{
  "type": "URL",
  "indicator": "https://roaming.svc.cloud.microsoft/rs/v1/settingsFrequency",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://roaming.svc.cloud.microsoft/rs/v1/settingsFrequency",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4140454542,
      "indicator": "https://roaming.svc.cloud.microsoft/rs/v1/settingsFrequency",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 12,
      "pulses": [
        {
          "id": "6a10b5fcbae6ff7196fadd8a",
          "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
          "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
          "modified": "2026-05-22T20:24:24.934000",
          "created": "2026-05-22T20:01:00.435000",
          "tags": [
            "table",
            "postfix",
            "eest",
            "tbody",
            "span",
            "deliveredto",
            "bayesspam",
            "fromeqenvfrom",
            "fromhasdn",
            "ipreputation",
            "date",
            "title",
            "nextron",
            "word",
            "file type",
            "ascii text",
            "crlf line",
            "sigma",
            "mitre attack",
            "network info",
            "dropped info",
            "use short",
            "name path",
            "windows folder",
            "next",
            "kyiv registrant",
            "country",
            "server",
            "hosting ukraine",
            "registrar",
            "kyiv",
            "query time",
            "uaepp name",
            "internet invest",
            "whois privacy",
            "domain name",
            "thumbprint",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cnr13",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "x509v3 key",
            "encrypt cnr11",
            "encrypt cnr10",
            "encrypt cnr3",
            "aaaa",
            "utf8",
            "rsapss",
            "sha256",
            "esmtps id",
            "e41f26401ec",
            "office",
            "esmtps",
            "https",
            "creates",
            "tls version",
            "dbe4b640081",
            "esmtp id",
            "ebe855402e7",
            "system number",
            "label hosting",
            "ukraine ltd",
            "registry ripe",
            "ncc country",
            "ua continent",
            "handle",
            "address range",
            "cidr",
            "network name",
            "type",
            "assigned pa",
            "status",
            "whois server",
            "po box",
            "kiev",
            "ukraine adminc",
            "ripe",
            "filtered route",
            "default",
            "shell folders",
            "inprocserver32",
            "parent pid",
            "full path",
            "command line",
            "cname",
            "folders",
            "accept",
            "gmt ifnonematch",
            "shutdown",
            "config",
            "contact domain",
            "holder",
            "available from",
            "kiev region",
            "code",
            "llc admin",
            "icann whois",
            "registry tech",
            "form",
            "tech",
            "ripe ncc",
            "as200000 city",
            "abuse contact",
            "orgid",
            "address",
            "orgabuseref",
            "ripe network",
            "postalcode",
            "overview",
            "banned",
            "malicious",
            "duration cuckoo",
            "version file",
            "machine label",
            "manager",
            "malware config",
            "type emotet",
            "jenny",
            "esmtp",
            "adumitriu",
            "xagvyej",
            "jenny green",
            "subject",
            "hello",
            "kind",
            "gsd support",
            "drops",
            "internet",
            "http",
            "performs dns",
            "yara",
            "t1055 process",
            "persistence",
            "emotet",
            "02025",
            "apple",
            "enterprise",
            "united",
            "traces back to usa",
            "bankers trojan"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1018",
              "name": "Remote System Discovery",
              "display_name": "T1018 - Remote System Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "IPv4": 194,
            "CIDR": 63,
            "FileHash-MD5": 397,
            "FileHash-SHA1": 112,
            "FileHash-SHA256": 506,
            "URL": 500,
            "domain": 152,
            "email": 19,
            "hostname": 624,
            "CVE": 1,
            "IPv6": 53,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 2623,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "8 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a10b601afa660d39df59585",
          "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
          "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
          "modified": "2026-05-22T20:24:23.966000",
          "created": "2026-05-22T20:01:05.318000",
          "tags": [
            "table",
            "postfix",
            "eest",
            "tbody",
            "span",
            "deliveredto",
            "bayesspam",
            "fromeqenvfrom",
            "fromhasdn",
            "ipreputation",
            "date",
            "title",
            "nextron",
            "word",
            "file type",
            "ascii text",
            "crlf line",
            "sigma",
            "mitre attack",
            "network info",
            "dropped info",
            "use short",
            "name path",
            "windows folder",
            "next",
            "kyiv registrant",
            "country",
            "server",
            "hosting ukraine",
            "registrar",
            "kyiv",
            "query time",
            "uaepp name",
            "internet invest",
            "whois privacy",
            "domain name",
            "thumbprint",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cnr13",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "x509v3 key",
            "encrypt cnr11",
            "encrypt cnr10",
            "encrypt cnr3",
            "aaaa",
            "utf8",
            "rsapss",
            "sha256",
            "esmtps id",
            "e41f26401ec",
            "office",
            "esmtps",
            "https",
            "creates",
            "tls version",
            "dbe4b640081",
            "esmtp id",
            "ebe855402e7",
            "system number",
            "label hosting",
            "ukraine ltd",
            "registry ripe",
            "ncc country",
            "ua continent",
            "handle",
            "address range",
            "cidr",
            "network name",
            "type",
            "assigned pa",
            "status",
            "whois server",
            "po box",
            "kiev",
            "ukraine adminc",
            "ripe",
            "filtered route",
            "default",
            "shell folders",
            "inprocserver32",
            "parent pid",
            "full path",
            "command line",
            "cname",
            "folders",
            "accept",
            "gmt ifnonematch",
            "shutdown",
            "config",
            "contact domain",
            "holder",
            "available from",
            "kiev region",
            "code",
            "llc admin",
            "icann whois",
            "registry tech",
            "form",
            "tech",
            "ripe ncc",
            "as200000 city",
            "abuse contact",
            "orgid",
            "address",
            "orgabuseref",
            "ripe network",
            "postalcode",
            "overview",
            "banned",
            "malicious",
