{ "type": "URL", "indicator": "https://pq.cloudflareresearch.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://pq.cloudflareresearch.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3740848600, "indicator": "https://pq.cloudflareresearch.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "69d34cf5a8011c62217875cd", "name": "CAPE Sandbox MALWARE", "description": "A sample of malware found on a Windows 11 operating system: PK.i, or \"Ultimate\", on 19/11/2025, for the first time in the history of the Windows Operating System.", "modified": "2026-05-06T06:03:26.437000", "created": "2026-04-06T06:04:37.512000", "tags": [ "privacy futile", "basic", "software", "system", "test", "privacy webpage", "scan", "index1 rem", "cookie warnings", "malware", "service", "tencent", "panda", "file type", "urls", "ascii text", "found", "windows setup", "ascii", "crlf line", "creates", "unicode text", "utf8 text", "malicious", "persistence", "window", "info", "next", "regsz d", "regdword d", "at own", "risk as", "is without", "warranty of", "any kind", "add doh", "edge", "regdword", "mitre attack", "network info", "program", "t1055 process", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "info file", "windows sandbox", "clear filters", "tickcount", "detail info", "text", "classname", "funcoffset", "excpetion", "milliseconds", "offset", "filename", "behaviour", "except", "shell", "unknown", "class", "find", "back", "calls process", "inno", "full path", "behavior pid", "windir", "system32", "protocol level", "application", "yes dump", "http post", "query", "dns domain", "dump", "path", "performs dns", "ms windows", "pe file", "may try", "delphi" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455205&Signature=WYjP57LoTGtEBXJR2%2BEa43eaJKfwbDhSrAp8kKsFVF1dTwCu%2B%2FjRLKau3L4sX%2BhanxbeXpJN2HYRbWF5qWsouu67rocP5k01ElCUFgflj%2FUGbLGBujce99WW18Ye3Xycsw%2F0zn7KyE24K%2F%2BNr7K%2BEpfPvb4BxXPrStZVe6roovm%2BwUWhSwrjcK4d%2FYQC%2FyowTlXqtgg6hn60nlQUg56K3tUJ4kUP3l%2BZ1KDM", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455291&Signature=v9ZZBgXPY%2BlVPcZeiRq373fCYlMK0l%2FUoVDt%2FVDldarGQs7hauO0pCd02ulbEa1Myal5fd7dEAJJ4WU2AY33ukBd87xQ%2BL8iqBbky9L5Whrhm2IV9jLgZAPJgKQaVAy6RtoFzM4yUgWDgGRnjtNUkocXXFrqMcdqgWc8Y5UOzqxke4NhcN3g8HBKGPsTYgRTGywPWHdW%2FyYfbZ02sPBt1TbIch7gvePLGAZ%2BM7OE6HZ5XYdDDxF2Zp6NN5", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455342&Signature=MAtoQ8c5QDCA2roaR%2Fk6R1LBbZC33oZkOyInpcBjoZcrrFs9KbQqoJQd22uLQhc4VVEdLm9rHZMFDknQ7VUPID1dRlKyo6p1bHgy6C3Wyo7XC5KI7SmitO0%2B5TfbVa0fRN0OUh8UkJMH2y0OUicaTRA5J5GbaTQnZfDeFDsy%2B5LOsYD4JEa1Xo2xCDFHU%2FXxtypVw6%2FmJ6p%2BnxP3OoNDOyIHzWhvPHU2eJEHFpWVih0umfdH0z", "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455395&Signature=Rs0HmZ2fcdLf69x0K%2F5FWT%2F6xEh%2BLCbppJhdimEKddnnbJY%2BXNchBcRIcSBk7dQLPyFN%2B2Osy13sZQXw1jOoRqkPaA540snGr9ZA93hb%2BkwtUliwNL7MXwzJa5RO3yBt1DCigxkoy8ijf%2BFB7kujwpM0vVFCrYMY84B9QU9ZcBSeGS12Dwan19PP7rNw5JwmaiVCkSUsOYmr7UIEXfrWbj24v4Co%2BKMUqTCwheEnyGDEeuxTXgo82Q", "https://vtbehaviour.commondatastorage.googleapis.com/680b6b9dcfc4e18944b34f003c3ba3934cfbae1e6521ba5d97a990ac0cab85d9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455429&Signature=FWlNajPuGPFxtD8XeQzrtb5iPivBU7Ga5nKHG6J%2FwV9vwLyNT010RGSveOW50O7ioppbcqW0xdxaBXIjENhsIQl5M1TFNVUlQD1kqc8FwjMTiKTfIm9%2B72VGDY8AGdkLhckZg20Z%2BL%2ByR6SBGijabgbnNXbAbU24dtW36h2ogiQcTAfA9jYzZR42tdWIUklCYYlnSA5xEda10KId9upEckOmAXLtsaF0k5ILYDRFXt5e4ja%", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455546&Signature=IZCRPm9Ed0a5hwOhwkEacOTzr3u5gNTp37vRK4kYeB36CLUNNJJYxn9BNhaSEATsaIJxC2vqDUjWA2OP2YdfBax5wBciEmi8PtnLdn1UPUPgmwJZmgz8Po8n5Qq74WFK15Kcx%2BE8o1JgxjXW0S4ZYxfJUvquWMDk1y%2BJSxLaSUKoYjzCIf0XD5LvUQxucxy%2Ft%2FPf67IvjpGrNbbAAb80AEi0uGtxzBC1JzPsoVi30SFy540I%2BxdS", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455590&Signature=vW5kguynkaOpmP2MOYo1oppGXOcybw2ZUPbjQ8Us4xVE%2BKbM2l9ZBfYhCDdPjJ5zmdJpDZ3wsIiwQu7Znhkbe1v0N70RyTKt%2BdmtnvQ%2BkosICnyg33KxiSZPHJTxRUlu37aosZop5sxcJBteoZXZJIjh3NsqgO86FK8FZ2kS0wTz9PV%2FIbcEk2N6xNi%2FIxRyfEEhczN0BY1Hac5fHOnfNC7ahKZ%2BpIIUETyruSXfhEuR", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455664&Signature=cWXsCQXbrYAgUs6gehGGkKb9yz4gwNkJlUmCu%2FuUTv5MU%2B%2Fn35eDnMjj2FOB0Ca%2Bif70ypGfah5e0INzB4y240%2Fz%2Fklf3ZAaMDopV3ZijPjc1tPWZ3bTOLCr1NSANefeNXSw8avDSBQe3l1SG0CS1HvpJa4GF6DkXshm6KRaRgJt2aT9VBIP%2BOsu21Zq7zXch9L6PLQY8wBQdH6BO5OohFAaMJZuUqHsXErEfWC%2BzACHj", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455701&Signature=V5M0AbGDsDuKDf9J72VZUvh0eMG%2BxQ6ls9v0liWZgReUcBz%2FX%2Bzf7ezp4xsQqOCdoBNtNDihitko8C1B%2Ff0%2BLo4tZY6Enbhd0XpaVjc9LmjSDoBrFKAvPZfDXCFyQApdHvZ%2Bkp6Y1E6FspB%2B7mtH8D5mdtFPSwcsXLYec9vsPkBu47pGU7%2BAXxzgPpe0zFhloH7oVzswU7CS%2BdJ9rfse7aQkTYJtR1Ib49eeolPC%2F9c7ClUhRw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Inno", "display_name": "Inno", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 298, "FileHash-MD5": 37, "FileHash-SHA1": 25, "FileHash-SHA256": 69, "domain": 86, "hostname": 194 }, "indicator_count": 709, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d34cf6f105f3ffb88a394f", "name": "CAPE Sandbox MALWARE", "description": "A sample of malware found on a Windows 11 operating system: PK.i, or \"Ultimate\", on 19/11/2025, for the first time in the history of the Windows Operating System.", "modified": "2026-05-06T06:03:26.437000", "created": "2026-04-06T06:04:38.224000", "tags": [ "privacy futile", "basic", "software", "system", "test", "privacy webpage", "scan", "index1 rem", "cookie warnings", "malware", "service", "tencent", "panda", "file type", "urls", "ascii text", "found", "windows setup", "ascii", "crlf line", "creates", "unicode text", "utf8 text", "malicious", "persistence", "window", "info", "next", "regsz d", "regdword d", "at own", "risk as", "is without", "warranty of", "any kind", "add doh", "edge", "regdword", "mitre attack", "network info", "program", "t1055 process", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "info file", "windows sandbox", "clear filters", "tickcount", "detail info", "text", "classname", "funcoffset", "excpetion", "milliseconds", "offset", "filename", "behaviour", "except", "shell", "unknown", "class", "find", "back", "calls process", "inno", "full path", "behavior pid", "windir", "system32", "protocol level", "application", "yes dump", "http post", "query", "dns domain", "dump", "path", "performs dns", "ms windows", "pe file", "may