{
  "type": "URL",
  "indicator": "https://track.hubspot.com",
  "general": {
    "sections": [
      "general",
      "url_list",
      "http_scans",
      "screenshot"
    ],
    "indicator": "https://track.hubspot.com",
    "type": "url",
    "type_title": "URL",
    "validation": [
      {
        "source": "alexa",
        "message": "Alexa rank: #779",
        "name": "Listed on Alexa"
      },
      {
        "source": "akamai",
        "message": "Akamai rank: #1754",
        "name": "Akamai Popular Domain"
      },
      {
        "source": "whitelist",
        "message": "Whitelisted domain hubspot.com",
        "name": "Whitelisted domain"
      },
      {
        "source": "majestic",
        "message": "Whitelisted domain hubspot.com",
        "name": "Whitelisted domain"
      }
    ],
    "base_indicator": {
      "id": 4143393937,
      "indicator": "https://track.hubspot.com",
      "type": "URL",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 5,
      "pulses": [
        {
          "id": "69d0ac87c6799549809753ce",
          "name": "VirusTotal report\n                    for Other-20230212T074754Z-001.zip",
          "description": "<Registrant: 3432650ec337c945 \u00c2\u00a33.5m.>com - is the name of a German domain registered with the United-Domains AG.<pretext>\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.",
          "modified": "2026-04-04T06:43:37.685000",
          "created": "2026-04-04T06:15:35.668000",
          "tags": [
            "date",
            "server",
            "registrar abuse",
            "postal code",
            "registrant name",
            "expiration date",
            "registry domain",
            "registrar iana",
            "registrar url",
            "registrant city",
            "ascii text",
            "javascript",
            "mitre attack",
            "network info",
            "dropped info",
            "file type",
            "processes extra",
            "overview zenbox",
            "linux verdict",
            "guest system",
            "ultimate file",
            "info file",
            "persistence",
            "next",
            "pe file",
            "text format",
            "ansi",
            "ms windows",
            "zip archive",
            "found",
            "crlf line",
            "windows start",
            "default",
            "delphi",
            "code",
            "malicious",
            "windows sandbox",
            "calls clear",
            "ascii",
            "java source",
            "web open",
            "font format",
            "truetype",
            "version",
            "python",
            "cape sandbox",
            "machine summary",
            "report time",
            "machine name",
            "analysis id",
            "machine label",
            "duration",
            "machine manager",
            "kvm os",
            "shutdown",
            "https",
            "shpk",
            "performs dns",
            "t1055 process",
            "layer protocol",
            "overview",
            "title",
            "phishing",
            "loader",
            "script",
            "meta",
            "albania",
            "structured data",
            "artan lenja",
            "street",
            "building",
            "tiran",
            "body",
            "icloud",
            "free",
            "apple",
            "link",
            "style",
            "doctype html",
            "timestamp",
            "sectigo",
            "official",
            "disney",
            "walt disney",
            "countryus",
            "center",
            "head",
            "forbidden",
            "creates",
            "command",
            "clear filters",
            "sigma",
            "verdict"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0",
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz",
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V",
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW",
            "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ",
            "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU",
            "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F",
            "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG",
            "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com",
            "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM",
            "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky",
            "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD",
            "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1064",
              "name": "Scripting",
              "display_name": "T1064 - Scripting"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1046",
              "name": "Network Service Scanning",
              "display_name": "T1046 - Network Service Scanning"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 204,