            "duration cuckoo",
            "version file",
            "machine label",
            "manager",
            "malware config",
            "type emotet",
            "jenny",
            "esmtp",
            "adumitriu",
            "xagvyej",
            "jenny green",
            "subject",
            "hello",
            "kind",
            "gsd support",
            "drops",
            "internet",
            "http",
            "performs dns",
            "yara",
            "t1055 process",
            "persistence",
            "emotet",
            "02025",
            "apple",
            "enterprise",
            "united",
            "traces back to usa",
            "bankers trojan"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1018",
              "name": "Remote System Discovery",
              "display_name": "T1018 - Remote System Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "IPv4": 217,
            "CIDR": 63,
            "FileHash-MD5": 399,
            "FileHash-SHA1": 114,
            "FileHash-SHA256": 513,
            "URL": 605,
            "domain": 328,
            "email": 21,
            "hostname": 694,
            "CVE": 1,
            "IPv6": 53,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 3010,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "8 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a10b5fc8feb5a31eedfc0ec",
          "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
          "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
          "modified": "2026-05-22T20:00:59.988000",
          "created": "2026-05-22T20:00:59.988000",
          "tags": [
            "table",
            "postfix",
            "eest",
            "tbody",
            "span",
            "deliveredto",
            "bayesspam",
            "fromeqenvfrom",
            "fromhasdn",
            "ipreputation",
            "date",
            "title",
            "nextron",
            "word",
            "file type",
            "ascii text",
            "crlf line",
            "sigma",
            "mitre attack",
            "network info",
            "dropped info",
            "use short",
            "name path",
            "windows folder",
            "next",
            "kyiv registrant",
            "country",
            "server",
            "hosting ukraine",
            "registrar",
            "kyiv",
            "query time",
            "uaepp name",
            "internet invest",
            "whois privacy",
            "domain name",
            "thumbprint",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cnr13",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "x509v3 key",
            "encrypt cnr11",
            "encrypt cnr10",
            "encrypt cnr3",
            "aaaa",
            "utf8",
            "rsapss",
            "sha256",
            "esmtps id",
            "e41f26401ec",
            "office",
            "esmtps",
            "https",
            "creates",
            "tls version",
            "dbe4b640081",
            "esmtp id",
            "ebe855402e7",
            "system number",
            "label hosting",
            "ukraine ltd",
            "registry ripe",
            "ncc country",
            "ua continent",
            "handle",
            "address range",
            "cidr",
            "network name",
            "type",
            "assigned pa",
            "status",
            "whois server",
            "po box",
            "kiev",
            "ukraine adminc",
            "ripe",
            "filtered route",
            "default",
            "shell folders",
            "inprocserver32",
            "parent pid",
            "full path",
            "command line",
            "cname",
            "folders",
            "accept",
            "gmt ifnonematch",
            "shutdown",
            "config",
            "contact domain",
            "holder",
            "available from",
            "kiev region",
            "code",
            "llc admin",
            "icann whois",
            "registry tech",
            "form",
            "tech",
            "ripe ncc",
            "as200000 city",
            "abuse contact",
            "orgid",
            "address",
            "orgabuseref",
            "ripe network",
            "postalcode",
            "overview",
            "banned",
            "malicious",
            "duration cuckoo",
            "version file",
            "machine label",
            "manager",
            "malware config",
            "type emotet",
            "jenny",
            "esmtp",
            "adumitriu",
            "xagvyej",
            "jenny green",
            "subject",
            "hello",
            "kind",
            "gsd support",
            "drops",
            "internet",
            "http",
            "performs dns",
            "yara",
            "t1055 process",
            "persistence",
            "emotet",
            "02025",
            "apple",
            "enterprise",
            "united",
            "traces back to usa",
            "bankers trojan"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1018",
              "name": "Remote System Discovery",
              "display_name": "T1018 - Remote System Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "IPv4": 194,
            "CIDR": 63,
            "FileHash-MD5": 397,
            "FileHash-SHA1": 112,
            "FileHash-SHA256": 506,
            "URL": 500,
            "domain": 152,
            "email": 19,
            "hostname": 624,
            "CVE": 1,
            "IPv6": 53,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 2623,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "8 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a10b5eb25a8421d03c37021",
          "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
          "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
          "modified": "2026-05-22T20:00:43.360000",
          "created": "2026-05-22T20:00:43.360000",
          "tags": [
            "table",
            "postfix",
            "eest",
            "tbody",
            "span",
            "deliveredto",
            "bayesspam",
            "fromeqenvfrom",
            "fromhasdn",
            "ipreputation",
            "date",
            "title",
            "nextron",
            "word",
            "file type",
            "ascii text",
            "crlf line",
            "sigma",
            "mitre attack",
            "network info",
            "dropped info",
            "use short",
            "name path",
            "windows folder",
            "next",
            "kyiv registrant",
            "country",
            "server",
            "hosting ukraine",
            "registrar",
            "kyiv",
            "query time",
            "uaepp name",
            "internet invest",
            "whois privacy",
            "domain name",
            "thumbprint",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cnr13",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "x509v3 key",
            "encrypt cnr11",
            "encrypt cnr10",
            "encrypt cnr3",
            "aaaa",
            "utf8",
            "rsapss",
            "sha256",
            "esmtps id",
            "e41f26401ec",
            "office",
            "esmtps",
            "https",
            "creates",
            "tls version",
            "dbe4b640081",
            "esmtp id",
            "ebe855402e7",
            "system number",
            "label hosting",
            "ukraine ltd",
            "registry ripe",
            "ncc country",
            "ua continent",
            "handle",
            "address range",
            "cidr",
            "network name",
            "type",
            "assigned pa",
            "status",
            "whois server",
