{ "type": "URL", "indicator": "https://portal.edoctransfer.com/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://portal.edoctransfer.com/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4277083336, "indicator": "https://portal.edoctransfer.com/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a0ff878b8d1717e395e0d0a", "name": "Research part 4 * CAPE Sandbox", "description": "A Cuckoo has been running on a KVM operating system for the next two years. \u00c2\u00a31.5m.. and \u00e2\u201a\u00ac1m", "modified": "2026-05-23T03:58:21.402000", "created": "2026-05-22T06:32:24.666000", "tags": [ "default", "nothing", "file execution", "registry keys", "inprocserver32", "server", "parent pid", "full path", "command line", "files c", "cname", "accept", "ip address", "cape sandbox", "found", "center", "http", "port", "shutdown", "title", "performs dns", "mitre attack", "network info", "processes extra", "sigma", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "defense evasion", "next", "win1", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "acrongl integ", "adc4240758", "angsana new", "bootkit", "back", "p2404", "host", "cultureneutral", "p11750170564", "shell folders", "systemroot", "gmt range", "guard", "pe file", "file type", "creates", "extra info", "sample", "contains", "aslr", "binary", "command", "malicious" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/91031d16ab93fe5d7f8dc7a55b4bbb8e23742c774ad467f67e2e1681e5439fb9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431033&Signature=tDkjksSltx3F6MPqpr8Xf%2BIAVxBBNNTifbGimbXIX5DCrLCZugVQF%2B7kCV%2BJ3RQ1lKt1eMcfTaQ3FUvgjt7%2F3uEgdHY390sywG9OdYe2HZMJHg%2BYNxsAIe8n7UIa22pLVZNqhDSymVa0VyJAEZb8B2t7gNdGsBLQKQ7GyJ2iYAz4NklXYQPVUZoWObKt0eggHoV3wJUWM%2BQKxWSnPP6HQ8wusnitHIEqxdfckeRTMZR9zlIg31", "https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431302&Signature=VN0Lo6N8srKzgIyGy%2B2YBOQ%2BngCQJsbj8jycOiDUs3CpGIyP8pZyyC326od%2FfI41dky2kAUXq4L2f1AHLLukNksIcompwOACdBTaq%2B6r%2FyNhhrsOVLiVCA4wkuZX%2Bjz5eRA8KhG7BcGA1Z8ERy3OYr1b5gS4cUton8nwnqvSE7ZH6dFOkbdhFiX%2FwmTQbOzFCCqJWT0%2FJJZQaXyWSitlkG3IN8RyMOUpjxyT9fwh51%2FT", "https://vtbehaviour.commondatastorage.googleapis.com/f26944950ccf7fd4422662d575c0b3698670e1b19d76fe386c20058ea4ea991f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431338&Signature=FoZZNyxGwBJKtHZSxcj9EHaeRdEMbmfNE6I04ld5vuYz8v2b9G%2Bwt0JlXl6N1uR2a9k4YqZln0HWuPEsYhjLjy3e465eqqg1UIPsLLqvH%2BmT7ox8n7TU%2B54qFOkQtrqoj3cO%2BSeZXnlXHOzxx9rdozltX%2FZ%2BOw1i5z%2FzvLy%2FlI3NhUcyIPbiD3yhM6DqHS%2Fyt7x5bhd5cz18yhPyQq7CNoW%2Fx%2B5aj4d6lWRgPVoBfaoqi33C", "https://vtbehaviour.commondatastorage.googleapis.com/c915c30bfba565e05ccdea80427ffcba415831161e38e81eccbc893e8eb0bf83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431449&Signature=PDRco%2B36G08WhkVripJBX%2FKsew%2Fqdtv%2BE4v4qZ%2BxTtqIWv%2BbUShaZJk4oroxSc0hAtyIuEAY0Fl7s%2FjNS%2FYPoQ1iU9EMWYaxvd0Sl1%2F%2BEc%2Foq9dc3YP5F0muq56mEXdREOlePA54%2BObbmwRbWR4mwAkK%2FuAkYzpAtJKkLJRZ6GQ0sbyCC5VdaAT3OMhtFkTKCtx5Wk2ZTdGZT5ASe3hD4xmg219rX3t5uV8j", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431