            "email": 2,
            "hostname": 470,
            "URL": 746,
            "FileHash-SHA256": 827,
            "FileHash-MD5": 19,
            "FileHash-SHA1": 17,
            "IPv4": 187
          },
          "indicator_count": 2472,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "15 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d0ac884cb646fac0b8d3d4",
          "name": "VirusTotal report\n                    for Other-20230212T074754Z-001.zip",
          "description": "<Registrant: 3432650ec337c945 \u00c2\u00a33.5m.>com - is the name of a German domain registered with the United-Domains AG.<pretext>\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.",
          "modified": "2026-04-04T06:43:36.558000",
          "created": "2026-04-04T06:15:36.916000",
          "tags": [
            "date",
            "server",
            "registrar abuse",
            "postal code",
            "registrant name",
            "expiration date",
            "registry domain",
            "registrar iana",
            "registrar url",
            "registrant city",
            "ascii text",
            "javascript",
            "mitre attack",
            "network info",
            "dropped info",
            "file type",
            "processes extra",
            "overview zenbox",
            "linux verdict",
            "guest system",
            "ultimate file",
            "info file",
            "persistence",
            "next",
            "pe file",
            "text format",
            "ansi",
            "ms windows",
            "zip archive",
            "found",
            "crlf line",
            "windows start",
            "default",
            "delphi",
            "code",
            "malicious",
            "windows sandbox",
            "calls clear",
            "ascii",
            "java source",
            "web open",
            "font format",
            "truetype",
            "version",
            "python",
            "cape sandbox",
            "machine summary",
            "report time",
            "machine name",
            "analysis id",
            "machine label",
            "duration",
            "machine manager",
            "kvm os",
            "shutdown",
            "https",
            "shpk",
            "performs dns",
            "t1055 process",
            "layer protocol",
            "overview",
            "title",
            "phishing",
            "loader",
            "script",
            "meta",
            "albania",
            "structured data",
            "artan lenja",
            "street",
            "building",
            "tiran",
            "body",
            "icloud",
            "free",
            "apple",
            "link",
            "style",
            "doctype html",
            "timestamp",
            "sectigo",
            "official",
            "disney",
            "walt disney",
            "countryus",
            "center",
            "head",
            "forbidden",
            "creates",
            "command",
            "clear filters",
            "sigma",
            "verdict"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0",
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz",
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V",
            "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW",
            "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ",
            "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU",
            "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F",
            "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG",
            "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com",
            "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM",
            "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky",
            "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD",
            "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA",
            "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            },
            {
              "id": "T1064",
              "name": "Scripting",
              "display_name": "T1064 - Scripting"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1564",
              "name": "Hide Artifacts",
              "display_name": "T1564 - Hide Artifacts"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1046",
              "name": "Network Service Scanning",
              "display_name": "T1046 - Network Service Scanning"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 359,
            "email": 2,
            "hostname": 664,
            "URL": 794,
            "FileHash-SHA256": 827,
            "FileHash-MD5": 21,
            "FileHash-SHA1": 17,
            "IPv4": 187
          },
          "indicator_count": 2871,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "15 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d096edff67896dccb36a4d",