            "po box",
            "kiev",
            "ukraine adminc",
            "ripe",
            "filtered route",
            "default",
            "shell folders",
            "inprocserver32",
            "parent pid",
            "full path",
            "command line",
            "cname",
            "folders",
            "accept",
            "gmt ifnonematch",
            "shutdown",
            "config",
            "contact domain",
            "holder",
            "available from",
            "kiev region",
            "code",
            "llc admin",
            "icann whois",
            "registry tech",
            "form",
            "tech",
            "ripe ncc",
            "as200000 city",
            "abuse contact",
            "orgid",
            "address",
            "orgabuseref",
            "ripe network",
            "postalcode",
            "overview",
            "banned",
            "malicious",
            "duration cuckoo",
            "version file",
            "machine label",
            "manager",
            "malware config",
            "type emotet",
            "jenny",
            "esmtp",
            "adumitriu",
            "xagvyej",
            "jenny green",
            "subject",
            "hello",
            "kind",
            "gsd support",
            "drops",
            "internet",
            "http",
            "performs dns",
            "yara",
            "t1055 process",
            "persistence",
            "emotet",
            "02025",
            "apple",
            "enterprise",
            "united",
            "traces back to usa",
            "bankers trojan"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1018",
              "name": "Remote System Discovery",
              "display_name": "T1018 - Remote System Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "IPv4": 194,
            "CIDR": 63,
            "FileHash-MD5": 397,
            "FileHash-SHA1": 112,
            "FileHash-SHA256": 506,
            "URL": 500,
            "domain": 152,
            "email": 19,
            "hostname": 624,
            "CVE": 1,
            "IPv6": 53,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 2623,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "8 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a10b5eae1aa45c197c5f4cd",
          "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
          "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
          "modified": "2026-05-22T20:00:42.869000",
          "created": "2026-05-22T20:00:42.869000",
          "tags": [
            "table",
            "postfix",
            "eest",
            "tbody",
            "span",
            "deliveredto",
            "bayesspam",
            "fromeqenvfrom",
            "fromhasdn",
            "ipreputation",
            "date",
            "title",
            "nextron",
            "word",
            "file type",
            "ascii text",
            "crlf line",
            "sigma",
            "mitre attack",
            "network info",
            "dropped info",
            "use short",
            "name path",
            "windows folder",
            "next",
            "kyiv registrant",
            "country",
            "server",
            "hosting ukraine",
            "registrar",
            "kyiv",
            "query time",
            "uaepp name",
            "internet invest",
            "whois privacy",
            "domain name",
            "thumbprint",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cnr13",
            "validity",
            "subject public",
            "key info",
            "key algorithm",
            "x509v3 key",
            "encrypt cnr11",
            "encrypt cnr10",
            "encrypt cnr3",
            "aaaa",
            "utf8",
            "rsapss",
            "sha256",
            "esmtps id",
            "e41f26401ec",
            "office",
            "esmtps",
            "https",
            "creates",
            "tls version",
            "dbe4b640081",
            "esmtp id",
            "ebe855402e7",
            "system number",
            "label hosting",
            "ukraine ltd",
            "registry ripe",
            "ncc country",
            "ua continent",
            "handle",
            "address range",
            "cidr",
            "network name",
            "type",
            "assigned pa",
            "status",
            "whois server",
            "po box",
            "kiev",
            "ukraine adminc",
            "ripe",
            "filtered route",
            "default",
            "shell folders",
            "inprocserver32",
            "parent pid",
            "full path",
            "command line",
            "cname",
            "folders",
            "accept",
            "gmt ifnonematch",
            "shutdown",
            "config",
            "contact domain",
            "holder",
            "available from",
            "kiev region",
            "code",
            "llc admin",
            "icann whois",
            "registry tech",
            "form",
            "tech",
            "ripe ncc",
            "as200000 city",
            "abuse contact",
            "orgid",
            "address",
            "orgabuseref",
            "ripe network",
            "postalcode",
            "overview",
            "banned",
            "malicious",
            "duration cuckoo",
            "version file",
            "machine label",
            "manager",
            "malware config",
            "type emotet",
            "jenny",
            "esmtp",
            "adumitriu",
            "xagvyej",
            "jenny green",
            "subject",
            "hello",
            "kind",
            "gsd support",
            "drops",
            "internet",
            "http",
            "performs dns",
            "yara",
            "t1055 process",
            "persistence",
            "emotet",
            "02025",
            "apple",
            "enterprise",
            "united",
            "traces back to usa",
            "bankers trojan"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
            "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
            "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
            "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
            "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1018",
              "name": "Remote System Discovery",
              "display_name": "T1018 - Remote System Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "IPv4": 194,
            "CIDR": 63,
            "FileHash-MD5": 397,
            "FileHash-SHA1": 112,
            "FileHash-SHA256": 506,
            "URL": 500,
            "domain": 152,
            "email": 19,
            "hostname": 624,
            "CVE": 1,
            "IPv6": 53,
            "Mutex": 1,
            "URI": 1
          },
          "indicator_count": 2623,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "8 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0f2fff74afb88c843c8e2",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
          "modified": "2026-05-04T11:07:34.307000",
          "created": "2026-04-04T11:16:15.970000",
          "tags": [
            "log id",
            "gmtn",
            "digicert global",
            "g2 tls",
            "rsa sha256",
            "tls web",
            "full name",
            "digicert inc",
            "florida",
            "terrace",
            "path",
            "false",
            "linkedin",
            "scituate",
            "town",
            "location",
            "plymouth",
            "view erica",
            "souris",
            "erica souris",
            "souris al",
            "erica og",
            "iframe tags",
            "google tag",
            "manager",