564&Signature=x%2BpjgWuHJOMK96wkAkxWnO%2BvWXDtko8QpNc0JQs9qrmHA1DtI9OB1F4jxixqRaySdJpP0JpTJK%2BRxE8sVad9wh3wtqgIhtbiihOX2%2FXHa7ukyAZOuMkh8fVLwIUVkxrObXKFDv8CiRAzdRemUPxSH%2FYmbOPY2eYs7UbUQp%2B93VYGCAMTuaztTey%2F1T8DM1tWLfxE5nKn3j7VigVpXMi8228oo%2B7ofaOVz3A%2FZKMZ1gKD", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431586&Signature=mg5jUjSQG5fVQ2idj9wgQGE6D7neQXnBJ4xAD50pgEFgszvmZvrLrvz5RjR00uX4f7Gs2afv8MUs272SCXfylMEo1EhlVujdxecw4%2Ftn9jdYUfSDpqu0quw4dkL1YXviPoAcCJLaKrrvBsQMT468PPk4VwiDZbq2JNrZZwt1qXHmZFe3X5CHabJJE0ORZBwBH0jMYUE%2BWIvGzkZ%2Bul4ufi3xgsgA%2BoN0jUlIddwaoZA4eQeYVlQ388DLeonSjl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 194, "FileHash-SHA1": 212, "FileHash-SHA256": 412, "IPv4": 297, "URL": 840, "domain": 343, "hostname": 541, "CIDR": 6, "email": 23, "IPv6": 176, "CVE": 4 }, "indicator_count": 3048, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf4cc74c3d8f391a1a927c", "name": "9e42ac52bda44d5cadcabffd1d5e78a06598c8b5", "description": "", "modified": "2026-05-17T15:53:27.707000", "created": "2026-03-22T01:58:31.611000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 369, "hostname": 376, "domain": 193, "email": 13 }, "indicator_count": 1926, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf6652beb00c62a9cb8b84", "name": "i cloned msudosos - IOC breakdown = Possible ELF/Prometei Botnet CnC Activity", "description": "", "modified": "2026-04-21T02:20:25.690000", "created": "2026-03-22T03:47:30.942000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69bf4cc74c3d8f391a1a927c", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 367, "hostname": 372, "domain": 192, "email": 13 }, "indicator_count": 1919, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f26944950ccf7fd4422662d575c0b3698670e1b19d76fe386c20058ea4ea991f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431338&Signature=FoZZNyxGwBJKtHZSxcj9EHaeRdEMbmfNE6I04ld5vuYz8v2b9G%2Bwt0JlXl6N1uR2a9k4YqZln0HWuPEsYhjLjy3e465eqqg1UIPsLLqvH%2BmT7ox8n7TU%2B54qFOkQtrqoj3cO%2BSeZXnlXHOzxx9rdozltX%2FZ%2BOw1i5z%2FzvLy%2FlI3NhUcyIPbiD3yhM6DqHS%2Fyt7x5bhd5cz18yhPyQq7CNoW%2Fx%2B5aj4d6lWRgPVoBfaoqi33C", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431564&Signature=x%2BpjgWuHJOMK96wkAkxWnO%2BvWXDtko8QpNc0JQs9qrmHA1DtI9OB1F4jxixqRaySdJpP0JpTJK%2BRxE8sVad9wh3wtqgIhtbiihOX2%2FXHa7ukyAZOuMkh8fVLwIUVkxrObXKFDv8CiRAzdRemUPxSH%2FYmbOPY2eYs7UbUQp%2B93VYGCAMTuaztTey%2F1T8DM1tWLfxE5nKn3j7VigVpXMi8228oo%2B7ofaOVz3A%2FZKMZ1gKD", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431586&Signature=mg5jUjSQG5fVQ2idj9wgQGE6D7neQXnBJ4xAD50pgEFgszvmZvrLrvz5RjR00uX4f7Gs2afv8MUs272SCXfylMEo1EhlVujdxecw4%2Ftn9jdYUfSDpqu0quw4dkL1YXviPoAcCJLaKrrvBsQMT468PPk4VwiDZbq2JNrZZwt1qXHmZFe3X5CHabJJE0ORZBwBH0jMYUE%2BWIvGzkZ%2Bul4ufi3xgsgA%2BoN0jUlIddwaoZA4eQeYVlQ388DLeonSjl", "https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431302&Signature=VN0Lo6N8srKzgIyGy%2B2YBOQ%2BngCQJsbj8jycOiDUs3CpGIyP8pZyyC326od%2FfI41dky2kAUXq4L2f1AHLLukNksIcompwOACdBTaq%2B6r%2FyNhhrsOVLiVCA4wkuZX%2Bjz5eRA8KhG7BcGA1Z8ERy3OYr1b5gS4cUton8nwnqvSE7ZH6dFOkbdhFiX%2FwmTQbOzFCCqJWT0%2