVQ2idj9wgQGE6D7neQXnBJ4xAD50pgEFgszvmZvrLrvz5RjR00uX4f7Gs2afv8MUs272SCXfylMEo1EhlVujdxecw4%2Ftn9jdYUfSDpqu0quw4dkL1YXviPoAcCJLaKrrvBsQMT468PPk4VwiDZbq2JNrZZwt1qXHmZFe3X5CHabJJE0ORZBwBH0jMYUE%2BWIvGzkZ%2Bul4ufi3xgsgA%2BoN0jUlIddwaoZA4eQeYVlQ388DLeonSjl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 194, "FileHash-SHA1": 212, "FileHash-SHA256": 412, "IPv4": 297, "URL": 840, "domain": 343, "hostname": 541, "CIDR": 6, "email": 23, "IPv6": 176, "CVE": 4 }, "indicator_count": 3048, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf4cc74c3d8f391a1a927c", "name": "9e42ac52bda44d5cadcabffd1d5e78a06598c8b5", "description": "", "modified": "2026-05-17T15:53:27.707000", "created": "2026-03-22T01:58:31.611000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 369, "hostname": 376, "domain": 193, "email": 13 }, "indicator_count": 1926, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf6652beb00c62a9cb8b84", "name": "i cloned msudosos - IOC breakdown = Possible ELF/Prometei Botnet CnC Activity", "description": "", "modified": "2026-04-21T02:20:25.690000", "created": "2026-03-22T03:47:30.942000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69bf4cc74c3d8f391a1a927c", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 367, "hostname": 372, "domain": 192, "email": 13 }, "indicator_count": 1919, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431302&Signature=VN0Lo6N8srKzgIyGy%2B2YBOQ%2BngCQJsbj8jycOiDUs3CpGIyP8pZyyC326od%2FfI41dky2kAUXq4L2f1AHLLukNksIcompwOACdBTaq%2B6r%2FyNhhrsOVLiVCA4wkuZX%2Bjz5eRA8KhG7BcGA1Z8ERy3OYr1b5gS4cUton8nwnqvSE7ZH6dFOkbdhFiX%2FwmTQbOzFCCqJWT0%2FJJZQaXyWSitlkG3IN8RyMOUpjxyT9fwh51%2FT", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431564&Signature=x%2BpjgWuHJOMK96wkAkxWnO%2BvWXDtko8QpNc0JQs9qrmHA1DtI9OB1F4jxixqRaySdJpP0JpTJK%2BRxE8sVad9wh3wtqgIhtbiihOX2%2FXHa7ukyAZOuMkh8fVLwIUVkxrObXKFDv8CiRAzdRemUPxSH%2FYmbOPY2eYs7UbUQp%2B93VYGCAMTuaztTey%2F1T8DM1tWLfxE5nKn3j7VigVpXMi8228oo%2B7ofaOVz3A%2FZKMZ1gKD", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431586&Signature=mg5jUjSQG5fVQ2idj9wgQGE6D7neQXnBJ4xAD50pgEFgszvmZvrLrvz5RjR00uX4f7Gs2afv8MUs272SCXfylMEo1EhlVujdxecw4%2Ftn9jdYUfSDpqu0quw4dkL1YXviPoAcCJLaKrrvBsQMT468PPk4VwiDZbq2JNrZZwt1qXHmZFe3X5CHabJJE0ORZBwBH0jMYUE%2BWIvGzkZ%2Bul4ufi3xgsgA%2BoN0jUlIddwaoZA4eQeYVlQ388DLeonSjl", "https://vtbehaviour.commondatastorage.googleapis.com/c915c30bfba565e05ccdea80427ffcba415831161e38e81eccbc893e8eb0bf83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431449&Signature=PDRco%2B36G08WhkVripJBX%2FKsew%2Fqdtv%2BE4v4qZ%2BxTtqIWv%2BbUShaZJk4oroxSc0hAtyIuEAY0Fl7s%2FjNS%2FYPoQ1iU9EMWYaxvd0Sl1%2F%2BEc%2Foq9dc3YP5F0muq56mEXdREOlePA54%2BObbmwRbWR4mwAkK%2FuAkYzpAtJKkLJRZ6GQ0sbyCC5VdaAT3OMhtFkTKCtx5Wk2ZTdGZT5ASe3hD4xmg219rX3t5uV8j", "https://vtbehaviour.commondatastorage.googleapis.com/91031d16ab93fe5d7f8dc7a55b4bbb8e23742c774ad467f67e2e1681e5439fb9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431033&Signature=tDkjksSltx3F6MPqpr8Xf%2BIAVxBBNNTifbGimbXIX5DCrLCZugVQF%2B7kCV%2BJ3RQ1lKt1eMcfTaQ3FUvgjt7%2F3uEgdHY390sywG9OdYe2HZMJHg%2BYNxsAIe8n7UIa22pLVZNqhDSymVa0VyJAEZb8B2t7gNdGsBLQKQ7GyJ2iYAz4NklXYQPVUZoWObKt0eggHoV3wJUWM%2BQKxWSnPP6HQ8wusnitHIEqxdfckeRTMZR9zlIg31", "https://vtbehaviour.commondatastorage.googleapis.com/f26944950ccf7fd4422662d575c0b3698670e1b19d76fe386c20058ea4ea991f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431338&Signature=FoZZNyxGwBJKtHZSxcj9EHaeRdEMbmfNE6I04ld5vuYz8v2b9G%2Bwt0JlXl6N1uR2a9k4YqZln0HWuPEsYhjLjy3e465eqqg1UIPsLLqvH%2BmT7ox8n7TU%2B54qFOkQtrqoj3cO%2BSeZXnlXHOzxx9rdozltX%2FZ%2BOw1i5z%2FzvLy%2FlI3NhUcyIPbiD3yhM6DqHS%2Fyt7x5bhd5cz18yhPyQq7CNoW%2Fx%2B5aj4d6lWRgPVoBfaoqi33C" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 5041 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/rocketmail.com", "whois": "http://whois.domaintools.com/rocketmail.com", "domain": "rocketmail.com", "hostname": "polihroniskirkanidis.rocketmail.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69eae966e2994ca9410416e7", "name": "CAPE Sandbox - Watson", "description": "[full list of details about Akamai, the web hosting company, that has been abused on the internet for more than 20 years.. and the names of its users have been published.] pretext. Watson frequents. wizard8.", "modified": "2026-05-24T05:16:16.520000", "created": "2026-04-24T03:54:14.835000", "tags": [ "akamai", "city", "noc united", "orgid", "akamai ref", "net23", "net230000", "cidr", "orgabusehandle", "orgtechhandle" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 382, "FileHash-SHA1": 361, "FileHash-SHA256": 1250, "URL": 1436, "domain": 425, "hostname": 783, "CIDR": 1, "email": 29, "CVE": 1, "URI": 2 }, "indicator_count": 4670, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "7 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0ff878b8d1717e395e0d0a", "name": "Research part 4 * CAPE Sandbox", "description": "A Cuckoo has been running on a KVM operating system for the next two years. \u00c2\u00a31.5m.. and \u00e2\u201a\u00ac1m", "modified": "2026-05-23T03:58:21.402000", "created": "2026-05-22T06:32:24.666000", "tags": [ "default", "nothing", "file execution", "registry keys", "inprocserver32", "server", "parent pid", "full path", "command line", "files c", "cname", "accept", "ip address", "cape sandbox", "found", "center", "http", "port", "shutdown", "title", "performs dns", "mitre attack", "network info", "processes extra", "sigma", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "defense evasion", "next", "win1", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "acrongl integ", "adc4240758", "angsana new", "bootkit", "back", "p2404", "host", "cultureneutral", "p11750170564", "shell folders", "systemroot", "gmt range", "guard", "pe file", "file type", "creates", "extra info", "sample", "contains", "aslr", "binary", "command", "malicious" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/91031d16ab93fe5d7f8dc7a55b4bbb8e23742c774ad467f67e2e1681e5439fb9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431033&Signature=tDkjksSltx3F6MPqpr8Xf%2BIAVxBBNNTifbGimbXIX5DCrLCZugVQF%2B7kCV%2BJ3RQ1lKt1eMcfTaQ3FUvgjt7%2F3uEgdHY390sywG9OdYe2HZMJHg%2BYNxsAIe8n7UIa22pLVZNqhDSymVa0VyJAEZb8B2t7gNdGsBLQKQ7GyJ2iYAz4NklXYQPVUZoWObKt0eggHoV3wJUWM%2BQKxWSnPP6HQ8wusnitHIEqxdfckeRTMZR9zlIg31", "https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431302&Signature=VN0Lo6N8