            "status code",
            "body length",
            "kb body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 298,
            "FileHash-SHA256": 602,
            "SSLCertFingerprint": 2,
            "hostname": 278,
            "URL": 441,
            "domain": 106,
            "FileHash-SHA1": 29,
            "email": 1,
            "CVE": 1
          },
          "indicator_count": 1758,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0f3013ab8f8fb20d6f6cc",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
          "modified": "2026-05-04T11:07:34.307000",
          "created": "2026-04-04T11:16:17.251000",
          "tags": [
            "log id",
            "gmtn",
            "digicert global",
            "g2 tls",
            "rsa sha256",
            "tls web",
            "full name",
            "digicert inc",
            "florida",
            "terrace",
            "path",
            "false",
            "linkedin",
            "scituate",
            "town",
            "location",
            "plymouth",
            "view erica",
            "souris",
            "erica souris",
            "souris al",
            "erica og",
            "iframe tags",
            "google tag",
            "manager",
            "status code",
            "body length",
            "kb body"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 298,
            "FileHash-SHA256": 602,
            "SSLCertFingerprint": 2,
            "hostname": 278,
            "URL": 441,
            "domain": 106,
            "FileHash-SHA1": 29,
            "email": 1,
            "CVE": 1
          },
          "indicator_count": 1758,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec10ab26722b8dbd382",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-05-04T09:07:45.626000",
          "created": "2026-04-04T09:49:52.991000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1856,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec2efedd87c3a05cc10",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-05-04T09:07:45.626000",
          "created": "2026-04-04T09:49:54.810000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1856,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec535ae0f94d37ccefb",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-05-04T09:07:45.626000",
          "created": "2026-04-04T09:49:57.171000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1856,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec7d1e663f23697fcd5",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-05-04T09:07:45.626000",
          "created": "2026-04-04T09:49:59.346000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1
          },
          "indicator_count": 1856,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0dec9f83643549f2d60c3",
          "name": "VirusTotal report\n                    for report.eml",
          "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
          "modified": "2026-05-04T09:07:45.626000",
          "created": "2026-04-04T09:50:01.067000",
          "tags": [
            "non dsp",
            "cor cura",
            "cookie",
            "dynamic",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "gz6mbt0grch",
            "utc ua743607001",
            "acceptencoding",
            "toggle",
            "nxdomain",
            "windows",
            "analysis",
            "files mitre",
            "xe9xaf",
            "jyx9611xb1",
            "xe3xfcxfexabe",
            "source source",
            "file name",
            "strings",
            "first",
            "path",
            "enterprise",
            "service",
            "close",
            "richard massina",
            "rocketreach",
            "email",
            "phone number",
            "clifford",
            "kenny",
            "llp associate",
            "get richard",
            "massina",
            "information og",
            "file type",
            "sigma",
            "united",
            "https",
            "mitre attack",
            "network info",
            "windows folder",
            "office macro",
            "creates",
            "office outbound",
            "phishing",
            "malicious",
            "next",
            "settings",
            "first counter",
            "default",
            "inprocserver32",
            "inprochandler32",
            "mbisslshort",
            "bearer",
            "cname",
            "mwdb",
            "bazaar",
            "bridge",
            "info",
            "accept",
            "date",
            "agent",
            "shutdown",
            "root",
            "secchuamodel",
            "excellent",
            "windows sandbox",
            "calls process",
            "hull times",
            "carol britton",
            "meyer",
            "kenny law",
            "town counsel",
            "james lampke",
            "june",
            "hiring",
            "performs dns",
            "urls",
            "found",
            "belgium",
            "processes extra",
            "t1055 process",
            "script",
            "hull",
            "head",
            "title",
            "nothing",
            "file execution",
            "error",
            "parent pid",
            "full path",
            "command line",
            "registry keys",
            "error reporting",
            "registrya",
            "localsm0504064"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
            "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
            "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
            "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1571",
              "name": "Non-Standard Port",
              "display_name": "T1571 - Non-Standard Port"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 407,
            "domain": 195,
            "hostname": 309,
            "FileHash-SHA256": 607,
            "FileHash-MD5": 306,
            "FileHash-SHA1": 31,
            "email": 1,
            "YARA": 1,
            "CVE": 1
          },
          "indicator_count": 1858,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 68,
          "modified_text": "26 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
        "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 4785
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/cloud.microsoft",
    "whois": "http://whois.domaintools.com/cloud.microsoft",
    "domain": "cloud.microsoft",
    "hostname": "roaming.svc.cloud.microsoft"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 12,
  "pulses": [
    {
      "id": "6a10b5fcbae6ff7196fadd8a",
      "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
      "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
      "modified": "2026-05-22T20:24:24.934000",
      "created": "2026-05-22T20:01:00.435000",
      "tags": [
        "table",
        "postfix",
        "eest",
        "tbody",
        "span",
        "deliveredto",
        "bayesspam",
        "fromeqenvfrom",
        "fromhasdn",
        "ipreputation",
        "date",
        "title",
        "nextron",
        "word",
        "file type",
        "ascii text",
        "crlf line",
        "sigma",
        "mitre attack",
        "network info",
        "dropped info",
        "use short",
        "name path",
        "windows folder",
        "next",
        "kyiv registrant",
        "country",
        "server",
        "hosting ukraine",
        "registrar",
        "kyiv",
        "query time",
        "uaepp name",
        "internet invest",
        "whois privacy",
        "domain name",
        "thumbprint",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cus olet",
        "encrypt cnr13",
        "validity",
        "subject public",
        "key info",
        "key algorithm",
        "x509v3 key",