try", "delphi" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455205&Signature=WYjP57LoTGtEBXJR2%2BEa43eaJKfwbDhSrAp8kKsFVF1dTwCu%2B%2FjRLKau3L4sX%2BhanxbeXpJN2HYRbWF5qWsouu67rocP5k01ElCUFgflj%2FUGbLGBujce99WW18Ye3Xycsw%2F0zn7KyE24K%2F%2BNr7K%2BEpfPvb4BxXPrStZVe6roovm%2BwUWhSwrjcK4d%2FYQC%2FyowTlXqtgg6hn60nlQUg56K3tUJ4kUP3l%2BZ1KDM", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455291&Signature=v9ZZBgXPY%2BlVPcZeiRq373fCYlMK0l%2FUoVDt%2FVDldarGQs7hauO0pCd02ulbEa1Myal5fd7dEAJJ4WU2AY33ukBd87xQ%2BL8iqBbky9L5Whrhm2IV9jLgZAPJgKQaVAy6RtoFzM4yUgWDgGRnjtNUkocXXFrqMcdqgWc8Y5UOzqxke4NhcN3g8HBKGPsTYgRTGywPWHdW%2FyYfbZ02sPBt1TbIch7gvePLGAZ%2BM7OE6HZ5XYdDDxF2Zp6NN5", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455342&Signature=MAtoQ8c5QDCA2roaR%2Fk6R1LBbZC33oZkOyInpcBjoZcrrFs9KbQqoJQd22uLQhc4VVEdLm9rHZMFDknQ7VUPID1dRlKyo6p1bHgy6C3Wyo7XC5KI7SmitO0%2B5TfbVa0fRN0OUh8UkJMH2y0OUicaTRA5J5GbaTQnZfDeFDsy%2B5LOsYD4JEa1Xo2xCDFHU%2FXxtypVw6%2FmJ6p%2BnxP3OoNDOyIHzWhvPHU2eJEHFpWVih0umfdH0z", "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455395&Signature=Rs0HmZ2fcdLf69x0K%2F5FWT%2F6xEh%2BLCbppJhdimEKddnnbJY%2BXNchBcRIcSBk7dQLPyFN%2B2Osy13sZQXw1jOoRqkPaA540snGr9ZA93hb%2BkwtUliwNL7MXwzJa5RO3yBt1DCigxkoy8ijf%2BFB7kujwpM0vVFCrYMY84B9QU9ZcBSeGS12Dwan19PP7rNw5JwmaiVCkSUsOYmr7UIEXfrWbj24v4Co%2BKMUqTCwheEnyGDEeuxTXgo82Q", "https://vtbehaviour.commondatastorage.googleapis.com/680b6b9dcfc4e18944b34f003c3ba3934cfbae1e6521ba5d97a990ac0cab85d9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455429&Signature=FWlNajPuGPFxtD8XeQzrtb5iPivBU7Ga5nKHG6J%2FwV9vwLyNT010RGSveOW50O7ioppbcqW0xdxaBXIjENhsIQl5M1TFNVUlQD1kqc8FwjMTiKTfIm9%2B72VGDY8AGdkLhckZg20Z%2BL%2ByR6SBGijabgbnNXbAbU24dtW36h2ogiQcTAfA9jYzZR42tdWIUklCYYlnSA5xEda10KId9upEckOmAXLtsaF0k5ILYDRFXt5e4ja%", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455546&Signature=IZCRPm9Ed0a5hwOhwkEacOTzr3u5gNTp37vRK4kYeB36CLUNNJJYxn9BNhaSEATsaIJxC2vqDUjWA2OP2YdfBax5wBciEmi8PtnLdn1UPUPgmwJZmgz8Po8n5Qq74WFK15Kcx%2BE8o1JgxjXW0S4ZYxfJUvquWMDk1y%2BJSxLaSUKoYjzCIf0XD5LvUQxucxy%2Ft%2FPf67IvjpGrNbbAAb80AEi0uGtxzBC1JzPsoVi30SFy540I%2BxdS", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455590&Signature=vW5kguynkaOpmP2MOYo1oppGXOcybw2ZUPbjQ8Us4xVE%2BKbM2l9ZBfYhCDdPjJ5zmdJpDZ3wsIiwQu7Znhkbe1v0N70RyTKt%2BdmtnvQ%2BkosICnyg33KxiSZPHJTxRUlu37aosZop5sxcJBteoZXZJIjh3NsqgO86FK8FZ2kS0wTz9PV%2FIbcEk2N6xNi%2FIxRyfEEhczN0BY1Hac5fHOnfNC7ahKZ%2BpIIUETyruSXfhEuR", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455664&Signature=cWXsCQXbrYAgUs6gehGGkKb9yz4gwNkJlUmCu%2FuUTv5MU%2B%2Fn35eDnMjj2FOB0Ca%2Bif70ypGfah5e0INzB4y240%2Fz%2Fklf3ZAaMDopV3ZijPjc1tPWZ3bTOLCr1NSANefeNXSw8avDSBQe3l1SG0CS1HvpJa4GF6DkXshm6KRaRgJt2aT9VBIP%2BOsu21Zq7zXch9L6PLQY8wBQdH6BO5OohFAaMJZuUqHsXErEfWC%2BzACHj", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455701&Signature=V5M0AbGDsDuKDf9J72VZUvh0eMG%2BxQ6ls9v0liWZgReUcBz%2FX%2Bzf7ezp4xsQqOCdoBNtNDihitko8C1B%2Ff0%2BLo4tZY6Enbhd0XpaVjc9LmjSDoBrFKAvPZfDXCFyQApdHvZ%2Bkp6Y1E6FspB%2B7mtH8D5mdtFPSwcsXLYec9vsPkBu47pGU7%2BAXxzgPpe0zFhloH7oVzswU7CS%2BdJ9rfse7aQkTYJtR1Ib49eeolPC%2F9c7ClUhRw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Inno", "display_name": "Inno", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 224, "FileHash-MD5": 23, "FileHash-SHA1": 17, "FileHash-SHA256": 37, "domain": 50, "hostname": 148 }, "indicator_count": 499, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a00c4c0c0aa442282399", "name": "Free messages platform", "description": "", "modified": "2023-12-06T16:23:40.032000", "created": "2023-12-06T16:23:40.