FJJZQaXyWSitlkG3IN8RyMOUpjxyT9fwh51%2FT", "https://vtbehaviour.commondatastorage.googleapis.com/c915c30bfba565e05ccdea80427ffcba415831161e38e81eccbc893e8eb0bf83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431449&Signature=PDRco%2B36G08WhkVripJBX%2FKsew%2Fqdtv%2BE4v4qZ%2BxTtqIWv%2BbUShaZJk4oroxSc0hAtyIuEAY0Fl7s%2FjNS%2FYPoQ1iU9EMWYaxvd0Sl1%2F%2BEc%2Foq9dc3YP5F0muq56mEXdREOlePA54%2BObbmwRbWR4mwAkK%2FuAkYzpAtJKkLJRZ6GQ0sbyCC5VdaAT3OMhtFkTKCtx5Wk2ZTdGZT5ASe3hD4xmg219rX3t5uV8j", "https://vtbehaviour.commondatastorage.googleapis.com/91031d16ab93fe5d7f8dc7a55b4bbb8e23742c774ad467f67e2e1681e5439fb9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431033&Signature=tDkjksSltx3F6MPqpr8Xf%2BIAVxBBNNTifbGimbXIX5DCrLCZugVQF%2B7kCV%2BJ3RQ1lKt1eMcfTaQ3FUvgjt7%2F3uEgdHY390sywG9OdYe2HZMJHg%2BYNxsAIe8n7UIa22pLVZNqhDSymVa0VyJAEZb8B2t7gNdGsBLQKQ7GyJ2iYAz4NklXYQPVUZoWObKt0eggHoV3wJUWM%2BQKxWSnPP6HQ8wusnitHIEqxdfckeRTMZR9zlIg31" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 2595 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/edoctransfer.com", "whois": "http://whois.domaintools.com/edoctransfer.com", "domain": "edoctransfer.com", "hostname": "portal.edoctransfer.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a0ff878b8d1717e395e0d0a", "name": "Research part 4 * CAPE Sandbox", "description": "A Cuckoo has been running on a KVM operating system for the next two years. \u00c2\u00a31.5m.. and \u00e2\u201a\u00ac1m", "modified": "2026-05-23T03:58:21.402000", "created": "2026-05-22T06:32:24.666000", "tags": [ "default", "nothing", "file execution", "registry keys", "inprocserver32", "server", "parent pid", "full path", "command line", "files c", "cname", "accept", "ip address", "cape sandbox", "found", "center", "http", "port", "shutdown", "title", "performs dns", "mitre attack", "network info", "processes extra", "sigma", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "defense evasion", "next", "win1", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "acrongl integ", "adc4240758", "angsana new", "bootkit", "back", "p2404", "host", "cultureneutral", "p11750170564", "shell folders", "systemroot", "gmt range", "guard", "pe file", "file type", "creates", "extra info", "sample", "contains", "aslr", "binary", "command", "malicious" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/91031d16ab93fe5d7f8dc7a55b4bbb8e23742c774ad467f67e2e1681e5439fb9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431033&Signature=tDkjksSltx3F6MPqpr8Xf%2BIAVxBBNNTifbGimbXIX5DCrLCZugVQF%2B7kCV%2BJ3RQ1lKt1eMcfTaQ3FUvgjt7%2F3uEgdHY390sywG9OdYe2HZMJHg%2BYNxsAIe8n7UIa22pLVZNqhDSymVa0VyJAEZb8B2t7gNdGsBLQKQ7GyJ2iYAz4NklXYQPVUZoWObKt0eggHoV3wJUWM%2BQKxWSnPP6HQ8wusnitHIEqxdfckeRTMZR9zlIg31", "https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431302&Signature=VN0Lo6N8srKzgIyGy%2B2YBOQ%2BngCQJsbj8jycOiDUs3CpGIyP8pZyyC326od%2FfI41dky2kAUXq4L2f1AHLLukNksIcompwOACdBTaq%2B6r%2FyNhhrsOVLiVCA4wkuZX%2Bjz5eRA8KhG7BcGA1Z8ERy3OYr1b5gS4cUton8nwnqvSE7ZH6dFOkbdhFiX%2FwmTQbOzFCCqJWT0%2FJJZQaXyWSitlkG3IN8RyMOUpjxyT9fwh51%2FT", "https://vtbehaviour.