        "encrypt cnr11",
        "encrypt cnr10",
        "encrypt cnr3",
        "aaaa",
        "utf8",
        "rsapss",
        "sha256",
        "esmtps id",
        "e41f26401ec",
        "office",
        "esmtps",
        "https",
        "creates",
        "tls version",
        "dbe4b640081",
        "esmtp id",
        "ebe855402e7",
        "system number",
        "label hosting",
        "ukraine ltd",
        "registry ripe",
        "ncc country",
        "ua continent",
        "handle",
        "address range",
        "cidr",
        "network name",
        "type",
        "assigned pa",
        "status",
        "whois server",
        "po box",
        "kiev",
        "ukraine adminc",
        "ripe",
        "filtered route",
        "default",
        "shell folders",
        "inprocserver32",
        "parent pid",
        "full path",
        "command line",
        "cname",
        "folders",
        "accept",
        "gmt ifnonematch",
        "shutdown",
        "config",
        "contact domain",
        "holder",
        "available from",
        "kiev region",
        "code",
        "llc admin",
        "icann whois",
        "registry tech",
        "form",
        "tech",
        "ripe ncc",
        "as200000 city",
        "abuse contact",
        "orgid",
        "address",
        "orgabuseref",
        "ripe network",
        "postalcode",
        "overview",
        "banned",
        "malicious",
        "duration cuckoo",
        "version file",
        "machine label",
        "manager",
        "malware config",
        "type emotet",
        "jenny",
        "esmtp",
        "adumitriu",
        "xagvyej",
        "jenny green",
        "subject",
        "hello",
        "kind",
        "gsd support",
        "drops",
        "internet",
        "http",
        "performs dns",
        "yara",
        "t1055 process",
        "persistence",
        "emotet",
        "02025",
        "apple",
        "enterprise",
        "united",
        "traces back to usa",
        "bankers trojan"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1018",
          "name": "Remote System Discovery",
          "display_name": "T1018 - Remote System Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "IPv4": 194,
        "CIDR": 63,
        "FileHash-MD5": 397,
        "FileHash-SHA1": 112,
        "FileHash-SHA256": 506,
        "URL": 500,
        "domain": 152,
        "email": 19,
        "hostname": 624,
        "CVE": 1,
        "IPv6": 53,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 2623,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "8 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a10b601afa660d39df59585",
      "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
      "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
      "modified": "2026-05-22T20:24:23.966000",
      "created": "2026-05-22T20:01:05.318000",
      "tags": [
        "table",
        "postfix",
        "eest",
        "tbody",
        "span",
        "deliveredto",
        "bayesspam",
        "fromeqenvfrom",
        "fromhasdn",
        "ipreputation",
        "date",
        "title",
        "nextron",
        "word",
        "file type",
        "ascii text",
        "crlf line",
        "sigma",
        "mitre attack",
        "network info",
        "dropped info",
        "use short",
        "name path",
        "windows folder",
        "next",
        "kyiv registrant",
        "country",
        "server",
        "hosting ukraine",
        "registrar",
        "kyiv",
        "query time",
        "uaepp name",
        "internet invest",
        "whois privacy",
        "domain name",
        "thumbprint",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cus olet",
        "encrypt cnr13",
        "validity",
        "subject public",
        "key info",
        "key algorithm",
        "x509v3 key",
        "encrypt cnr11",
        "encrypt cnr10",
        "encrypt cnr3",
        "aaaa",
        "utf8",
        "rsapss",
        "sha256",
        "esmtps id",
        "e41f26401ec",
        "office",
        "esmtps",
        "https",
        "creates",
        "tls version",
        "dbe4b640081",
        "esmtp id",
        "ebe855402e7",
        "system number",
        "label hosting",
        "ukraine ltd",
        "registry ripe",
        "ncc country",
        "ua continent",
        "handle",
        "address range",
        "cidr",
        "network name",
        "type",
        "assigned pa",
        "status",
        "whois server",
        "po box",
        "kiev",
        "ukraine adminc",
        "ripe",
        "filtered route",
        "default",
        "shell folders",
        "inprocserver32",
        "parent pid",
        "full path",
        "command line",
        "cname",
        "folders",
        "accept",
        "gmt ifnonematch",
        "shutdown",
        "config",
        "contact domain",
        "holder",
        "available from",
        "kiev region",
        "code",
        "llc admin",
        "icann whois",
        "registry tech",
        "form",
        "tech",
        "ripe ncc",
        "as200000 city",
        "abuse contact",
        "orgid",
        "address",
        "orgabuseref",
        "ripe network",
        "postalcode",
        "overview",
        "banned",
        "malicious",
        "duration cuckoo",
        "version file",
        "machine label",
        "manager",
        "malware config",
        "type emotet",
        "jenny",
        "esmtp",
        "adumitriu",
        "xagvyej",
        "jenny green",
        "subject",
        "hello",
        "kind",
        "gsd support",
        "drops",
        "internet",
        "http",
        "performs dns",
        "yara",
        "t1055 process",
        "persistence",
        "emotet",
        "02025",
        "apple",
        "enterprise",
        "united",
        "traces back to usa",
        "bankers trojan"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1018",
          "name": "Remote System Discovery",
          "display_name": "T1018 - Remote System Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "IPv4": 217,
        "CIDR": 63,
        "FileHash-MD5": 399,
        "FileHash-SHA1": 114,
        "FileHash-SHA256": 513,
        "URL": 605,
        "domain": 328,
        "email": 21,
        "hostname": 694,
        "CVE": 1,
        "IPv6": 53,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 3010,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "8 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a10b5fc8feb5a31eedfc0ec",
      "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
      "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
      "modified": "2026-05-22T20:00:59.988000",
      "created": "2026-05-22T20:00:59.988000",
      "tags": [
        "table",
        "postfix",
        "eest",
        "tbody",
        "span",
        "deliveredto",
        "bayesspam",
        "fromeqenvfrom",
        "fromhasdn",
        "ipreputation",
        "date",
        "title",
        "nextron",
        "word",
        "file type",
        "ascii text",
        "crlf line",
        "sigma",
        "mitre attack",
        "network info",
        "dropped info",
        "use short",
        "name path",
        "windows folder",
        "next",
        "kyiv registrant",
        "country",
        "server",
        "hosting ukraine",
        "registrar",
        "kyiv",
        "query time",
        "uaepp name",
        "internet invest",
        "whois privacy",
        "domain name",
        "thumbprint",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cus olet",
        "encrypt cnr13",
        "validity",
        "subject public",
        "key info",
        "key algorithm",
        "x509v3 key",
        "encrypt cnr11",
        "encrypt cnr10",
        "encrypt cnr3",
        "aaaa",
        "utf8",
        "rsapss",