          "name": "VirusTotal report\n                    for index.html",
          "description": "The full name of the German domain registrar: COFFEEDESIGNCODE.com, or coffeedesign code, has been published.. and it is not yet known.",
          "modified": "2026-04-04T04:43:25.967000",
          "created": "2026-04-04T04:43:25.967000",
          "tags": [
            "date",
            "server",
            "registrar abuse",
            "registrant name",
            "expiration date",
            "registry domain",
            "registrar iana",
            "registrar url",
            "registrant city",
            "ag registrant",
            "thumbprint",
            "html document",
            "unicode text",
            "utf8 text",
            "title microsoft",
            "ms05019",
            "none",
            "docs",
            "betafred ms",
            "content tocrel",
            "conceptual",
            "performs dns",
            "https",
            "file type",
            "tls version",
            "mitre attack",
            "network info",
            "urls",
            "t1055 process",
            "layer protocol",
            "united",
            "phishing",
            "malicious",
            "next",
            "cache entry",
            "chrome cache",
            "entry",
            "extra info",
            "process",
            "nothing",
            "registry keys",
            "mutexes nothing",
            "data",
            "datacrashpad",
            "edge",
            "created",
            "parent pid",
            "full path",
            "command line",
            "status code",
            "ssl certificates",
            "tls certificates",
            "website security",
            "signtool",
            "sectigo",
            "microsoft",
            "signtool let",
            "web site",
            "rsasha256",
            "rsasha384",
            "rsasha512",
            "signcode",
            "ssl certificate",
            "logo",
            "sxa0",
            "object",
            "regexp",
            "null",
            "tdfunction",
            "ddfunction",
            "array",
            "string",
            "dfunction",
            "iana id",
            "contact phone",
            "dnssec",
            "domain status",
            "registrar whois",
            "registrar",
            "language",
            "html internet",
            "doctype",
            "learn",
            "seomatic og",
            "timestamp",
            "sectigo ssl",
            "sectigo og",
            "sectigohq og",
            "utf8",
            "crlf line",
            "text",
            "ipxw1920",
            "fwebp",
            "win32 exe",
            "pe32",
            "ms windows",
            "win16 ne",
            "icons library",
            "os2 executable",
            "generic windos",
            "executable",
            "pe64 compiler",
            "sha256",
            "pc bitmap",
            "windows bitmap",
            "bitmap",
            "zip archive",
            "text text",
            "ascii text",
            "has permission",
            "reads",
            "accesses",
            "found",
            "t1413 access",
            "sensitive data",
            "device logs",
            "persistence",
            "fraud",
            "cloud"
          ],
          "references": [
            "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855%0Ahttp://x1.c.lencr.org/%0Ahttp://c.pki.goog/r/r1.crl",
            "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276100&Signature=NczLfuk5dyPFskbtz7UwIjCT2DzeU5uAQP%2FL%2BC5bjk7Ng%2FHccJbUFWcb%2FqpvZaJ%2BWg4tg6aaPKihJzwDyiF7UaJOwdX3172ddwGJAfggvgpJ68YtVBE1nyhHAoFO6KsLL73DjNj58e8Uhq6Bcx4nXa86FETCR%2FzzXDlLDXyQSxf%2FKhG8zuxEsss9vRDCF%2B3TJGvJ5EmQ5HwGvk2ex9wf6H1FrBxEyx6BH5i6txcC9vMG9SXQ6eYR2p",
            "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276177&Signature=iO1RoMLTZsC3s7nBZ8wieXl6wwWrnnCqu%2F5pXBAa2Luk2wKtKTXUyyZEOOhqaCFNbUPjsIfY1v0KxEBxzkumSiDs3XXBs%2FYt49goHGNudddQOKcmLsjbT2GhALTnmmVvl79aLJaLwnMe9B7PkJpSTGuBrutOjF5VJ0yofcbM4XjQQlOIkc8WWi94WMVxXpWAjFK9D5zmoyn9G5w1TahDZjePP%2FfkKNpJe2OqRQ59iXyHcG1nvA%2FUIx",
            "http://timestamp.sectigo.com/",
            "https://www.google-analytics.com/analytics.js",
            "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
            "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277214&Signature=y3%2FkmodrmzpLTVDtkzYvlqSkUTQ8Tri%2FDiLIqIpCBmJ6%2Bwk5p%2FJDSAwE5V8Wdp0vWLWjfA4DvRyS%2FvmNV4kFOr422iVZH2Ap2evf8%2Bq2bp9CW%2BAuBCjgz9K329V4%2B%2B9duUsUhVBqZ%2BNKz%2Fj4z7ZDBI%2BjqPV8XjvTI7pXAfzknmFAfZU%2FjalCNigHCX%2FIOgymeTOfzSOLYLClpNTr%2BYle8VSI%2BHf9TgUWP2WgNF",
