{
  "type": "URL",
  "indicator": "https://samiskvgs.eduvpn.no/",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://samiskvgs.eduvpn.no/",
    "type": "url",
    "type_title": "URL",
    "validation": [],
    "base_indicator": {
      "id": 4372024445,
      "indicator": "https://samiskvgs.eduvpn.no/",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 4,
      "pulses": [
        {
          "id": "6a103de1e71756a0b58ce416",
          "name": "secret camera * VirusTotal Windows Sandbox",
          "description": "[100s of thousands of people have signed a petition calling for an end to the use of the word \"sex\" in the wake of a fatal accident in London's West Bromwich, which left 11 people dead]<what is this?",
          "modified": "2026-05-22T12:27:31.937000",
          "created": "2026-05-22T11:28:33.791000",
          "tags": [
            "windows sandbox",
            "clear filters",
            "file type",
            "ascii text",
            "pe file",
            "https",
            "ms windows",
            "svg scalable",
            "vector graphics",
            "elite",
            "tls version",
            "unicode text",
            "persistence",
            "malicious",
            "next",
            "default",
            "parent pid",
            "full path",
            "command line",
            "inprocserver32",
            "data",
            "datacrashpad",
            "k localservice",
            "s ngcsvc",
            "s ngcctnrsvc",
            "windir",
            "registry",
            "basic",
            "file name",
            "pe32 executable",
            "intel",
            "file size",
            "sha1",
            "files mitre",
            "windows user",
            "account control",
            "windows",
            "forms",
            "source source",
            "command",
            "enterprise",
            "close",
            "strong",
            "library",
            "address virtual",
            "none rticon",
            "cname",
            "mwdb",
            "bazaar",
            "sha3384",
            "accept",
            "tofsee",
            "shutdown",
            "stream",
            "string id",
            "x5173x95ed",
            "control",
            "wixbundlename",
            "x53d6x6d88",
            "copyright",
            "width",
            "height",
            "helptext",
            "repair",
            "calls process",
            "Camera",
            "Spyware",
            "illegal",
            "test recall",
            "test recall task 5/12/25"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/88819f8dbc43e0609fbc6f6a1a9fb2740512b8e1e0f2d9e92926c31b8a11d446_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447466&Signature=nXchQzhNktG26CNrpPC2%2FRBVk5CXbCQ6xUNenWVvnvY2n5P71FF7HHw01QiPu3iGSvBSzqmHiB9HByI%2FJgWTdhqYvc9LZy0rI61W0%2FTNVhSNdb1omKNcCW1ikL2n7eR9BFV1ygPOAPnexLqjbK35hzq40mysRVPCVBcmrjs7NkxUh9nHkwmtOOR3Lz5NsYgdUX2AMqykR9pVoyTLy7tkl5Ap9keTZlEoE2RrK6MTO9HBhYPJD%2",
            "https://vtbehaviour.commondatastorage.googleapis.com/99bde29b5d7f5522c0452c95899f63a0cc99a465b516f7eb2980d519fe5a478c_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447513&Signature=vT05qRgkqzlTQQ09TU4VC1ZL9bRV9J6Tgx%2BLYi1Yop0ggmMd9LT5iNFG2AQr%2FZH%2F0pMgqHAgZy%2BRwWUtDV1qO5eBxL%2B8mGzJDZilm%2BhP3%2B%2BKQu%2F76vg8GcDLdxu%2FeLmkj8Dhp9pN4i2cytkeH5zr%2BRHZBvK4uQ47n1zLtlGUSsJ7YXGw%2BWQFVRvu%2B%2B11Jh1PF6x4jF%2B3IbYQ5CZcGLoGbo0PGkN",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448055&Signature=Oo2OUSuLUWDZOZGoPlCv1tD%2FynOTQPpGUV9I%2FgvLt4ZafLu6Vnt%2FoOXLJA9nFZPH5AiUv%2FWd4huRf8%2BPiUQcGMkSOOYn3mJHyE2t6wNKj1BDNjEJ0ozgBjkzBrZ62UZn4p34YCFKx1mj%2BrH75IoSHpRUfJYvgHnJhElGEMhrJc7ieH0I%2FNpcLuxSy9sfujNonmjwsQj9ZWnkGvLPpmiljGhJIomaUZ6GITQcz6QqbInrBN3nHX6mGGk4",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448087&Signature=zly9PmlRQWb4KS0rNwSC6GG0MNzjm7KFDjr%2B%2Few6J4vqKF%2FJhJnnrYPcE0jJDw2QNhVbkyk0ZP2AmxrgmnTVhLcFijlR18xS82aHK99JxYTYDkmlFMr4U3ENyb3KVWsT%2BCuRbwN66pmHE4sdf33jQRi4ZUPxLJwtnLmhmpds%2BM38I%2Fv7pfRhbp7OYurf%2BJ0%2FQT2bwsg7sZEjDUQJ7HSqjOP8unxpFfBHNwC4wr9qawvlz8",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_VenusEye%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448113&Signature=HGVwYzpWE71%2BbcncRqOn%2BGkFdoAcM0zUAWI1eJD1jsHDcrJKlqO9M0XORZQA5YJxAW65VvTW9omuEH7SypRLJu1W0P3VYs46P7H4Dz1TsNoaNKYhhqpYfKql%2BYbpF7jIqwNfYdG5Uya0aqcIeI7Wx22%2BpByMhnrECSPxpU6wII3hOhgINOcc1mqsMEFfCB4fd%2F3zvfmJ7Rc5HiEea5Qx%2Fm7tB7DjImzqZFtSAQh6qFcSNN",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448247&Signature=KaOoC8k1CwemdPniC2jnlheSiP5jHQwh83WcgjNWDujHQ8F6N7qW1Q3lVUf%2FBjEofHhKuYofMNOHzuLgXjiq%2F4ie2jeMJ2kiAYHGeUvc8RFAO28YMWxIJPmcTSCLcxaOQNbzOOtMF2DO6%2Fw9IodVAr1Yv3SgvamznVqYCu5Din1Q7C0hAc68dxqEbYxXnk9hekwNuVZf81kyLJEmJbSWOxr0ONyt6e7qhV07xe4C1TIJXe%2BH6Zkc8Jp",
            "https://vtbehaviour.commondatastorage.googleapis.com/3fe3b0bc7ca7ec4d23c1cd7c07d5cdf9cb3463beb18cd58e2501150d343d0851_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448581&Signature=u1m6X7g3%2B46ZDMb0IvTTp%2FbBxgM9iZvfcHnyyGsaqQA%2BxHuw9ZcqfIkIme3jx7%2BblFBuowZqDr1PbGP28vbxcZhaskjIn3w04QkzN%2F6EWbNlPvabmBH3M0F%2FhfTEM8ayozqby2SPWv6azOEd%2FS3MXYnUsOzgOpSh1uIk0iduf4w1ePo4yJAdHv7fc0AUGPzRmssC0jpjqXzao%2F0qbg1JRMMBq0edJZqYiws6vIf%2B2d9O",