        "sha256",
        "esmtps id",
        "e41f26401ec",
        "office",
        "esmtps",
        "https",
        "creates",
        "tls version",
        "dbe4b640081",
        "esmtp id",
        "ebe855402e7",
        "system number",
        "label hosting",
        "ukraine ltd",
        "registry ripe",
        "ncc country",
        "ua continent",
        "handle",
        "address range",
        "cidr",
        "network name",
        "type",
        "assigned pa",
        "status",
        "whois server",
        "po box",
        "kiev",
        "ukraine adminc",
        "ripe",
        "filtered route",
        "default",
        "shell folders",
        "inprocserver32",
        "parent pid",
        "full path",
        "command line",
        "cname",
        "folders",
        "accept",
        "gmt ifnonematch",
        "shutdown",
        "config",
        "contact domain",
        "holder",
        "available from",
        "kiev region",
        "code",
        "llc admin",
        "icann whois",
        "registry tech",
        "form",
        "tech",
        "ripe ncc",
        "as200000 city",
        "abuse contact",
        "orgid",
        "address",
        "orgabuseref",
        "ripe network",
        "postalcode",
        "overview",
        "banned",
        "malicious",
        "duration cuckoo",
        "version file",
        "machine label",
        "manager",
        "malware config",
        "type emotet",
        "jenny",
        "esmtp",
        "adumitriu",
        "xagvyej",
        "jenny green",
        "subject",
        "hello",
        "kind",
        "gsd support",
        "drops",
        "internet",
        "http",
        "performs dns",
        "yara",
        "t1055 process",
        "persistence",
        "emotet",
        "02025",
        "apple",
        "enterprise",
        "united",
        "traces back to usa",
        "bankers trojan"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1018",
          "name": "Remote System Discovery",
          "display_name": "T1018 - Remote System Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "IPv4": 194,
        "CIDR": 63,
        "FileHash-MD5": 397,
        "FileHash-SHA1": 112,
        "FileHash-SHA256": 506,
        "URL": 500,
        "domain": 152,
        "email": 19,
        "hostname": 624,
        "CVE": 1,
        "IPv6": 53,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 2623,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "8 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a10b5eb25a8421d03c37021",
      "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
      "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
      "modified": "2026-05-22T20:00:43.360000",
      "created": "2026-05-22T20:00:43.360000",
      "tags": [
        "table",
        "postfix",
        "eest",
        "tbody",
        "span",
        "deliveredto",
        "bayesspam",
        "fromeqenvfrom",
        "fromhasdn",
        "ipreputation",
        "date",
        "title",
        "nextron",
        "word",
        "file type",
        "ascii text",
        "crlf line",
        "sigma",
        "mitre attack",
        "network info",
        "dropped info",
        "use short",
        "name path",
        "windows folder",
        "next",
        "kyiv registrant",
        "country",
        "server",
        "hosting ukraine",
        "registrar",
        "kyiv",
        "query time",
        "uaepp name",
        "internet invest",
        "whois privacy",
        "domain name",
        "thumbprint",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cus olet",
        "encrypt cnr13",
        "validity",
        "subject public",
        "key info",
        "key algorithm",
        "x509v3 key",
        "encrypt cnr11",
        "encrypt cnr10",
        "encrypt cnr3",
        "aaaa",
        "utf8",
        "rsapss",
        "sha256",
        "esmtps id",
        "e41f26401ec",
        "office",
        "esmtps",
        "https",
        "creates",
        "tls version",
        "dbe4b640081",
        "esmtp id",
        "ebe855402e7",
        "system number",
        "label hosting",
        "ukraine ltd",
        "registry ripe",
        "ncc country",
        "ua continent",
        "handle",
        "address range",
        "cidr",
        "network name",
        "type",
        "assigned pa",
        "status",
        "whois server",
        "po box",
        "kiev",
        "ukraine adminc",
        "ripe",
        "filtered route",
        "default",
        "shell folders",
        "inprocserver32",
        "parent pid",
        "full path",
        "command line",
        "cname",
        "folders",
        "accept",
        "gmt ifnonematch",
        "shutdown",
        "config",
        "contact domain",
        "holder",
        "available from",
        "kiev region",
        "code",
        "llc admin",
        "icann whois",
        "registry tech",
        "form",
        "tech",
        "ripe ncc",
        "as200000 city",
        "abuse contact",
        "orgid",
        "address",
        "orgabuseref",
        "ripe network",
        "postalcode",
        "overview",
        "banned",
        "malicious",
        "duration cuckoo",
        "version file",
        "machine label",
        "manager",
        "malware config",
        "type emotet",
        "jenny",
        "esmtp",
        "adumitriu",
        "xagvyej",
        "jenny green",
        "subject",
        "hello",
        "kind",
        "gsd support",
        "drops",
        "internet",
        "http",
        "performs dns",
        "yara",
        "t1055 process",
        "persistence",
        "emotet",
        "02025",
        "apple",
        "enterprise",
        "united",
        "traces back to usa",
        "bankers trojan"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1018",
          "name": "Remote System Discovery",
          "display_name": "T1018 - Remote System Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "IPv4": 194,
        "CIDR": 63,
        "FileHash-MD5": 397,
        "FileHash-SHA1": 112,
        "FileHash-SHA256": 506,
        "URL": 500,
        "domain": 152,
        "email": 19,
        "hostname": 624,
        "CVE": 1,
        "IPv6": 53,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 2623,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "8 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a10b5eae1aa45c197c5f4cd",
      "name": "Full Circle: The Banking Trojan | Wiper | Emotet * CAPE Sandbox",
      "description": "[It was supposed to be a simple question, but it turns out the question is more of a Q for the rest of the year: is it really possible to do it all on a computer?] As evidenced by another researcher I am validating their findings, \"\t\nuserlolxxl has commented on one of your pulses (\"don't save her\" a continued message * CAPE Sandbox).\nhttps://www.virustotal.com/gui/file/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5/behavior][https://www.virustotal.com/gui/domain/dvtec2.com.ua/relations, communicating files mail server domain mail[.]dvtec2[.]com[.]ua resolves https://www.virustotal.com/gui/ip-address/185.104.44.17/relations\"",
      "modified": "2026-05-22T20:00:42.869000",
      "created": "2026-05-22T20:00:42.869000",
      "tags": [
        "table",
        "postfix",
        "eest",
        "tbody",
        "span",
        "deliveredto",
        "bayesspam",
        "fromeqenvfrom",
        "fromhasdn",
        "ipreputation",
        "date",
        "title",
        "nextron",
        "word",
        "file type",
        "ascii text",
        "crlf line",
        "sigma",
        "mitre attack",
        "network info",
        "dropped info",
        "use short",
        "name path",
        "windows folder",
        "next",
        "kyiv registrant",
        "country",
        "server",
        "hosting ukraine",