            "https://vtbehaviour.commondatastorage.googleapis.com/028e16744de653383b403efd4b755075deeb7d8ce264d7edd4615725e5b4c4c6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277967&Signature=oSvtx7eGCctItNKSDZN4tpJp11yn5QQjCHsLi45z7kUOa9nbuhPdVjh9gBKlXtNuGfXbpItYf6NFI%2B4pKCin266TJQP7FzDSnUzzziJTuqmZwxihDeoZ1RauqVOzGoAmrj9sG8nOYXqbOHNxQ3E6SugSzW3UFbyQJzfKt%2FsqsPsKAvl4su%2FlkWsqTHUR%2FT%2FLTTQV0ZXLwnrLv%2FdBA7DdsiE35g%2FPOiUdzJjkjhSILF%2BR"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1406",
              "name": "Obfuscated Files or Information",
              "display_name": "T1406 - Obfuscated Files or Information"
            },
            {
              "id": "T1409",
              "name": "Access Stored Application Data",
              "display_name": "T1409 - Access Stored Application Data"
            },
            {
              "id": "T1413",
              "name": "Access Sensitive Data in Device Logs",
              "display_name": "T1413 - Access Sensitive Data in Device Logs"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1424",
              "name": "Process Discovery",
              "display_name": "T1424 - Process Discovery"
            },
            {
              "id": "T1426",
              "name": "System Information Discovery",
              "display_name": "T1426 - System Information Discovery"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1430",
              "name": "Location Tracking",
              "display_name": "T1430 - Location Tracking"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 50,
            "email": 2,
            "hostname": 196,
            "FileHash-SHA1": 51,
            "URL": 234,
            "FileHash-MD5": 54,
            "FileHash-SHA256": 715,
            "IPv4": 32
          },
          "indicator_count": 1334,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "16 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "69d096edd596a1a9e9a0aa92",
          "name": "VirusTotal report\n                    for index.html",
          "description": "The full name of the German domain registrar: COFFEEDESIGNCODE.com, or coffeedesign code, has been published.. and it is not yet known.",
          "modified": "2026-04-04T04:43:25.258000",
          "created": "2026-04-04T04:43:25.258000",
          "tags": [
            "date",
            "server",
            "registrar abuse",
            "registrant name",
            "expiration date",
            "registry domain",
            "registrar iana",
            "registrar url",
            "registrant city",
            "ag registrant",
            "thumbprint",
            "html document",
            "unicode text",
            "utf8 text",
            "title microsoft",
            "ms05019",
            "none",
            "docs",
            "betafred ms",
            "content tocrel",
            "conceptual",
            "performs dns",
            "https",
            "file type",
            "tls version",
            "mitre attack",
            "network info",
            "urls",
            "t1055 process",
            "layer protocol",
            "united",
            "phishing",
            "malicious",
            "next",
            "cache entry",
            "chrome cache",
            "entry",
            "extra info",
            "process",
            "nothing",
            "registry keys",
            "mutexes nothing",
            "data",
            "datacrashpad",
            "edge",
            "created",
            "parent pid",
            "full path",
            "command line",
            "status code",
            "ssl certificates",
            "tls certificates",
            "website security",
            "signtool",
            "sectigo",
            "microsoft",
            "signtool let",
            "web site",
            "rsasha256",
            "rsasha384",
            "rsasha512",
            "signcode",
            "ssl certificate",
            "logo",
            "sxa0",
            "object",
            "regexp",
            "null",
            "tdfunction",
            "ddfunction",
            "array",
            "string",
            "dfunction",
            "iana id",
            "contact phone",
            "dnssec",
            "domain status",
            "registrar whois",
            "registrar",
            "language",
            "html internet",
            "doctype",
            "learn",
            "seomatic og",
            "timestamp",
            "sectigo ssl",
            "sectigo og",
            "sectigohq og",
            "utf8",
            "crlf line",
            "text",
            "ipxw1920",
            "fwebp",
            "win32 exe",
            "pe32",
            "ms windows",
            "win16 ne",
            "icons library",
            "os2 executable",
            "generic windos",
            "executable",
            "pe64 compiler",
            "sha256",
            "pc bitmap",
            "windows bitmap",
            "bitmap",
            "zip archive",
            "text text",
            "ascii text",
            "has permission",
            "reads",
            "accesses",
            "found",
            "t1413 access",