commondatastorage.googleapis.com/f26944950ccf7fd4422662d575c0b3698670e1b19d76fe386c20058ea4ea991f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431338&Signature=FoZZNyxGwBJKtHZSxcj9EHaeRdEMbmfNE6I04ld5vuYz8v2b9G%2Bwt0JlXl6N1uR2a9k4YqZln0HWuPEsYhjLjy3e465eqqg1UIPsLLqvH%2BmT7ox8n7TU%2B54qFOkQtrqoj3cO%2BSeZXnlXHOzxx9rdozltX%2FZ%2BOw1i5z%2FzvLy%2FlI3NhUcyIPbiD3yhM6DqHS%2Fyt7x5bhd5cz18yhPyQq7CNoW%2Fx%2B5aj4d6lWRgPVoBfaoqi33C", "https://vtbehaviour.commondatastorage.googleapis.com/c915c30bfba565e05ccdea80427ffcba415831161e38e81eccbc893e8eb0bf83_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431449&Signature=PDRco%2B36G08WhkVripJBX%2FKsew%2Fqdtv%2BE4v4qZ%2BxTtqIWv%2BbUShaZJk4oroxSc0hAtyIuEAY0Fl7s%2FjNS%2FYPoQ1iU9EMWYaxvd0Sl1%2F%2BEc%2Foq9dc3YP5F0muq56mEXdREOlePA54%2BObbmwRbWR4mwAkK%2FuAkYzpAtJKkLJRZ6GQ0sbyCC5VdaAT3OMhtFkTKCtx5Wk2ZTdGZT5ASe3hD4xmg219rX3t5uV8j", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431564&Signature=x%2BpjgWuHJOMK96wkAkxWnO%2BvWXDtko8QpNc0JQs9qrmHA1DtI9OB1F4jxixqRaySdJpP0JpTJK%2BRxE8sVad9wh3wtqgIhtbiihOX2%2FXHa7ukyAZOuMkh8fVLwIUVkxrObXKFDv8CiRAzdRemUPxSH%2FYmbOPY2eYs7UbUQp%2B93VYGCAMTuaztTey%2F1T8DM1tWLfxE5nKn3j7VigVpXMi8228oo%2B7ofaOVz3A%2FZKMZ1gKD", "https://vtbehaviour.commondatastorage.googleapis.com/00185697c0de6262fafba95770b1dd85ddbcdc8b5945d517457be2fb3e6908c1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779431586&Signature=mg5jUjSQG5fVQ2idj9wgQGE6D7neQXnBJ4xAD50pgEFgszvmZvrLrvz5RjR00uX4f7Gs2afv8MUs272SCXfylMEo1EhlVujdxecw4%2Ftn9jdYUfSDpqu0quw4dkL1YXviPoAcCJLaKrrvBsQMT468PPk4VwiDZbq2JNrZZwt1qXHmZFe3X5CHabJJE0ORZBwBH0jMYUE%2BWIvGzkZ%2Bul4ufi3xgsgA%2BoN0jUlIddwaoZA4eQeYVlQ388DLeonSjl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 194, "FileHash-SHA1": 212, "FileHash-SHA256": 412, "IPv4": 297, "URL": 840, "domain": 343, "hostname": 541, "CIDR": 6, "email": 23, "IPv6": 176, "CVE": 4 }, "indicator_count": 3048, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf4cc74c3d8f391a1a927c", "name": "9e42ac52bda44d5cadcabffd1d5e78a06598c8b5", "description": "", "modified": "2026-05-17T15:53:27.707000", "created": "2026-03-22T01:58:31.611000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 369, "hostname": 376, "domain": 193, "email": 13 }, "indicator_count": 1926, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "13 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69bf6652beb00c62a9cb8b84", "name": "i cloned msudosos - IOC breakdown = Possible ELF/Prometei Botnet CnC Activity", "description": "", "modified": "2026-04-21T02:20:25.690000", "created": "2026-03-22T03:47:30.942000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69bf4cc74c3d8f391a1a927c", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 308, "FileHash-SHA1": 305, "FileHash-SHA256": 362, "URL": 367, "hostname": 372, "domain": 192, "email": 13 }, "indicator_count": 1919, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://portal.edoctransfer.com/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://portal.edoctransfer.com/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780241642.2962408 }