        "registrar",
        "kyiv",
        "query time",
        "uaepp name",
        "internet invest",
        "whois privacy",
        "domain name",
        "thumbprint",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cus olet",
        "encrypt cnr13",
        "validity",
        "subject public",
        "key info",
        "key algorithm",
        "x509v3 key",
        "encrypt cnr11",
        "encrypt cnr10",
        "encrypt cnr3",
        "aaaa",
        "utf8",
        "rsapss",
        "sha256",
        "esmtps id",
        "e41f26401ec",
        "office",
        "esmtps",
        "https",
        "creates",
        "tls version",
        "dbe4b640081",
        "esmtp id",
        "ebe855402e7",
        "system number",
        "label hosting",
        "ukraine ltd",
        "registry ripe",
        "ncc country",
        "ua continent",
        "handle",
        "address range",
        "cidr",
        "network name",
        "type",
        "assigned pa",
        "status",
        "whois server",
        "po box",
        "kiev",
        "ukraine adminc",
        "ripe",
        "filtered route",
        "default",
        "shell folders",
        "inprocserver32",
        "parent pid",
        "full path",
        "command line",
        "cname",
        "folders",
        "accept",
        "gmt ifnonematch",
        "shutdown",
        "config",
        "contact domain",
        "holder",
        "available from",
        "kiev region",
        "code",
        "llc admin",
        "icann whois",
        "registry tech",
        "form",
        "tech",
        "ripe ncc",
        "as200000 city",
        "abuse contact",
        "orgid",
        "address",
        "orgabuseref",
        "ripe network",
        "postalcode",
        "overview",
        "banned",
        "malicious",
        "duration cuckoo",
        "version file",
        "machine label",
        "manager",
        "malware config",
        "type emotet",
        "jenny",
        "esmtp",
        "adumitriu",
        "xagvyej",
        "jenny green",
        "subject",
        "hello",
        "kind",
        "gsd support",
        "drops",
        "internet",
        "http",
        "performs dns",
        "yara",
        "t1055 process",
        "persistence",
        "emotet",
        "02025",
        "apple",
        "enterprise",
        "united",
        "traces back to usa",
        "bankers trojan"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476594&Signature=fzxKLlFs1nX8XZjUhCUYy%2FXq%2BwKSl9us6JE%2B6ybuD2FB%2FYxHrjhDmT9VA5jX2vGWh725B%2BnYbuerqS9lI%2F8VsqMEVyltTKup7tinRnxTlmAkvdR11q1URUz8G4eG2JBbqZQskKhGuyGFFaYcsd8HNCN0TciN%2FtnC7U6zsNLv5liPDSKcVQz%2BS8G%2BQgyKgUkFiDUzhh%2Bx3JmKYfMY%2BuATVgXkEO7tY5iUxWbeFaRQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/0005c1a0f0dd0df76abbabf5f3f9303e46639dc29181b907388cf95a919bfdc5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779476914&Signature=X%2BOI3H%2FhLCU6Z%2F1GBGeuHFZRK3ck%2F3ttuukxC9jkM6ChhfbI%2FA1B8wEWIwO3h96ZxdDqMrsNjxYMiLiR6opmt04q6bXr19bw%2FpyqffAlGgyH54NTOd4W4V3vDgDFVAGlgpSWKilpUvZBouT8vWgFh5nQFhBU6V20hA57B%2Fhmh1Aq%2BUqGFi7L8FIinUhUSZqM3dbGkPkOTDCHk8XXTVOTXYm9fdX11WaxFSstQhydC32aNVttDxddQq",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478165&Signature=xvYPy6urLZRp%2FNUIglcpTZ0dKgiAf0xVeGpcDY6QnttpRbDj60kaBIj%2BlQ7gSNFBABi4TsYhQ8Oab6Veo9YSujwQeYnWD6EOnRArLf%2FJCOinlHjRbeW9JhWDB88Ep9ubdyeX9iEzaVYcrgTM9gbJMkTbkLw8SXIYr6IZjL3FPomuELP3w937ZduHHsp04xawdI7LB9VKdH%2Fywmv9qcB5YW3f0xJLO%2B5T2QElaJl99Lq5rur58jp%",
        "https://vtbehaviour.commondatastorage.googleapis.com/630e1dd423feb4af15dacd299d62785b95c7d5035c8b3421063dfce922a2fd3b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478206&Signature=j5W%2BdnmxSjHb3p%2Fg07hockdh4i4KExiX%2FnH9QUCkDbubyww3fKH9eP9kFH3nJ%2BawxWsOUhJj4%2BK9j6gRYzKC%2FR0WWMAh6e6jfYuX26XMp1YZZqTNXEnZfkvNdGRN5Cka6vw57ZRuZcN%2BCL5FaWGOrPxDwpMzTsh9Qo62wyFdNSi%2FiXChrlAlXWNf7zMEV1Pyfp%2B8Q8m7BtO4npImTE4W3Mik%2FSSPXkSvtAFoKMGLDY0%2BCF%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/4a1710a2798d32efeec6831d8aab90c7f248c65f42d8208dfef211a36152df39_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779478277&Signature=MLz456A289G%2BL07AgpxPfSqG9o6bArnbv7TO4RSMxDAOpOYj4dOVr48Tcm2d7Uv2429ql9Wlgf4JwzE4Ab9wl16mpS13NSJDrZcQbiWKRpE2daAEIHiZIz%2FlxToDBcP3eZl1Hsqps3RXbdJc%2F%2BwHvZ86Wme%2FTqyG5y27%2FgeyLVtaIvt0eXe55FZ1%2BjcTjndNa%2BAa%2BwACuCLG2n030oy6OeHYN1rkEnmnJecXAw51WwAn",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479129&Signature=FkFNyP2vyo5CfTsAq%2BFvrqCMz2bhYkLSlPGBx3U4BCYuvFwMleBhKHrwbpAcEBUML9jIH%2Bg0AxpTZvAiH6CarH4VLy%2BALlnGPb%2F9fqaMkIAlB%2BZREYxsg%2BdNyt0adKXcvsmrcg6H9RespamRZ8V4PFToZjDPps%2FwEzX081rrnFZgikang831fP1Lf5uv4nVUxYnyWDDVkytRx9fFZIYCB5Q37uK5gnHXswTv9%2FDpDkRxtS",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479661&Signature=XqRv2dzr0tVvYKb8bAfMslLVj5uKfyYWhdnIAajfxfM%2Fu6tzv%2FBNmjzhkDX9tpotmvIQG4QIBqM3loowGjcPDcordUF%2Fy0nuaZ%2B4jJd202wWTq0PM2TpeY%2BoKbqFTr0%2FV1woinEUz3D%2FwgJAw7Y1XtsOWfjKby%2BuMDgS%2BMFayvLhA9TZtoLS48uZnjLiespOuIE2IkvuZhZnkx6PHt4cZeZ1SAxeSuFoDQEhovtA%2FI%2FBxYiD",
        "https://vtbehaviour.commondatastorage.googleapis.com/0004798a5b6d5acda9800dd63873e148c69a309fb275835c429c149e9291ebb0_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479619&Signature=WpCRMDToBbPACvuqYzQGmlMg%2FCkBnFTggqFGmmHaglzN9je5VnjDj30wCq7SSw8SWLscjkCPrfuD0EkYJ1xfXntJlcl9KGGr9jNB4fQXuEEUiE8yj6v4SfACfYhIMlNi0o9CaPCfIxb6jUfMN0WYJVqhLqCq94ITVIzKXxwLwX9TrDoUTaKE11foz4kq9Nu6aN7N%2Fi1VAbrEfS97t1E3b6aKXBvTBJ044lERzuMh0QVmYirWkUgeK3h5qu",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479748&Signature=bmCNstJ9sHQgsE7ftRhH0aIPUmBBHkP2qQ3rHVpByPWgffnrKG52ag1t9RW3%2FetCVEJOqM7QIcRAmh2I%2FKAe9kYjPuhl2PVAXTMHY5HnJO1JMOSKNlqLkhdHaCne1MWQgI3tQyu4o1WsLFozD6GltOMnKU0HtbToD%2BlbPwr6Tgfg30chrrVniGrmRioP6BcmXUHwIHVqrZMTvxE16%2BqF3jilzlc%2F6%2BD4By7PNkd0GYCgQ4il2L",
        "https://vtbehaviour.commondatastorage.googleapis.com/07189d16eb2fb450654c56bf99f8e74d3837872d805e2ef6ec0fa2ad0186d57b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779479907&Signature=iueIcUDv9RIYkBRQtii5Jfuv%2BeG9yJAR5YXQn2gInk3FCxuCJZ%2B13LeDjwijF7yPbTVrC1wNPnJ%2FVbq1cmlXyNO8tlv%2B8elIQFS54gR8nAVRGN4LU1dNoeO32%2FO66F3pXxP0eqqMU%2FQP3gtxgj1DgdO30ZFIiCgg%2Fg9D%2FSKKj5Xv2mPG46PvAmIwtW3nOKCQG90FTtbSkmUqlKz3F8OM0vxczYYlKKqT9NEwz9wpPFDE2cfWdMv0ir"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1018",
          "name": "Remote System Discovery",
          "display_name": "T1018 - Remote System Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "IPv4": 194,
        "CIDR": 63,
        "FileHash-MD5": 397,
        "FileHash-SHA1": 112,
        "FileHash-SHA256": 506,
        "URL": 500,
        "domain": 152,
        "email": 19,
        "hostname": 624,
        "CVE": 1,
        "IPv6": 53,
        "Mutex": 1,
        "URI": 1
      },
      "indicator_count": 2623,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "8 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0f2fff74afb88c843c8e2",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
      "modified": "2026-05-04T11:07:34.307000",
      "created": "2026-04-04T11:16:15.970000",
      "tags": [
        "log id",
        "gmtn",
        "digicert global",
        "g2 tls",
        "rsa sha256",
        "tls web",
        "full name",
        "digicert inc",
        "florida",
        "terrace",
        "path",
        "false",
        "linkedin",
        "scituate",
        "town",
        "location",
        "plymouth",
        "view erica",
        "souris",
        "erica souris",
        "souris al",
        "erica og",
        "iframe tags",
        "google tag",
        "manager",
        "status code",
        "body length",
        "kb body"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 298,
        "FileHash-SHA256": 602,
        "SSLCertFingerprint": 2,
        "hostname": 278,
        "URL": 441,
        "domain": 106,
        "FileHash-SHA1": 29,