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 182, "domain": 574, "URL": 1697, "hostname": 504, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2959, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64de2fd7d66d4e32a6853df3", "name": "Free messages platform", "description": "ALF:Trojan:MSIL/AgentTesla.KM\nWin.Dropper.Agent-33289\nWin32:Malware-gen\nWin32:TrojanX-gen\\ [Trj]\nWorm:Win32/AutoRun!atmn\n\nAffected internet instant messaging and VoIP social platform service,free voice and video chat service that enables users globally, to connect.", "modified": "2023-09-16T14:04:22.357000", "created": "2023-08-17T14:33:59.605000", "tags": [ "as13335", "united", "aaaa", "passive dns", "win32", "search", "status hostname", "query type", "address first", "seen last", "worm", "next", "body", "seen asn", "country" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "domain": 708, "hostname": 664, "URL": 1984, "FileHash-SHA256": 241 }, "indicator_count": 3599, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455590&Signature=vW5kguynkaOpmP2MOYo1oppGXOcybw2ZUPbjQ8Us4xVE%2BKbM2l9ZBfYhCDdPjJ5zmdJpDZ3wsIiwQu7Znhkbe1v0N70RyTKt%2BdmtnvQ%2BkosICnyg33KxiSZPHJTxRUlu37aosZop5sxcJBteoZXZJIjh3NsqgO86FK8FZ2kS0wTz9PV%2FIbcEk2N6xNi%2FIxRyfEEhczN0BY1Hac5fHOnfNC7ahKZ%2BpIIUETyruSXfhEuR", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455701&Signature=V5M0AbGDsDuKDf9J72VZUvh0eMG%2BxQ6ls9v0liWZgReUcBz%2FX%2Bzf7ezp4xsQqOCdoBNtNDihitko8C1B%2Ff0%2BLo4tZY6Enbhd0XpaVjc9LmjSDoBrFKAvPZfDXCFyQApdHvZ%2Bkp6Y1E6FspB%2B7mtH8D5mdtFPSwcsXLYec9vsPkBu47pGU7%2BAXxzgPpe0zFhloH7oVzswU7CS%2BdJ9rfse7aQkTYJtR1Ib49eeolPC%2F9c7ClUhRw", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455546&Signature=IZCRPm9Ed0a5hwOhwkEacOTzr3u5gNTp37vRK4kYeB36CLUNNJJYxn9BNhaSEATsaIJxC2vqDUjWA2OP2YdfBax5wBciEmi8PtnLdn1UPUPgmwJZmgz8Po8n5Qq74WFK15Kcx%2BE8o1JgxjXW0S4ZYxfJUvquWMDk1y%2BJSxLaSUKoYjzCIf0XD5LvUQxucxy%2Ft%2FPf67IvjpGrNbbAAb80AEi0uGtxzBC1JzPsoVi30SFy540I%2BxdS", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455291&Signature=v9ZZBgXPY%2BlVPcZeiRq373fCYlMK0l%2FUoVDt%2FVDldarGQs7hauO0pCd02ulbEa1Myal5fd7dEAJJ4WU2AY33ukBd87xQ%2BL8iqBbky9L5Whrhm2IV9jLgZAPJgKQaVAy6RtoFzM4yUgWDgGRnjtNUkocXXFrqMcdqgWc8Y5UOzqxke4NhcN3g8HBKGPsTYgRTGywPWHdW%2FyYfbZ02sPBt1TbIch7gvePLGAZ%2BM7OE6HZ5XYdDDxF2Zp6NN5", "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455205&Signature=WYjP57LoTGtEBXJR2%2BEa43eaJKfwbDhSrAp8kKsFVF1dTwCu%2B%2FjRLKau3L4sX%2BhanxbeXpJN2HYRbWF5qWsouu67rocP5k01ElCUFgflj%2FUGbLGBujce99WW18Ye3Xycsw%2F0zn7KyE24K%2F%2BNr7K%2BEpfPvb4BxXPrStZVe6roovm%2BwUWhSwrjcK4d%2FYQC%2FyowTlXqtgg6hn60nlQUg56K3tUJ4kUP3l%2BZ1KDM", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455342&Signature=MAtoQ8c5QDCA2roaR%2Fk6R1LBbZC33oZkOyInpcBjoZcrrFs9KbQqoJQd22uLQhc4VVEdLm9rHZMFDknQ7VUPID1dRlKyo6p1bHgy6C3Wyo7XC5KI7SmitO0%2B5TfbVa0fRN0OUh8UkJMH2y0OUicaTRA5J5GbaTQnZfDeFDsy%2B5LOsYD4JEa1Xo2xCDFHU%2FXxtypVw6%2FmJ6p%2BnxP3OoNDOyIHzWhvPHU2eJEHFpWVih0umfdH0z", "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455395&Signature=Rs0HmZ2fcdLf69x0K%2F5FWT%2F6xEh%2BLCbppJhdimEKddnnbJY%2BXNchBcRIcSBk7dQLPyFN%2B2Osy13sZQXw1jOoRqkPaA540snGr9ZA93hb%2BkwtUliwNL7MXwzJa5RO3yBt1DCigxkoy8ijf%2BFB7kujwpM0vVFCrYMY84B9QU9ZcBSeGS12Dwan19PP7rNw5JwmaiVCkSUsOYmr7UIEXfrWbj24v4Co%2BKMUqTCwheEnyGDEeuxTXgo82Q", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455664&Signature=cWXsCQXbrYAgUs6gehGGkKb9yz4gwNkJlUmCu%2FuUTv5MU%2B%2Fn35eDnMjj2FOB0Ca%2Bif70ypGfah5e0INzB4y240%2Fz%2Fklf3ZAaMDopV3ZijPjc1tPWZ3bTOLCr1NSANefeNXSw8avDSBQe3l1SG0CS1HvpJa4GF6DkXshm6KRaRgJt2aT9VBIP%2BOsu21Zq7zXch9L6PLQY8wBQdH6BO5OohFAaMJZuUqHsXErEfWC%2BzACHj", "https://vtbehaviour.commondatastorage.googleapis.com/680b6b9dcfc4e18944b34f003c3ba3934cfbae1e6521ba5d97a990ac0cab85d9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455429&Signature=FWlNajPuGPFxtD8XeQzrtb5iPivBU7Ga5nKHG6J%2FwV9vwLyNT010RGSveOW50O7ioppbcqW0xdxaBXIjENhsIQl5M1TFNVUlQD1kqc8FwjMTiKTfIm9%2B72VGDY8AGdkLhckZg20Z%2BL%2ByR6SBGijabgbnNXbAbU24dtW36h2ogiQcTAfA9jYzZR42tdWIUklCYYlnSA5xEda10KId9upEckOmAXLtsaF0k5ILYDRFXt5e4ja%" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Inno" ], "industries": [], "unique_indicators": 3531 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cloudflareresearch.com", "whois": "http://whois.domaintools.com/cloudflareresearch.com", "domain": "cloudflareresearch.com", "hostname": "pq.cloudflareresearch.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "69d34cf5a8011c62217875cd", "name": "CAPE Sandbox MALWARE", "description": "A sample of malware found on a Windows 11 operating system: PK.i, or \"Ultimate\", on 19/11/2025, for the first time in the history of the Windows Operating System.", "modified": "2026-05-06T06:03:26.437000", "created": "2026-04-06T06:04:37.512000", "tags": [ "privacy futile", "basic", "software", "system", "test", "privacy webpage", "scan", "index1 rem", "cookie warnings", "malware", "service", "tencent", "panda", "file type", "urls", "ascii text", "found", "windows setup", "ascii", "crlf line", "creates", "unicode text", "utf8 text", "malicious", "persistence", "window", "info", "next", "regsz d", "regdword d", "at own", "risk as", "is without", "warranty of", "any kind", "add doh", "edge", "regdword", "mitre attack", "network info", "program", "t1055 process", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "info file", "windows sandbox", "clear filters", "tickcount", "detail info", "text", "classname", "funcoffset", "excpetion", "milliseconds", "offset", "filename", "behaviour", "except", "shell", "unknown", "class", "find", "back", "calls process", "inno", "full path", "behavior pid", "windir", "system32", "protocol level", "application", "yes dump", "http post", "query", "dns domain", "dump", "path", "performs dns", "ms windows", "pe file", "may try", "delphi" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455205&Signature=WYjP57LoTGtEBXJR2%2BEa43eaJKfwbDhSrAp8kKsFVF1dTwCu%2B%2FjRLKau3L4sX%2BhanxbeXpJN2HYRbWF5qWsouu67rocP5k01ElCUFgflj%2FUGbLGBujce99WW18Ye3Xycsw%2F0zn7KyE24K%2F%2BNr7K%2BEpfPvb4BxXPrStZVe6roovm%2BwUWhSwrjcK4d%2FYQC%2FyowTlXqtgg6hn60nlQUg56K3tUJ4kUP3l%2BZ1KDM", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455291&Signature=v9ZZBgXPY%2BlVPcZeiRq373fCYlMK0l%2FUoVDt%2FVDldarGQs7hauO0pCd02ulbEa1Myal5fd7dEAJJ4WU2AY33ukBd87xQ%2BL8iqBbky9L5Whrhm2IV9jLgZAPJgKQaVAy6RtoFzM4yUgWDgGRnjtNUkocXXFrqMcdqgWc8Y5UOzqxke4NhcN3g8HBKGPsTYgRTGywPWHdW%2FyYfbZ02sPBt1TbIch7gvePLGAZ%2BM7OE6HZ5XYdDDxF2Zp6NN5", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455342&Signature=MAtoQ8c5QDCA2roaR%2Fk6R1LBbZC33oZkOyInpcBjoZcrrFs9KbQqoJQd22uLQhc4VVEdLm9rHZMFDknQ7VUPID1dRlKyo6p1bHgy6C3Wyo7XC5KI7SmitO0%2B5TfbVa0fRN0OUh8UkJMH2y0OUicaTRA5J5GbaTQnZfDeFDsy%2B5LOsYD4JEa1Xo2xCDFHU%2FXxtypVw6%2FmJ6p%2BnxP3OoNDOyIHzWhvPHU2eJEHFpWVih0umfdH0z", "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455395&Signature=Rs0HmZ2fcdLf69x0K%2F5FWT%2F6xEh%2BLCbppJhdimEKddnnbJY%2BXNchBcRIcSBk7dQLPyFN%2B2Osy13sZQXw1jOoRqkPaA540snGr9ZA93hb%2BkwtUliwNL7MXwzJa5RO3yBt1DCigxkoy8ijf%2BFB7kujwpM0vVFCrYMY84B9QU9ZcBSeGS12Dwan19PP7rNw5JwmaiVCkSUsOYmr7UIEXfrWbj24v4Co%2BKMUqTCwheEnyGDEeuxTXgo82Q", "https://vtbehaviour.commondatastorage.googleapis.com/680b6b9dcfc4e18944b34f003c3ba3934cfbae1e6521ba5d97a990ac0cab85d9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455429&Signature=FWlNajPuGPFxtD8XeQzrtb5iPivBU7Ga5nKHG6J%2FwV9vwLyNT010RGSveOW50O7ioppbcqW0xdxaBXIjENhsIQl5M1TFNVUlQD1kqc8FwjMTiKTfIm9%2B72VGDY8AGdkLhckZg20Z%2BL%2ByR6SBGijabgbnNXbAbU24dtW36h2ogiQcTAfA9jYzZR42tdWIUklCYYlnSA5xEda10KId9upEckOmAXLtsaF0k5ILYDRFXt5e4ja%", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455546&Signature=IZCRPm9Ed0a5hwOhwkEacOTzr3u5gNTp37vRK4kYeB36CLUNNJJYxn9BNhaSEATsaIJxC2vqDUjWA2OP2YdfBax5wBciEmi8PtnLdn1UPUPgmwJZmgz8Po8n5Qq74WFK15Kcx%2BE8o1JgxjXW0S4ZYxfJUvquWMDk1y%2BJSxLaSUKoYjzCIf0XD5LvUQxucxy%2Ft%2FPf67IvjpGrNbbAAb80AEi0uGtxzBC1JzPsoVi30SFy540I%2BxdS", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455590&Signature=vW5kguynkaOpmP2MOYo1oppGXOcybw2ZUPbjQ8Us4xVE%2BKbM2l9ZBfYhCDdPjJ5zmdJpDZ3wsIiwQu7Znhkbe1v0N70RyTKt%2BdmtnvQ%2BkosICnyg33KxiSZPHJTxRUlu37aosZop5sxcJBteoZXZJIjh3NsqgO86FK8FZ2kS0wTz9PV%2FIbcEk2N6xNi%2FIxRyfEEhczN0BY1Hac5fHOnfNC7ahKZ%2BpIIUETyruSXfhEuR", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455664&Signature=cWXsCQXbrYAgUs6gehGGkKb9yz4gwNkJlUmCu%2FuUTv5MU%2B%2Fn35eDnMjj2FOB0Ca%2Bif70ypGfah5e0INzB4y240%2Fz%2Fklf3ZAaMDopV3ZijPjc1tPWZ3bTOLCr1NSANefeNXSw8avDSBQe3l1SG0CS1HvpJa4GF6DkXshm6KRaRgJt2aT9VBIP%2BOsu21Zq7zXch9L6PLQY8wBQdH6BO5OohFAaMJZuUqHsXErEfWC%2BzACHj", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455701&Signature=V5M0AbGDsDuKDf9J72VZUvh0eMG%2BxQ6ls9v0liWZgReUcBz%2FX%2Bzf7ezp4xsQqOCdoBNtNDihitko8C1B%2Ff0%2BLo4tZY6Enbhd0XpaVjc9LmjSDoBrFKAvPZfDXCFyQApdHvZ%2Bkp6Y1E6FspB%2B7mtH8D5mdtFPSwcsXLYec9vsPkBu47pGU7%2BAXxzgPpe0zFhloH7oVzswU7CS%2BdJ9rfse7aQkTYJtR1Ib49eeolPC%2F9c7ClUhRw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Inno", "display_name": "Inno", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 298, "FileHash-MD5": 37, "FileHash-SHA1": 25, "FileHash-SHA256": 69, "domain": 86, "hostname": 194 }, "indicator_count": 709, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d34cf6f105f3ffb88a394f", "name": "CAPE Sandbox MALWARE", "description": "A sample of malware found on a Windows 11 operating system: PK.i, or \"Ultimate\", on 19/11/2025, for the first time in the history of the Windows Operating System.", "modified": "2026-05-06T06:03:26.437000", "created": "2026-04-06T06:04:38.224000", "tags": [ "privacy futile", "basic", "software", "system", "test", "privacy