            "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449270&Signature=y5dmd%2Br9iDNaXftiyxWZe5cWdAiIpA4H9u6vCT%2FdvFUKL7WV7S2HOKzRyETdhPd%2BF%2FoG5DQwjiN8Yvi10oC6iRsDQY6lbl34%2BOoaljXY4sg13Yyq9v9MMC5DrVBiOta4mYQFQL240y55PVUqOeWoTlaCvh9aA8Mn2iw5ITNNXJVpckpc9C37%2FxyFz8zFSmDEzj3pB2pggacPF34xQm4NB4hDB9ssqGeTsAbv41aOUu4XRV2pyMo9E0xtK2",
            "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449323&Signature=QsivAArVUulKH5N9EOkYOICShe0hR8W0UFhFsPq6t2rlRIdIvciMDBQZ4ooTbp7TpacdxQgFF%2Bi5tH9LdqhGhhF5JPkquaQ5Twm8UjTLbiV4v0PAECarE7LnIShAtYF1LNwCZ6BDcQLYYCofAYGAFJnVZjnwztoy32OFI6WldLKbOfNYUmLe2Api5KarnJezGIPSvZLOJLHh9e6ApJk0PwnTupqxWn0JORAZidwNrGjvoBMeb6gtWmgFnwTO",
            "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449382&Signature=GsaicymiUqs49NLqLPAVvf%2Bv2RwudQDEfcp3TeWyX92n2qwqpH9HWCV422PIRfG9GUe5OGbnGO0mIkaCuWs9fgtMTHtoT6o2uIiPZQNhcAL2tWEv22GoGjIhK0MvnOKG1EKRAA9bdlP5tGpvgOM5usOM55tsgbPUQWGsB19CvRAPS6OZ1eIqrdpLiOeAKK2uIGkaOnOkD4njy1e15fQ0BGPY1rMjdenHRZDu9EXv2zfwqLiUNbp%2B"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1033",
              "name": "System Owner/User Discovery",
              "display_name": "T1033 - System Owner/User Discovery"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1496",
              "name": "Resource Hijacking",
              "display_name": "T1496 - Resource Hijacking"
            },
            {
              "id": "T1539",
              "name": "Steal Web Session Cookie",
              "display_name": "T1539 - Steal Web Session Cookie"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1012",
              "name": "Query Registry",
              "display_name": "T1012 - Query Registry"
            },
            {
              "id": "T1485",
              "name": "Data Destruction",
              "display_name": "T1485 - Data Destruction"
            },
            {
              "id": "T1486",
              "name": "Data Encrypted for Impact",
              "display_name": "T1486 - Data Encrypted for Impact"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 4759,
            "hostname": 1513,
            "IPv4": 576,
            "FileHash-MD5": 1418,
            "FileHash-SHA1": 1413,
            "domain": 1263,
            "URL": 1550,
            "email": 27,
            "IPv6": 8,
            "CVE": 5
          },
          "indicator_count": 12532,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "9 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a0fde205095bd98f11dcd2e",
          "name": "Research part 2 * CAPE Sandbox",
          "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].",
          "modified": "2026-05-22T04:40:00.363000",
          "created": "2026-05-22T04:40:00.363000",
          "tags": [
            "new roman",
            "hebrew",
            "arabic",
            "vietnamese",
            "greek",
            "baltic",
            "times new",
            "roman",
            "calibri",
            "light",
            "default",
            "strong",
            "cname",
            "file type",
            "file size",
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "virtual address",
            "accept",
            "shutdown",
            "guard",
            "pe file",
            "windows",
            "sample",
            "reads",
            "performs dns",
            "network info",
            "processes extra",
            "pe32",
            "intel",
            "delphi",
            "code",
            "persistence",
            "malicious",
            "next",
            "member",
            "p11778505315",
            "p2404",
            "host",
            "library",
            "thrown",
            "class",
            "null",
            "example",
            "loop",
            "syst",
            "none rticon",
            "address virtual",
            "sha1",
            "locale",
            "download"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC",
            "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni",
            "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko",
            "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL",
            "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1033",
              "name": "System Owner/User Discovery",
              "display_name": "T1033 - System Owner/User Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1047",
              "name": "Windows Management Instrumentation",
              "display_name": "T1047 - Windows Management Instrumentation"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1074",
              "name": "Data Staged",
              "display_name": "T1074 - Data Staged"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1090",
              "name": "Proxy",
              "display_name": "T1090 - Proxy"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1485",
              "name": "Data Destruction",
              "display_name": "T1485 - Data Destruction"
            },
            {
              "id": "T1486",
              "name": "Data Encrypted for Impact",
              "display_name": "T1486 - Data Encrypted for Impact"
            },
            {
              "id": "T1496",
              "name": "Resource Hijacking",
              "display_name": "T1496 - Resource Hijacking"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1548",
              "name": "Abuse Elevation Control Mechanism",
              "display_name": "T1548 - Abuse Elevation Control Mechanism"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1014",
              "name": "Rootkit",