            "sensitive data",
            "device logs",
            "persistence",
            "fraud",
            "cloud"
          ],
          "references": [
            "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855%0Ahttp://x1.c.lencr.org/%0Ahttp://c.pki.goog/r/r1.crl",
            "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276100&Signature=NczLfuk5dyPFskbtz7UwIjCT2DzeU5uAQP%2FL%2BC5bjk7Ng%2FHccJbUFWcb%2FqpvZaJ%2BWg4tg6aaPKihJzwDyiF7UaJOwdX3172ddwGJAfggvgpJ68YtVBE1nyhHAoFO6KsLL73DjNj58e8Uhq6Bcx4nXa86FETCR%2FzzXDlLDXyQSxf%2FKhG8zuxEsss9vRDCF%2B3TJGvJ5EmQ5HwGvk2ex9wf6H1FrBxEyx6BH5i6txcC9vMG9SXQ6eYR2p",
            "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276177&Signature=iO1RoMLTZsC3s7nBZ8wieXl6wwWrnnCqu%2F5pXBAa2Luk2wKtKTXUyyZEOOhqaCFNbUPjsIfY1v0KxEBxzkumSiDs3XXBs%2FYt49goHGNudddQOKcmLsjbT2GhALTnmmVvl79aLJaLwnMe9B7PkJpSTGuBrutOjF5VJ0yofcbM4XjQQlOIkc8WWi94WMVxXpWAjFK9D5zmoyn9G5w1TahDZjePP%2FfkKNpJe2OqRQ59iXyHcG1nvA%2FUIx",
            "http://timestamp.sectigo.com/",
            "https://www.google-analytics.com/analytics.js",
            "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
            "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277214&Signature=y3%2FkmodrmzpLTVDtkzYvlqSkUTQ8Tri%2FDiLIqIpCBmJ6%2Bwk5p%2FJDSAwE5V8Wdp0vWLWjfA4DvRyS%2FvmNV4kFOr422iVZH2Ap2evf8%2Bq2bp9CW%2BAuBCjgz9K329V4%2B%2B9duUsUhVBqZ%2BNKz%2Fj4z7ZDBI%2BjqPV8XjvTI7pXAfzknmFAfZU%2FjalCNigHCX%2FIOgymeTOfzSOLYLClpNTr%2BYle8VSI%2BHf9TgUWP2WgNF",
            "https://vtbehaviour.commondatastorage.googleapis.com/028e16744de653383b403efd4b755075deeb7d8ce264d7edd4615725e5b4c4c6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277967&Signature=oSvtx7eGCctItNKSDZN4tpJp11yn5QQjCHsLi45z7kUOa9nbuhPdVjh9gBKlXtNuGfXbpItYf6NFI%2B4pKCin266TJQP7FzDSnUzzziJTuqmZwxihDeoZ1RauqVOzGoAmrj9sG8nOYXqbOHNxQ3E6SugSzW3UFbyQJzfKt%2FsqsPsKAvl4su%2FlkWsqTHUR%2FT%2FLTTQV0ZXLwnrLv%2FdBA7DdsiE35g%2FPOiUdzJjkjhSILF%2BR"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1070",
              "name": "Indicator Removal on Host",
              "display_name": "T1070 - Indicator Removal on Host"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1573",
              "name": "Encrypted Channel",
              "display_name": "T1573 - Encrypted Channel"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1406",
              "name": "Obfuscated Files or Information",
              "display_name": "T1406 - Obfuscated Files or Information"
            },
            {
              "id": "T1409",
              "name": "Access Stored Application Data",
              "display_name": "T1409 - Access Stored Application Data"
            },
            {
              "id": "T1413",
              "name": "Access Sensitive Data in Device Logs",
              "display_name": "T1413 - Access Sensitive Data in Device Logs"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1424",
              "name": "Process Discovery",
              "display_name": "T1424 - Process Discovery"
            },
            {
              "id": "T1426",
              "name": "System Information Discovery",
              "display_name": "T1426 - System Information Discovery"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1430",
              "name": "Location Tracking",
              "display_name": "T1430 - Location Tracking"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 1,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 50,
            "email": 2,
            "hostname": 196,
            "FileHash-SHA1": 51,
            "URL": 234,
            "FileHash-MD5": 54,
            "FileHash-SHA256": 715,
            "IPv4": 32
          },
          "indicator_count": 1334,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 48,
          "modified_text": "16 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        },
        {
          "id": "68ff6bf46f5d8662048ca7a1",
          "name": "symcd.com \u2022 Netify.ai",
          "description": "Seen in multiple attacks including CrowdStrike\nincident that was truly a breach found and reported prior to outage. SYCMD..com\nis consistently removed / deleted from pulses.\n\nI have nothing to say. OTX will pulse this let\u2019s see if anything happens..\n#rootkit? #ai #netify #malware #running_webserver #ottowa #elf #agent #malware #known #network_icmp #nolookup_communication\nantivm_generic_disk #dead host\n#dumped_buffer\n#network_cnc_http\n#network_http\n#allocates_rwx\n#av_detect_china_key #m\n[ELF:Agent-VW\\ [Trj]]\nIDS Detections :\n*GoBrut Service Bruter CnC Activity \n*GoBrut Service Bruter CnC Checkin \n*Generic.Go.Bruteforcer CnC Beacon\neval String.fromCharCode String Which May Be #malicious\nYara Detections:\ncompromised_site_redirector_fromcharcode\nfromCharCode | Yara Detections:\nKnownMaliciousObfuscationPattern\n[External IP Address Lookup via api .ip138 .com]\n[Win.Malware.Softcnapp-6932830-0]\nMultiple malware attack.",
          "modified": "2025-11-26T12:00:39.551000",