webpage", "scan", "index1 rem", "cookie warnings", "malware", "service", "tencent", "panda", "file type", "urls", "ascii text", "found", "windows setup", "ascii", "crlf line", "creates", "unicode text", "utf8 text", "malicious", "persistence", "window", "info", "next", "regsz d", "regdword d", "at own", "risk as", "is without", "warranty of", "any kind", "add doh", "edge", "regdword", "mitre attack", "network info", "program", "t1055 process", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "info file", "windows sandbox", "clear filters", "tickcount", "detail info", "text", "classname", "funcoffset", "excpetion", "milliseconds", "offset", "filename", "behaviour", "except", "shell", "unknown", "class", "find", "back", "calls process", "inno", "full path", "behavior pid", "windir", "system32", "protocol level", "application", "yes dump", "http post", "query", "dns domain", "dump", "path", "performs dns", "ms windows", "pe file", "may try", "delphi" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455205&Signature=WYjP57LoTGtEBXJR2%2BEa43eaJKfwbDhSrAp8kKsFVF1dTwCu%2B%2FjRLKau3L4sX%2BhanxbeXpJN2HYRbWF5qWsouu67rocP5k01ElCUFgflj%2FUGbLGBujce99WW18Ye3Xycsw%2F0zn7KyE24K%2F%2BNr7K%2BEpfPvb4BxXPrStZVe6roovm%2BwUWhSwrjcK4d%2FYQC%2FyowTlXqtgg6hn60nlQUg56K3tUJ4kUP3l%2BZ1KDM", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455291&Signature=v9ZZBgXPY%2BlVPcZeiRq373fCYlMK0l%2FUoVDt%2FVDldarGQs7hauO0pCd02ulbEa1Myal5fd7dEAJJ4WU2AY33ukBd87xQ%2BL8iqBbky9L5Whrhm2IV9jLgZAPJgKQaVAy6RtoFzM4yUgWDgGRnjtNUkocXXFrqMcdqgWc8Y5UOzqxke4NhcN3g8HBKGPsTYgRTGywPWHdW%2FyYfbZ02sPBt1TbIch7gvePLGAZ%2BM7OE6HZ5XYdDDxF2Zp6NN5", "https://vtbehaviour.commondatastorage.googleapis.com/6d300b1d4c96c6e853f42cd6865ff83892721d859f25bcd41973e1f3cbd5af1c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455342&Signature=MAtoQ8c5QDCA2roaR%2Fk6R1LBbZC33oZkOyInpcBjoZcrrFs9KbQqoJQd22uLQhc4VVEdLm9rHZMFDknQ7VUPID1dRlKyo6p1bHgy6C3Wyo7XC5KI7SmitO0%2B5TfbVa0fRN0OUh8UkJMH2y0OUicaTRA5J5GbaTQnZfDeFDsy%2B5LOsYD4JEa1Xo2xCDFHU%2FXxtypVw6%2FmJ6p%2BnxP3OoNDOyIHzWhvPHU2eJEHFpWVih0umfdH0z", "https://vtbehaviour.commondatastorage.googleapis.com/1059dd8c36a0298c9a4c051c2d6e3c59d17eb76bce7a382f79e36b122ce7a324_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455395&Signature=Rs0HmZ2fcdLf69x0K%2F5FWT%2F6xEh%2BLCbppJhdimEKddnnbJY%2BXNchBcRIcSBk7dQLPyFN%2B2Osy13sZQXw1jOoRqkPaA540snGr9ZA93hb%2BkwtUliwNL7MXwzJa5RO3yBt1DCigxkoy8ijf%2BFB7kujwpM0vVFCrYMY84B9QU9ZcBSeGS12Dwan19PP7rNw5JwmaiVCkSUsOYmr7UIEXfrWbj24v4Co%2BKMUqTCwheEnyGDEeuxTXgo82Q", "https://vtbehaviour.commondatastorage.googleapis.com/680b6b9dcfc4e18944b34f003c3ba3934cfbae1e6521ba5d97a990ac0cab85d9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455429&Signature=FWlNajPuGPFxtD8XeQzrtb5iPivBU7Ga5nKHG6J%2FwV9vwLyNT010RGSveOW50O7ioppbcqW0xdxaBXIjENhsIQl5M1TFNVUlQD1kqc8FwjMTiKTfIm9%2B72VGDY8AGdkLhckZg20Z%2BL%2ByR6SBGijabgbnNXbAbU24dtW36h2ogiQcTAfA9jYzZR42tdWIUklCYYlnSA5xEda10KId9upEckOmAXLtsaF0k5ILYDRFXt5e4ja%", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455546&Signature=IZCRPm9Ed0a5hwOhwkEacOTzr3u5gNTp37vRK4kYeB36CLUNNJJYxn9BNhaSEATsaIJxC2vqDUjWA2OP2YdfBax5wBciEmi8PtnLdn1UPUPgmwJZmgz8Po8n5Qq74WFK15Kcx%2BE8o1JgxjXW0S4ZYxfJUvquWMDk1y%2BJSxLaSUKoYjzCIf0XD5LvUQxucxy