              "display_name": "T1014 - Rootkit"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1539",
              "name": "Steal Web Session Cookie",
              "display_name": "T1539 - Steal Web Session Cookie"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 365,
            "FileHash-SHA1": 113,
            "FileHash-SHA256": 302,
            "IPv4": 324,
            "URL": 261,
            "domain": 214,
            "hostname": 464
          },
          "indicator_count": 2043,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "9 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a0fde1e9d38578f83f2f07a",
          "name": "Research part 2 * CAPE Sandbox",
          "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].",
          "modified": "2026-05-22T04:39:58.097000",
          "created": "2026-05-22T04:39:58.097000",
          "tags": [
            "new roman",
            "hebrew",
            "arabic",
            "vietnamese",
            "greek",
            "baltic",
            "times new",
            "roman",
            "calibri",
            "light",
            "default",
            "strong",
            "cname",
            "file type",
            "file size",
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "virtual address",
            "accept",
            "shutdown",
            "guard",
            "pe file",
            "windows",
            "sample",
            "reads",
            "performs dns",
            "network info",
            "processes extra",
            "pe32",
            "intel",
            "delphi",
            "code",
            "persistence",
            "malicious",
            "next",
            "member",
            "p11778505315",
            "p2404",
            "host",
            "library",
            "thrown",
            "class",
            "null",
            "example",
            "loop",
            "syst",
            "none rticon",
            "address virtual",
            "sha1",
            "locale",
            "download"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC",
            "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni",
            "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko",
            "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL",
            "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1033",
              "name": "System Owner/User Discovery",
              "display_name": "T1033 - System Owner/User Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1047",
              "name": "Windows Management Instrumentation",
              "display_name": "T1047 - Windows Management Instrumentation"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1074",
              "name": "Data Staged",
              "display_name": "T1074 - Data Staged"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1090",
              "name": "Proxy",
              "display_name": "T1090 - Proxy"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1485",
              "name": "Data Destruction",
              "display_name": "T1485 - Data Destruction"
            },
            {
              "id": "T1486",
              "name": "Data Encrypted for Impact",
              "display_name": "T1486 - Data Encrypted for Impact"
            },
            {
              "id": "T1496",
              "name": "Resource Hijacking",
              "display_name": "T1496 - Resource Hijacking"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1548",
              "name": "Abuse Elevation Control Mechanism",
              "display_name": "T1548 - Abuse Elevation Control Mechanism"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1014",
              "name": "Rootkit",
              "display_name": "T1014 - Rootkit"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1539",
              "name": "Steal Web Session Cookie",
              "display_name": "T1539 - Steal Web Session Cookie"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 365,
            "FileHash-SHA1": 113,
            "FileHash-SHA256": 302,
            "IPv4": 324,
            "URL": 261,
            "domain": 214,
            "hostname": 464
          },
          "indicator_count": 2043,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "9 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a0fde1b366253c296281156",
          "name": "Research part 2 * CAPE Sandbox",
          "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].",
          "modified": "2026-05-22T04:39:55.100000",
          "created": "2026-05-22T04:39:55.100000",
          "tags": [
            "new roman",
            "hebrew",
            "arabic",
            "vietnamese",
            "greek",
            "baltic",
            "times new",
            "roman",
            "calibri",
            "light",
            "default",
            "strong",
            "cname",
            "file type",
            "file size",
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "virtual address",
            "accept",
            "shutdown",
            "guard",
            "pe file",
            "windows",
            "sample",
            "reads",
            "performs dns",
            "network info",
            "processes extra",
            "pe32",
            "intel",
            "delphi",
            "code",
            "persistence",
            "malicious",
            "next",
            "member",
            "p11778505315",