        "email": 1,
        "CVE": 1
      },
      "indicator_count": 1758,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0f3013ab8f8fb20d6f6cc",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "A security alert for the Verizon Hanover cell phone store in Massachusetts has been triggered by a \"pulses\" created on the site by its owner, the company's parent company, Verizon.><<about time.",
      "modified": "2026-05-04T11:07:34.307000",
      "created": "2026-04-04T11:16:17.251000",
      "tags": [
        "log id",
        "gmtn",
        "digicert global",
        "g2 tls",
        "rsa sha256",
        "tls web",
        "full name",
        "digicert inc",
        "florida",
        "terrace",
        "path",
        "false",
        "linkedin",
        "scituate",
        "town",
        "location",
        "plymouth",
        "view erica",
        "souris",
        "erica souris",
        "souris al",
        "erica og",
        "iframe tags",
        "google tag",
        "manager",
        "status code",
        "body length",
        "kb body"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 298,
        "FileHash-SHA256": 602,
        "SSLCertFingerprint": 2,
        "hostname": 278,
        "URL": 441,
        "domain": 106,
        "FileHash-SHA1": 29,
        "email": 1,
        "CVE": 1
      },
      "indicator_count": 1758,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 68,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec10ab26722b8dbd382",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-05-04T09:07:45.626000",
      "created": "2026-04-04T09:49:52.991000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1
      },
      "indicator_count": 1856,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec2efedd87c3a05cc10",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-05-04T09:07:45.626000",
      "created": "2026-04-04T09:49:54.810000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1
      },
      "indicator_count": 1856,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0dec535ae0f94d37ccefb",
      "name": "VirusTotal report\n                    for report.eml",
      "description": "The full text of the full report on Csp-report, which will be published in 2026, has been published on the website of Google.com, the firm that owns the search engine>>>> abuse of power",
      "modified": "2026-05-04T09:07:45.626000",
      "created": "2026-04-04T09:49:57.171000",
      "tags": [
        "non dsp",
        "cor cura",
        "cookie",
        "dynamic",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "gz6mbt0grch",
        "utc ua743607001",
        "acceptencoding",
        "toggle",
        "nxdomain",
        "windows",
        "analysis",
        "files mitre",
        "xe9xaf",
        "jyx9611xb1",
        "xe3xfcxfexabe",
        "source source",
        "file name",
        "strings",
        "first",
        "path",
        "enterprise",
        "service",
        "close",
        "richard massina",
        "rocketreach",
        "email",
        "phone number",
        "clifford",
        "kenny",
        "llp associate",
        "get richard",
        "massina",
        "information og",
        "file type",
        "sigma",
        "united",
        "https",
        "mitre attack",
        "network info",
        "windows folder",
        "office macro",
        "creates",
        "office outbound",
        "phishing",
        "malicious",
        "next",
        "settings",
        "first counter",
        "default",
        "inprocserver32",
        "inprochandler32",
        "mbisslshort",
        "bearer",
        "cname",
        "mwdb",
        "bazaar",
        "bridge",
        "info",
        "accept",
        "date",
        "agent",
        "shutdown",
        "root",
        "secchuamodel",
        "excellent",
        "windows sandbox",
        "calls process",
        "hull times",
        "carol britton",
        "meyer",
        "kenny law",
        "town counsel",
        "james lampke",
        "june",
        "hiring",
        "performs dns",
        "urls",
        "found",
        "belgium",
        "processes extra",
        "t1055 process",
        "script",
        "hull",
        "head",
        "title",
        "nothing",
        "file execution",
        "error",
        "parent pid",
        "full path",
        "command line",
        "registry keys",
        "error reporting",
        "registrya",
        "localsm0504064"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294585&Signature=AiwHrxQG29SI8a31irV4dLtsG8ZrFGJEr6fs%2BRrqi8pGFUV4vyAhN5ojGIFqHXwyboStPTczrsFw58d2k9jvnQVO%2FOejBE7gnCMr3LfPk%2FWzNPo91GeB0LejkpFqYHfNYclItOZ2DMtVJVETSl7W%2BI%2BeXrp2yY550i0cNxjgQQuh2VP89ZTciLvtPrwiOimldyszdN9nPyvg4YCCFedqDFw43RWY6iRxkp9QlLMxwlGr4mRnQE79%",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294708&Signature=o%2Bv9PSmG5OUcRvq9CRjSf%2Fbrwygq5PC%2FIsSCmchPVmWeCG29JPa8wmqekjGOn1ZF1mBQOgFzwIg%2B1adIQOkjuGxr3R%2BYojBmrnxa57tRTMUzJGpfbM4eZ1tMfthD2m%2BZlMzGONh0fYAfGCZifJFhlNRe4vvW9HIhXiXyFL8u0Ba3WEAhX8bMm8vjGEfRRwy829vHqyszf15Vj6KJz5uHYYhg8%2BU9ZPEBL8nc2TD08zv3i8vggudk7F9x",
        "https://vtbehaviour.commondatastorage.googleapis.com/5fdb5bffef52d84d2621f8b5fc357a235db152b3cca4bd0eb848f8aba2f59574_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775294759&Signature=mGlPvn1FqfTNp6h5HQVACkGKlPNvV6MjgprLTJSS1nECbbus7K4lnSfE1kyxH0KO4D%2FqkChrgjxQFb9jGA0OvBOYkqQzmymBMe4LDVEkG7ROUZFnGwlaCHEFxYrP4R%2FTJt%2FAK2lP%2FCRhWJjhxPChq5fN%2BL7DcqgCfRQXQhGPoEdDxsUliwznSEmJucut9dlrBUFoWxJppc7dnf%2BG1Vg560BjMlBiSya3yKiqZju6L%2BtmZEbA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295109&Signature=ER9bwT7bZVOczjY2zwfcyVstYuepcZ%2BcYNRbY6iEvfgqSgoj4LzSscvE15RcCn5hwhJIWVW3x87BxFZwSoCCeOb0bz5jragOFnehYWBRNnRlCbxpug1HnBoppu0FUW4VIhZblbViBzBMvTIoMmK%2BbALZEXZ9UkVKTetOaaabYU3EFHmGcTXyoCa6AUJCWsb6TvKYEnc%2Bh3bA2Q0QBDxs%2Boic8smNVwx%2BRxmRR1fZWYJO4%",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295293&Signature=DdcEXIvyAEeGuBt%2Bi%2BrIQ%2BwAsA3OUEIVlwFpouK%2BFNpWmeiOLlRUVhV894E%2F2hBgEtZ4M5AYUrENKi6fmtnzxDdS1z0cIJm97azyFboiv7MJypgRT5r0FKUI26wRYrdndqQSoGx0NlXz4qGCwHWoeUq8kcUTQGGzabihHjhuNESllxlUD9CRTlcRdoFUPmt3zDzg%2BhK0iOHc6MktlQigbQcYmhbyJnhyDFHrndVF59TRFoup5siG35Bh7r",
        "https://vtbehaviour.commondatastorage.googleapis.com/3304b08c831d02c887710bcded0f5d628c94e860822a739aed2602cd0affcb31_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295326&Signature=k1fPUbPf5dSVFGBgjZdipKzgbSBOBbw1Kfe%2BrmACUC%2BJTOZ5%2FTvgETSvmMSWA2V5FSJcs279kO9RR4ifVgP4xWlLA0%2BmC%2F5IWKN1xoMjtSgOmUdiSCDGDllrwlLGD%2FLVNqA0SbHuTVwDjj%2FfST7dXCu9iO9Q1Sg%2F06d9nGOtLtOOadRMrR6A7lUFhg%2Bez5C6iL9HIqhmU55tiD5g496Aa31X7e0reuCO3ac6lV4adxDC",
        "https://vtbehaviour.commondatastorage.googleapis.com/3c7b5fbbe5796e6e299266c8bcebde3c872e29ac28c2542065f093647545160f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775295393&Signature=JtOgjkWQM%2Bz67YdmZ77hLVquFe4mqzCbIFTEM3paQOO05tT%2BWnu5tvrUKryfhaQifyq7NKcDLAmGQyd4aH3ura5cY9xv7BWoonWPaJTCE0IfSq9Bs1yzphYmg8AKRCgSokoXMPVBMcCSrDGpHD%2F5P1cEO%2BoZmG%2BzY47LGeks8XOKHvMPrayt%2Bm9r%2F16FodqJOF96sgUrX8x6MNWqId8UqE2gWmI8TtXJrNMSXxip6Fh7Hmi3"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1571",
          "name": "Non-Standard Port",
          "display_name": "T1571 - Non-Standard Port"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 407,
        "domain": 195,
        "hostname": 309,
        "FileHash-SHA256": 607,
        "FileHash-MD5": 306,
        "FileHash-SHA1": 31,
        "email": 1
      },
      "indicator_count": 1856,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "26 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://roaming.svc.cloud.microsoft/rs/v1/settingsFrequency",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://roaming.svc.cloud.microsoft/rs/v1/settingsFrequency",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780211802.0395367
}