%2Ft%2FPf67IvjpGrNbbAAb80AEi0uGtxzBC1JzPsoVi30SFy540I%2BxdS", "https://vtbehaviour.commondatastorage.googleapis.com/f1360beb4d55c22bf0a39dd73a31864812ceb4b72950faad3bca92a1880fb9ec_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455590&Signature=vW5kguynkaOpmP2MOYo1oppGXOcybw2ZUPbjQ8Us4xVE%2BKbM2l9ZBfYhCDdPjJ5zmdJpDZ3wsIiwQu7Znhkbe1v0N70RyTKt%2BdmtnvQ%2BkosICnyg33KxiSZPHJTxRUlu37aosZop5sxcJBteoZXZJIjh3NsqgO86FK8FZ2kS0wTz9PV%2FIbcEk2N6xNi%2FIxRyfEEhczN0BY1Hac5fHOnfNC7ahKZ%2BpIIUETyruSXfhEuR", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455664&Signature=cWXsCQXbrYAgUs6gehGGkKb9yz4gwNkJlUmCu%2FuUTv5MU%2B%2Fn35eDnMjj2FOB0Ca%2Bif70ypGfah5e0INzB4y240%2Fz%2Fklf3ZAaMDopV3ZijPjc1tPWZ3bTOLCr1NSANefeNXSw8avDSBQe3l1SG0CS1HvpJa4GF6DkXshm6KRaRgJt2aT9VBIP%2BOsu21Zq7zXch9L6PLQY8wBQdH6BO5OohFAaMJZuUqHsXErEfWC%2BzACHj", "https://vtbehaviour.commondatastorage.googleapis.com/f15f29f297be717fa7f209c91f598cb16cc84803a25e4ac7ed0bf12f948dcbb7_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775455701&Signature=V5M0AbGDsDuKDf9J72VZUvh0eMG%2BxQ6ls9v0liWZgReUcBz%2FX%2Bzf7ezp4xsQqOCdoBNtNDihitko8C1B%2Ff0%2BLo4tZY6Enbhd0XpaVjc9LmjSDoBrFKAvPZfDXCFyQApdHvZ%2Bkp6Y1E6FspB%2B7mtH8D5mdtFPSwcsXLYec9vsPkBu47pGU7%2BAXxzgPpe0zFhloH7oVzswU7CS%2BdJ9rfse7aQkTYJtR1Ib49eeolPC%2F9c7ClUhRw" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Inno", "display_name": "Inno", "target": null } ], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1505", "name": "Server Software Component", "display_name": "T1505 - Server Software Component" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 224, "FileHash-MD5": 23, "FileHash-SHA1": 17, "FileHash-SHA256": 37, "domain": 50, "hostname": 148 }, "indicator_count": 499, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6570a00c4c0c0aa442282399", "name": "Free messages platform", "description": "", "modified": "2023-12-06T16:23:40.032000", "created": "2023-12-06T16:23:40.032000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 182, "domain": 574, "URL": 1697, "hostname": 504, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2959, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "909 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64de2fd7d66d4e32a6853df3", "name": "Free messages platform", "description": "ALF:Trojan:MSIL/AgentTesla.KM\nWin.Dropper.Agent-33289\nWin32:Malware-gen\nWin32:TrojanX-gen\\ [Trj]\nWorm:Win32/AutoRun!atmn\n\nAffected internet instant messaging and VoIP social platform service,free voice and video chat service that enables users globally, to connect.", "modified": "2023-09-16T14:04:22.357000", "created": "2023-08-17T14:33:59.605000", "tags": [ "as13335", "united", "aaaa", "passive dns", "win32", "search", "status hostname", "query type", "address first", "seen last", "worm", "next", "body", "seen asn", "country" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "domain": 708, "hostname": 664, "URL": 1984, "FileHash-SHA256": 241 }, "indicator_count": 3599, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "990 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://pq.cloudflareresearch.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://pq.cloudflareresearch.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780473670.4727495 }