            "p2404",
            "host",
            "library",
            "thrown",
            "class",
            "null",
            "example",
            "loop",
            "syst",
            "none rticon",
            "address virtual",
            "sha1",
            "locale",
            "download"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC",
            "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni",
            "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko",
            "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL",
            "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1033",
              "name": "System Owner/User Discovery",
              "display_name": "T1033 - System Owner/User Discovery"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1047",
              "name": "Windows Management Instrumentation",
              "display_name": "T1047 - Windows Management Instrumentation"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1074",
              "name": "Data Staged",
              "display_name": "T1074 - Data Staged"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1090",
              "name": "Proxy",
              "display_name": "T1090 - Proxy"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1485",
              "name": "Data Destruction",
              "display_name": "T1485 - Data Destruction"
            },
            {
              "id": "T1486",
              "name": "Data Encrypted for Impact",
              "display_name": "T1486 - Data Encrypted for Impact"
            },
            {
              "id": "T1496",
              "name": "Resource Hijacking",
              "display_name": "T1496 - Resource Hijacking"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1542",
              "name": "Pre-OS Boot",
              "display_name": "T1542 - Pre-OS Boot"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1548",
              "name": "Abuse Elevation Control Mechanism",
              "display_name": "T1548 - Abuse Elevation Control Mechanism"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1568",
              "name": "Dynamic Resolution",
              "display_name": "T1568 - Dynamic Resolution"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1014",
              "name": "Rootkit",
              "display_name": "T1014 - Rootkit"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1539",
              "name": "Steal Web Session Cookie",
              "display_name": "T1539 - Steal Web Session Cookie"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 365,
            "FileHash-SHA1": 113,
            "FileHash-SHA256": 302,
            "IPv4": 324,
            "URL": 261,
            "domain": 214,
            "hostname": 464
          },
          "indicator_count": 2043,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 66,
          "modified_text": "9 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/3fe3b0bc7ca7ec4d23c1cd7c07d5cdf9cb3463beb18cd58e2501150d343d0851_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448581&Signature=u1m6X7g3%2B46ZDMb0IvTTp%2FbBxgM9iZvfcHnyyGsaqQA%2BxHuw9ZcqfIkIme3jx7%2BblFBuowZqDr1PbGP28vbxcZhaskjIn3w04QkzN%2F6EWbNlPvabmBH3M0F%2FhfTEM8ayozqby2SPWv6azOEd%2FS3MXYnUsOzgOpSh1uIk0iduf4w1ePo4yJAdHv7fc0AUGPzRmssC0jpjqXzao%2F0qbg1JRMMBq0edJZqYiws6vIf%2B2d9O",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449323&Signature=QsivAArVUulKH5N9EOkYOICShe0hR8W0UFhFsPq6t2rlRIdIvciMDBQZ4ooTbp7TpacdxQgFF%2Bi5tH9LdqhGhhF5JPkquaQ5Twm8UjTLbiV4v0PAECarE7LnIShAtYF1LNwCZ6BDcQLYYCofAYGAFJnVZjnwztoy32OFI6WldLKbOfNYUmLe2Api5KarnJezGIPSvZLOJLHh9e6ApJk0PwnTupqxWn0JORAZidwNrGjvoBMeb6gtWmgFnwTO",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448247&Signature=KaOoC8k1CwemdPniC2jnlheSiP5jHQwh83WcgjNWDujHQ8F6N7qW1Q3lVUf%2FBjEofHhKuYofMNOHzuLgXjiq%2F4ie2jeMJ2kiAYHGeUvc8RFAO28YMWxIJPmcTSCLcxaOQNbzOOtMF2DO6%2Fw9IodVAr1Yv3SgvamznVqYCu5Din1Q7C0hAc68dxqEbYxXnk9hekwNuVZf81kyLJEmJbSWOxr0ONyt6e7qhV07xe4C1TIJXe%2BH6Zkc8Jp",
        "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448087&Signature=zly9PmlRQWb4KS0rNwSC6GG0MNzjm7KFDjr%2B%2Few6J4vqKF%2FJhJnnrYPcE0jJDw2QNhVbkyk0ZP2AmxrgmnTVhLcFijlR18xS82aHK99JxYTYDkmlFMr4U3ENyb3KVWsT%2BCuRbwN66pmHE4sdf33jQRi4ZUPxLJwtnLmhmpds%2BM38I%2Fv7pfRhbp7OYurf%2BJ0%2FQT2bwsg7sZEjDUQJ7HSqjOP8unxpFfBHNwC4wr9qawvlz8",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448055&Signature=Oo2OUSuLUWDZOZGoPlCv1tD%2FynOTQPpGUV9I%2FgvLt4ZafLu6Vnt%2FoOXLJA9nFZPH5AiUv%2FWd4huRf8%2BPiUQcGMkSOOYn3mJHyE2t6wNKj1BDNjEJ0ozgBjkzBrZ62UZn4p34YCFKx1mj%2BrH75IoSHpRUfJYvgHnJhElGEMhrJc7ieH0I%2FNpcLuxSy9sfujNonmjwsQj9ZWnkGvLPpmiljGhJIomaUZ6GITQcz6QqbInrBN3nHX6mGGk4",
        "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC",
        "https://vtbehaviour.commondatastorage.googleapis.com/99bde29b5d7f5522c0452c95899f63a0cc99a465b516f7eb2980d519fe5a478c_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447513&Signature=vT05qRgkqzlTQQ09TU4VC1ZL9bRV9J6Tgx%2BLYi1Yop0ggmMd9LT5iNFG2AQr%2FZH%2F0pMgqHAgZy%2BRwWUtDV1qO5eBxL%2B8mGzJDZilm%2BhP3%2B%2BKQu%2F76vg8GcDLdxu%2FeLmkj8Dhp9pN4i2cytkeH5zr%2BRHZBvK4uQ47n1zLtlGUSsJ7YXGw%2BWQFVRvu%2B%2B11Jh1PF6x4jF%2B3IbYQ5CZcGLoGbo0PGkN",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_VenusEye%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448113&Signature=HGVwYzpWE71%2BbcncRqOn%2BGkFdoAcM0zUAWI1eJD1jsHDcrJKlqO9M0XORZQA5YJxAW65VvTW9omuEH7SypRLJu1W0P3VYs46P7H4Dz1TsNoaNKYhhqpYfKql%2BYbpF7jIqwNfYdG5Uya0aqcIeI7Wx22%2BpByMhnrECSPxpU6wII3hOhgINOcc1mqsMEFfCB4fd%2F3zvfmJ7Rc5HiEea5Qx%2Fm7tB7DjImzqZFtSAQh6qFcSNN",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449270&Signature=y5dmd%2Br9iDNaXftiyxWZe5cWdAiIpA4H9u6vCT%2FdvFUKL7WV7S2HOKzRyETdhPd%2BF%2FoG5DQwjiN8Yvi10oC6iRsDQY6lbl34%2BOoaljXY4sg13Yyq9v9MMC5DrVBiOta4mYQFQL240y55PVUqOeWoTlaCvh9aA8Mn2iw5ITNNXJVpckpc9C37%2FxyFz8zFSmDEzj3pB2pggacPF34xQm4NB4hDB9ssqGeTsAbv41aOUu4XRV2pyMo9E0xtK2",