srKzgIyGy%2B2YBOQ%2BngCQJsbj8jycOiDUs3CpGIyP8pZyyC326od%2FfI41dky2kAUXq4L2f1AHLLukNksIcompwOACdBTaq%2B6r%2FyNhhrsOVLiVCA4wkuZX%2Bjz5eRA8KhG7BcGA1Z8ERy3OYr1b5gS4cUton8nwnqvSE7ZH6dFOkbdhFiX%2FwmTQbOzFCCqJWT0%2FJJZQaXyWSitlkG3IN8RyMOUpjxyT9fwh51%2FT", "https://vtbehaviour.commondatastorage.googleapis.com/f26944950ccf7fd4422662d575c0b3698670e1b19d76fe386c20058ea4ea991f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431338&Signature=FoZZNyxGwBJKtHZSxcj9EHaeRdEMbmfNE6I04ld5vuYz8v2b9G%2Bwt0JlXl6N1uR2a9k4YqZln0HWuPEsYhjLjy3e465eqqg1UIPsLLqvH%2BmT7ox8n7TU%2B54qFOkQtrqoj3cO%2BSeZXnlXHOzxx9rdozltX%2FZ%2BOw1i5z%2FzvLy%2FlI3NhUcyIPbiD3yhM6DqHS%2Fyt7x5bhd5cz18yhPyQq7CNoW%2Fx%2B5aj4d6lWRgPVoBfaoqi33C", "https://vtbehaviour.commondatastorage.googleapis.com/c915c30bfba565e05ccdea80427ffcba415831161e38e81eccbc893e8eb0bf83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431449&Signature=PDRco%2B36G08WhkVripJBX%2FKsew%2Fqdtv%2BE4v4qZ%2BxTtqIWv%2BbUShaZJk4oroxSc0hAtyIuEAY0Fl7s%2FjNS%2FYPoQ1iU9EMWYaxvd0Sl1%2F%2BEc%2Foq9dc3YP5F0muq56mEXdREOlePA54%2BObbmwRbWR4mwAkK%2FuAkYzpAtJKkLJRZ6GQ0sbyCC5VdaAT3OMhtFkTKCtx5Wk2ZTdGZT5ASe3hD4xmg219rX3t5uV8j", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431564&Signature=x%2BpjgWuHJOMK96wkAkxWnO%2BvWXDtko8QpNc0JQs9qrmHA1DtI9OB1F4jxixqRaySdJpP0JpTJK%2BRxE8sVad9wh3wtqgIhtbiihOX2%2FXHa7ukyAZOuMkh8fVLwIUVkxrObXKFDv8CiRAzdRemUPxSH%2FYmbOPY2eYs7UbUQp%2B93VYGCAMTuaztTey%2F1T8DM1tWLfxE5nKn3j7VigVpXMi8228oo%2B7ofaOVz3A%2FZKMZ1gKD", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431586&Signature=mg5jUjSQG5fVQ2idj9wgQGE6D7neQXnBJ4xAD50pgEFgszvmZvrLrvz5RjR00uX4f7Gs2afv8MUs272SCXfylMEo1EhlVujdxecw4%2Ftn9jdYUfSDpqu0quw4dkL1YXviPoAcCJLaKrrvBsQMT468PPk4VwiDZbq2JNrZZwt1qXHmZFe3X5CHabJJE0ORZBwBH0jMYUE%2BWIvGzkZ%2Bul4ufi3xgsgA%2BoN0jUlIddwaoZA4eQeYVlQ388DLeonSjl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 194, "FileHash-SHA1": 212, "FileHash-SHA256": 412, "IPv4": 297, "URL": 840, "domain": 343, "hostname": 541, "CIDR": 6, "email": 23, "IPv6": 176, "CVE": 4 }, "indicator_count": 3048, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf4cc74c3d8f391a1a927c", "name": "9e42ac52bda44d5cadcabffd1d5e78a06598c8b5", "description": "", "modified": "2026-05-17T15:53:27.707000", "created": "2026-03-22T01:58:31.611000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 369, "hostname": 376, "domain": 193, "email": 13 }, "indicator_count": 1926, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "14 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf6652beb00c62a9cb8b84", "name": "i cloned msudosos - IOC breakdown = Possible ELF/Prometei Botnet CnC Activity", "description": "", "modified": "2026-04-21T02:20:25.690000", "created": "2026-03-22T03:47:30.942000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69bf4cc74c3d8f391a1a927c", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 367, "hostname": 372, "domain": 192, "email": 13 }, "indicator_count": 1919, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://polihroniskirkanidis.rocketmail.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://polihroniskirkanidis.rocketmail.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780248492.3886428 }