        "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449382&Signature=GsaicymiUqs49NLqLPAVvf%2Bv2RwudQDEfcp3TeWyX92n2qwqpH9HWCV422PIRfG9GUe5OGbnGO0mIkaCuWs9fgtMTHtoT6o2uIiPZQNhcAL2tWEv22GoGjIhK0MvnOKG1EKRAA9bdlP5tGpvgOM5usOM55tsgbPUQWGsB19CvRAPS6OZ1eIqrdpLiOeAKK2uIGkaOnOkD4njy1e15fQ0BGPY1rMjdenHRZDu9EXv2zfwqLiUNbp%2B",
        "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL",
        "https://vtbehaviour.commondatastorage.googleapis.com/88819f8dbc43e0609fbc6f6a1a9fb2740512b8e1e0f2d9e92926c31b8a11d446_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447466&Signature=nXchQzhNktG26CNrpPC2%2FRBVk5CXbCQ6xUNenWVvnvY2n5P71FF7HHw01QiPu3iGSvBSzqmHiB9HByI%2FJgWTdhqYvc9LZy0rI61W0%2FTNVhSNdb1omKNcCW1ikL2n7eR9BFV1ygPOAPnexLqjbK35hzq40mysRVPCVBcmrjs7NkxUh9nHkwmtOOR3Lz5NsYgdUX2AMqykR9pVoyTLy7tkl5Ap9keTZlEoE2RrK6MTO9HBhYPJD%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 6267
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/eduvpn.no",
    "whois": "http://whois.domaintools.com/eduvpn.no",
    "domain": "eduvpn.no",
    "hostname": "samiskvgs.eduvpn.no"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 4,
  "pulses": [
    {
      "id": "6a103de1e71756a0b58ce416",
      "name": "secret camera * VirusTotal Windows Sandbox",
      "description": "[100s of thousands of people have signed a petition calling for an end to the use of the word \"sex\" in the wake of a fatal accident in London's West Bromwich, which left 11 people dead]<what is this?",
      "modified": "2026-05-22T12:27:31.937000",
      "created": "2026-05-22T11:28:33.791000",
      "tags": [
        "windows sandbox",
        "clear filters",
        "file type",
        "ascii text",
        "pe file",
        "https",
        "ms windows",
        "svg scalable",
        "vector graphics",
        "elite",
        "tls version",
        "unicode text",
        "persistence",
        "malicious",
        "next",
        "default",
        "parent pid",
        "full path",
        "command line",
        "inprocserver32",
        "data",
        "datacrashpad",
        "k localservice",
        "s ngcsvc",
        "s ngcctnrsvc",
        "windir",
        "registry",
        "basic",
        "file name",
        "pe32 executable",
        "intel",
        "file size",
        "sha1",
        "files mitre",
        "windows user",
        "account control",
        "windows",
        "forms",
        "source source",
        "command",
        "enterprise",
        "close",
        "strong",
        "library",
        "address virtual",
        "none rticon",
        "cname",
        "mwdb",
        "bazaar",
        "sha3384",
        "accept",
        "tofsee",
        "shutdown",
        "stream",
        "string id",
        "x5173x95ed",
        "control",
        "wixbundlename",
        "x53d6x6d88",
        "copyright",
        "width",
        "height",
        "helptext",
        "repair",
        "calls process",
        "Camera",
        "Spyware",
        "illegal",
        "test recall",
        "test recall task 5/12/25"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/88819f8dbc43e0609fbc6f6a1a9fb2740512b8e1e0f2d9e92926c31b8a11d446_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447466&Signature=nXchQzhNktG26CNrpPC2%2FRBVk5CXbCQ6xUNenWVvnvY2n5P71FF7HHw01QiPu3iGSvBSzqmHiB9HByI%2FJgWTdhqYvc9LZy0rI61W0%2FTNVhSNdb1omKNcCW1ikL2n7eR9BFV1ygPOAPnexLqjbK35hzq40mysRVPCVBcmrjs7NkxUh9nHkwmtOOR3Lz5NsYgdUX2AMqykR9pVoyTLy7tkl5Ap9keTZlEoE2RrK6MTO9HBhYPJD%2",
        "https://vtbehaviour.commondatastorage.googleapis.com/99bde29b5d7f5522c0452c95899f63a0cc99a465b516f7eb2980d519fe5a478c_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779447513&Signature=vT05qRgkqzlTQQ09TU4VC1ZL9bRV9J6Tgx%2BLYi1Yop0ggmMd9LT5iNFG2AQr%2FZH%2F0pMgqHAgZy%2BRwWUtDV1qO5eBxL%2B8mGzJDZilm%2BhP3%2B%2BKQu%2F76vg8GcDLdxu%2FeLmkj8Dhp9pN4i2cytkeH5zr%2BRHZBvK4uQ47n1zLtlGUSsJ7YXGw%2BWQFVRvu%2B%2B11Jh1PF6x4jF%2B3IbYQ5CZcGLoGbo0PGkN",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448055&Signature=Oo2OUSuLUWDZOZGoPlCv1tD%2FynOTQPpGUV9I%2FgvLt4ZafLu6Vnt%2FoOXLJA9nFZPH5AiUv%2FWd4huRf8%2BPiUQcGMkSOOYn3mJHyE2t6wNKj1BDNjEJ0ozgBjkzBrZ62UZn4p34YCFKx1mj%2BrH75IoSHpRUfJYvgHnJhElGEMhrJc7ieH0I%2FNpcLuxSy9sfujNonmjwsQj9ZWnkGvLPpmiljGhJIomaUZ6GITQcz6QqbInrBN3nHX6mGGk4",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448087&Signature=zly9PmlRQWb4KS0rNwSC6GG0MNzjm7KFDjr%2B%2Few6J4vqKF%2FJhJnnrYPcE0jJDw2QNhVbkyk0ZP2AmxrgmnTVhLcFijlR18xS82aHK99JxYTYDkmlFMr4U3ENyb3KVWsT%2BCuRbwN66pmHE4sdf33jQRi4ZUPxLJwtnLmhmpds%2BM38I%2Fv7pfRhbp7OYurf%2BJ0%2FQT2bwsg7sZEjDUQJ7HSqjOP8unxpFfBHNwC4wr9qawvlz8",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_VenusEye%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448113&Signature=HGVwYzpWE71%2BbcncRqOn%2BGkFdoAcM0zUAWI1eJD1jsHDcrJKlqO9M0XORZQA5YJxAW65VvTW9omuEH7SypRLJu1W0P3VYs46P7H4Dz1TsNoaNKYhhqpYfKql%2BYbpF7jIqwNfYdG5Uya0aqcIeI7Wx22%2BpByMhnrECSPxpU6wII3hOhgINOcc1mqsMEFfCB4fd%2F3zvfmJ7Rc5HiEea5Qx%2Fm7tB7DjImzqZFtSAQh6qFcSNN",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448247&Signature=KaOoC8k1CwemdPniC2jnlheSiP5jHQwh83WcgjNWDujHQ8F6N7qW1Q3lVUf%2FBjEofHhKuYofMNOHzuLgXjiq%2F4ie2jeMJ2kiAYHGeUvc8RFAO28YMWxIJPmcTSCLcxaOQNbzOOtMF2DO6%2Fw9IodVAr1Yv3SgvamznVqYCu5Din1Q7C0hAc68dxqEbYxXnk9hekwNuVZf81kyLJEmJbSWOxr0ONyt6e7qhV07xe4C1TIJXe%2BH6Zkc8Jp",
        "https://vtbehaviour.commondatastorage.googleapis.com/3fe3b0bc7ca7ec4d23c1cd7c07d5cdf9cb3463beb18cd58e2501150d343d0851_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779448581&Signature=u1m6X7g3%2B46ZDMb0IvTTp%2FbBxgM9iZvfcHnyyGsaqQA%2BxHuw9ZcqfIkIme3jx7%2BblFBuowZqDr1PbGP28vbxcZhaskjIn3w04QkzN%2F6EWbNlPvabmBH3M0F%2FhfTEM8ayozqby2SPWv6azOEd%2FS3MXYnUsOzgOpSh1uIk0iduf4w1ePo4yJAdHv7fc0AUGPzRmssC0jpjqXzao%2F0qbg1JRMMBq0edJZqYiws6vIf%2B2d9O",
        "https://vtbehaviour.commondatastorage.googleapis.com/c6096cb32fc9fe4f9cc789acd6e7710be6efb8703e6f529fc3b21d78781d1fa8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449270&Signature=y5dmd%2Br9iDNaXftiyxWZe5cWdAiIpA4H9u6vCT%2FdvFUKL7WV7S2HOKzRyETdhPd%2BF%2FoG5DQwjiN8Yvi10oC6iRsDQY6lbl34%2BOoaljXY4sg13Yyq9v9MMC5DrVBiOta4mYQFQL240y55PVUqOeWoTlaCvh9aA8Mn2iw5ITNNXJVpckpc9C37%2FxyFz8zFSmDEzj3pB2pggacPF34xQm4NB4hDB9ssqGeTsAbv41aOUu4XRV2pyMo9E0xtK2",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449323&Signature=QsivAArVUulKH5N9EOkYOICShe0hR8W0UFhFsPq6t2rlRIdIvciMDBQZ4ooTbp7TpacdxQgFF%2Bi5tH9LdqhGhhF5JPkquaQ5Twm8UjTLbiV4v0PAECarE7LnIShAtYF1LNwCZ6BDcQLYYCofAYGAFJnVZjnwztoy32OFI6WldLKbOfNYUmLe2Api5KarnJezGIPSvZLOJLHh9e6ApJk0PwnTupqxWn0JORAZidwNrGjvoBMeb6gtWmgFnwTO",
        "https://vtbehaviour.commondatastorage.googleapis.com/e0ac3780a1152800adc9fb31b5fd9d849b8f8defc014657b9b2e998ff72c2bb4_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779449382&Signature=GsaicymiUqs49NLqLPAVvf%2Bv2RwudQDEfcp3TeWyX92n2qwqpH9HWCV422PIRfG9GUe5OGbnGO0mIkaCuWs9fgtMTHtoT6o2uIiPZQNhcAL2tWEv22GoGjIhK0MvnOKG1EKRAA9bdlP5tGpvgOM5usOM55tsgbPUQWGsB19CvRAPS6OZ1eIqrdpLiOeAKK2uIGkaOnOkD4njy1e15fQ0BGPY1rMjdenHRZDu9EXv2zfwqLiUNbp%2B"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1033",
          "name": "System Owner/User Discovery",
          "display_name": "T1033 - System Owner/User Discovery"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1496",
          "name": "Resource Hijacking",
          "display_name": "T1496 - Resource Hijacking"
        },
        {
          "id": "T1539",
          "name": "Steal Web Session Cookie",
          "display_name": "T1539 - Steal Web Session Cookie"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1012",
          "name": "Query Registry",
          "display_name": "T1012 - Query Registry"
        },
        {
          "id": "T1485",
          "name": "Data Destruction",
          "display_name": "T1485 - Data Destruction"
        },
        {
          "id": "T1486",
          "name": "Data Encrypted for Impact",
          "display_name": "T1486 - Data Encrypted for Impact"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 4759,
        "hostname": 1513,
        "IPv4": 576,
        "FileHash-MD5": 1418,
        "FileHash-SHA1": 1413,
        "domain": 1263,
        "URL": 1550,
        "email": 27,
        "IPv6": 8,
        "CVE": 5
      },
      "indicator_count": 12532,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "9 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a0fde205095bd98f11dcd2e",
      "name": "Research part 2 * CAPE Sandbox",
      "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].",
      "modified": "2026-05-22T04:40:00.363000",
      "created": "2026-05-22T04:40:00.363000",
      "tags": [
        "new roman",
        "hebrew",
        "arabic",
        "vietnamese",
        "greek",
        "baltic",
        "times new",
        "roman",
        "calibri",
        "light",
        "default",
        "strong",
        "cname",
        "file type",
        "file size",
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "virtual address",
        "accept",
        "shutdown",
        "guard",
        "pe file",
        "windows",
        "sample",
        "reads",
        "performs dns",
        "network info",
        "processes extra",
        "pe32",
        "intel",
        "delphi",
        "code",
        "persistence",
        "malicious",
        "next",
        "member",
        "p11778505315",
        "p2404",
        "host",
        "library",
        "thrown",
        "class",
        "null",
        "example",
        "loop",
        "syst",
        "none rticon",
        "address virtual",
        "sha1",
        "locale",
        "download"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC",
        "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni",
        "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko",
        "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL",
        "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1033",
          "name": "System Owner/User Discovery",
          "display_name": "T1033 - System Owner/User Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1047",
          "name": "Windows Management Instrumentation",
          "display_name": "T1047 - Windows Management Instrumentation"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1074",
          "name": "Data Staged",
          "display_name": "T1074 - Data Staged"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1090",
          "name": "Proxy",
          "display_name": "T1090 - Proxy"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1485",
          "name": "Data Destruction",
          "display_name": "T1485 - Data Destruction"
        },
        {
          "id": "T1486",
          "name": "Data Encrypted for Impact",
          "display_name": "T1486 - Data Encrypted for Impact"
        },
        {
          "id": "T1496",
          "name": "Resource Hijacking",
          "display_name": "T1496 - Resource Hijacking"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1548",
          "name": "Abuse Elevation Control Mechanism",
          "display_name": "T1548 - Abuse Elevation Control Mechanism"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1568",
          "name": "Dynamic Resolution",
          "display_name": "T1568 - Dynamic Resolution"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1014",
          "name": "Rootkit",
          "display_name": "T1014 - Rootkit"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1539",
          "name": "Steal Web Session Cookie",
          "display_name": "T1539 - Steal Web Session Cookie"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 365,
        "FileHash-SHA1": 113,
        "FileHash-SHA256": 302,
        "IPv4": 324,
        "URL": 261,
        "domain": 214,
        "hostname": 464
      },
      "indicator_count": 2043,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "9 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a0fde1e9d38578f83f2f07a",
      "name": "Research part 2 * CAPE Sandbox",
      "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].",
      "modified": "2026-05-22T04:39:58.097000",
      "created": "2026-05-22T04:39:58.097000",
      "tags": [
        "new roman",
        "hebrew",
        "arabic",
        "vietnamese",
        "greek",
        "baltic",
        "times new",
        "roman",
        "calibri",
        "light",
        "default",
        "strong",
        "cname",
        "file type",
        "file size",
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "virtual address",
        "accept",
        "shutdown",
        "guard",
        "pe file",
        "windows",
        "sample",
        "reads",
        "performs dns",
        "network info",
        "processes extra",
        "pe32",
        "intel",
        "delphi",
        "code",
        "persistence",
        "malicious",
        "next",
        "member",
        "p11778505315",
        "p2404",
        "host",
        "library",
        "thrown",
        "class",
        "null",
        "example",
        "loop",
        "syst",
        "none rticon",
        "address virtual",
        "sha1",
        "locale",
        "download"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC",
        "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni",
        "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko",
        "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL",
        "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1033",
          "name": "System Owner/User Discovery",
          "display_name": "T1033 - System Owner/User Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1047",
          "name": "Windows Management Instrumentation",
          "display_name": "T1047 - Windows Management Instrumentation"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1074",
          "name": "Data Staged",
          "display_name": "T1074 - Data Staged"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1090",
          "name": "Proxy",
          "display_name": "T1090 - Proxy"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1485",
          "name": "Data Destruction",
          "display_name": "T1485 - Data Destruction"
        },
        {
          "id": "T1486",
          "name": "Data Encrypted for Impact",
          "display_name": "T1486 - Data Encrypted for Impact"
        },
        {
          "id": "T1496",
          "name": "Resource Hijacking",
          "display_name": "T1496 - Resource Hijacking"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1548",
          "name": "Abuse Elevation Control Mechanism",
          "display_name": "T1548 - Abuse Elevation Control Mechanism"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1568",
          "name": "Dynamic Resolution",
          "display_name": "T1568 - Dynamic Resolution"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1014",
          "name": "Rootkit",
          "display_name": "T1014 - Rootkit"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1539",
          "name": "Steal Web Session Cookie",
          "display_name": "T1539 - Steal Web Session Cookie"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 365,
        "FileHash-SHA1": 113,
        "FileHash-SHA256": 302,
        "IPv4": 324,
        "URL": 261,
        "domain": 214,
        "hostname": 464
      },
      "indicator_count": 2043,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "9 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a0fde1b366253c296281156",
      "name": "Research part 2 * CAPE Sandbox",
      "description": "[sample of malware: PCBioUnlock-Setup-x64, for MS Windows, has been found on a server in the Czech Republic and is being investigated by the UK's National Security Agency].",
      "modified": "2026-05-22T04:39:55.100000",
      "created": "2026-05-22T04:39:55.100000",
      "tags": [
        "new roman",
        "hebrew",
        "arabic",
        "vietnamese",
        "greek",
        "baltic",
        "times new",
        "roman",
        "calibri",
        "light",
        "default",
        "strong",
        "cname",
        "file type",
        "file size",
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "virtual address",
        "accept",
        "shutdown",
        "guard",
        "pe file",
        "windows",
        "sample",
        "reads",
        "performs dns",
        "network info",
        "processes extra",
        "pe32",
        "intel",
        "delphi",
        "code",
        "persistence",
        "malicious",
        "next",
        "member",
        "p11778505315",
        "p2404",
        "host",
        "library",
        "thrown",
        "class",
        "null",
        "example",
        "loop",
        "syst",
        "none rticon",
        "address virtual",
        "sha1",
        "locale",
        "download"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/528935b574adacd37fb70a08c57e923187a88f0048edf13955c17b4ac9b6254f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424576&Signature=HqCaWUtXVqO0qP7OW%2FasttQekub43IxOpVwuNpnAqqHt5pD2k3CeW8D0ZuOjDsOkw4LBA4QQbqNJ8uF0UmEbac%2BHKOyP%2FCf%2B08D7aM0iFPanIPuqxCoSiRjjD1C759Ig9GSDC64CKskQd91puLrezrVudARsxDdIPAJCyAwGDb6Y3L7HlOj5cCucn6k6hA6AetITD1fiTojQEV%2BX9%2B9Wp0Qxeje2jmCgoPHcO2fWBMKX7UXSmC",
        "https://vtbehaviour.commondatastorage.googleapis.com/53bc6ed33565fe532d0ab10f9fafd2a18de06f9af32276627523a042a5205976_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424635&Signature=d4%2F4WzkSDNNN7zJVhJx9Csbghc4NumQIzYVmFLhdk983TTEjbNgBJJMGjkeXRWH1WR1mZnFiQQ7Mgo1L3lMAyghZch23i36rYC7Da3ktAuDVWv8dZ1P%2B%2FKBPfkOwkRmp9jF96vpOsqtTUoktlD4F%2Bu%2FSt6dwBXDN7ZBz%2F2Aau%2B0QQ4m11sl9wLFOuu1xCjfQKL%2FWdqAda78SKAgiFEx5VZhvpCqaQBEkgpvyGqqtOC8Rni",
        "https://vtbehaviour.commondatastorage.googleapis.com/5e5f874a1eedb61097a11ae64bd9c49b5f31af66e85930a66e7373e0f0484034_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424692&Signature=A3e%2FNdGFEcoJrC50Cl1QJdp4vyuRXzYj3rP9Iwn%2F50jQamoXpWTto2LpsHhBehAI3uOMa%2F0EZAXBOsFpoMY%2F4gKZzD19INxr7gSdiBCwV3n78RSx72IwxJWT%2FrQFLc5LqYrfyhYZwA3RbXE0Rg7%2Ba%2BaCBYWZfO6Gf%2BJo7bMuxJ2KdvUp7KrHJsakVx8NR02FFuAwR9sksywzOJDU0EA36q48S%2Ffwge1CpYC0auKTyw3EFA4fQdko",
        "https://vtbehaviour.commondatastorage.googleapis.com/7568b78ad94202cc4e547c84d56faccb2a9033394945a2abdd1e7defe1b23221_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424847&Signature=W%2FpZoFBjX%2F6dqAOlg3u1Cr97bQWQ5vr5g8vo3MlqlHoQB2fgvDONRPJ9HyV3Y%2Fj3bm%2FptwemAyKKhjIjfQu1%2BpjTODHdlc7%2B%2B7CQ9HFpIhSzlPv%2BFz041BPyB4A3V1ai5cjuLZB%2FO1hgwEtS3zskowTaVI7ee6LCl6DfqDdq%2FO8RBndMZ9%2BQdoDiH0Gn3DBe3MHzxR9qkEXls3ok5PqQz2faoqkRtmJp7mflsROL",
        "https://vtbehaviour.commondatastorage.googleapis.com/7310a1ce46f4c4280e18403044cc3fa3dcbcac3646313096d2e8da082d654951_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779424873&Signature=UnLgHEfZz0S4bAc6cvQERC43J5aqbCUMvclTqtNQnkkUqr9x%2FGo0pkzzwsOlTksbn0qypBlpybA9XNQXcuQZlbt3MJrTrbNVqIWdAw22G589Fet6989gCoAmRKEX8dYX1C3%2FBPY4JErzHWREsqzA3aefjsOBRlQ2bEHFnmaaIgCwNcAp79YhAOITJ%2Bhc1FCaMl1hFlkeQ3tgSd%2BJauHkHpGHtktntEv90Mx9p614FUG2ybNPNrz%2B"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1033",
          "name": "System Owner/User Discovery",
          "display_name": "T1033 - System Owner/User Discovery"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1047",
          "name": "Windows Management Instrumentation",
          "display_name": "T1047 - Windows Management Instrumentation"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1074",
          "name": "Data Staged",
          "display_name": "T1074 - Data Staged"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1090",
          "name": "Proxy",
          "display_name": "T1090 - Proxy"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1485",
          "name": "Data Destruction",
          "display_name": "T1485 - Data Destruction"
        },
        {
          "id": "T1486",
          "name": "Data Encrypted for Impact",
          "display_name": "T1486 - Data Encrypted for Impact"
        },
        {
          "id": "T1496",
          "name": "Resource Hijacking",
          "display_name": "T1496 - Resource Hijacking"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1542",
          "name": "Pre-OS Boot",
          "display_name": "T1542 - Pre-OS Boot"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1548",
          "name": "Abuse Elevation Control Mechanism",
          "display_name": "T1548 - Abuse Elevation Control Mechanism"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1568",
          "name": "Dynamic Resolution",
          "display_name": "T1568 - Dynamic Resolution"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1014",
          "name": "Rootkit",
          "display_name": "T1014 - Rootkit"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1539",
          "name": "Steal Web Session Cookie",
          "display_name": "T1539 - Steal Web Session Cookie"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 365,
        "FileHash-SHA1": 113,
        "FileHash-SHA256": 302,
        "IPv4": 324,
        "URL": 261,
        "domain": 214,
        "hostname": 464
      },
      "indicator_count": 2043,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 66,
      "modified_text": "9 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://samiskvgs.eduvpn.no/",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://samiskvgs.eduvpn.no/",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780250056.9568787
}