          "created": "2025-10-27T12:56:20.090000",
          "tags": [
            "present may",
            "present jun",
            "name servers",
            "united",
            "status",
            "present aug",
            "present oct",
            "present jul",
            "present mar",
            "present nov",
            "date",
            "digicert",
            "whois",
            "forums",
            "symantec",
            "comcast",
            "levelblue",
            "open threat",
            "pulse",
            "urls",
            "as13335",
            "info",
            "server",
            "domain status",
            "registrar abuse",
            "registrar",
            "dnssec",
            "domain name",
            "us registrant",
            "email",
            "contact email",
            "host name",
            "handle",
            "rdap database",
            "iana registrar",
            "present sep",
            "canada unknown",
            "moved",
            "ip address",
            "search",
            "title",
            "encrypt",
            "ubuntu",
            "linux x8664",
            "gobrut service",
            "bruter cnc",
            "entries",
            "show",
            "activity",
            "stca",
            "unknown",
            "malware",
            "copy",
            "next",
            "team",
            "script urls",
            "a domains",
            "passive dns",
            "gmt server",
            "content type",
            "body",
            "meta",
            "for privacy",
            "creation date",
            "name redacted",
            "expiration date",
            "servers",
            "hostname add",
            "pulse pulses",
            "13371",
            "qq v",
            "process32nextw",
            "regopenkeyexw",
            "medium",
            "langchinese",
            "get na",
            "rticon",
            "security",
            "high",
            "win32",
            "write",
            "dynamicloader",
            "checks",
            "alerts",
            "bios",
            "dynamic",
            "total",
            "read",
            "delete",
            "name strings",
            "south korea"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Australia",
            "Canada",
            "Bulgaria",
            "Germany",
            "Netherlands"
          ],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1063",
              "name": "Security Software Discovery",
              "display_name": "T1063 - Security Software Discovery"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 3,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 3301,
            "email": 9,
            "hostname": 1202,
            "FileHash-SHA256": 1967,
            "domain": 1885,
            "FileHash-MD5": 153,
            "FileHash-SHA1": 151,
            "CVE": 1,
            "SSLCertFingerprint": 82,
            "FilePath": 1
          },
          "indicator_count": 8752,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 140,
          "modified_text": "144 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "URL",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky",
        "https://vtbehaviour.commondatastorage.googleapis.com/028e16744de653383b403efd4b755075deeb7d8ce264d7edd4615725e5b4c4c6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277967&Signature=oSvtx7eGCctItNKSDZN4tpJp11yn5QQjCHsLi45z7kUOa9nbuhPdVjh9gBKlXtNuGfXbpItYf6NFI%2B4pKCin266TJQP7FzDSnUzzziJTuqmZwxihDeoZ1RauqVOzGoAmrj9sG8nOYXqbOHNxQ3E6SugSzW3UFbyQJzfKt%2FsqsPsKAvl4su%2FlkWsqTHUR%2FT%2FLTTQV0ZXLwnrLv%2FdBA7DdsiE35g%2FPOiUdzJjkjhSILF%2BR",
        "http://timestamp.sectigo.com/",
        "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277214&Signature=y3%2FkmodrmzpLTVDtkzYvlqSkUTQ8Tri%2FDiLIqIpCBmJ6%2Bwk5p%2FJDSAwE5V8Wdp0vWLWjfA4DvRyS%2FvmNV4kFOr422iVZH2Ap2evf8%2Bq2bp9CW%2BAuBCjgz9K329V4%2B%2B9duUsUhVBqZ%2BNKz%2Fj4z7ZDBI%2BjqPV8XjvTI7pXAfzknmFAfZU%2FjalCNigHCX%2FIOgymeTOfzSOLYLClpNTr%2BYle8VSI%2BHf9TgUWP2WgNF",
        "https://www.google-analytics.com/analytics.js",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276100&Signature=NczLfuk5dyPFskbtz7UwIjCT2DzeU5uAQP%2FL%2BC5bjk7Ng%2FHccJbUFWcb%2FqpvZaJ%2BWg4tg6aaPKihJzwDyiF7UaJOwdX3172ddwGJAfggvgpJ68YtVBE1nyhHAoFO6KsLL73DjNj58e8Uhq6Bcx4nXa86FETCR%2FzzXDlLDXyQSxf%2FKhG8zuxEsss9vRDCF%2B3TJGvJ5EmQ5HwGvk2ex9wf6H1FrBxEyx6BH5i6txcC9vMG9SXQ6eYR2p",
        "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F",
        "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com",
        "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU",
        "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM",
        "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276177&Signature=iO1RoMLTZsC3s7nBZ8wieXl6wwWrnnCqu%2F5pXBAa2Luk2wKtKTXUyyZEOOhqaCFNbUPjsIfY1v0KxEBxzkumSiDs3XXBs%2FYt49goHGNudddQOKcmLsjbT2GhALTnmmVvl79aLJaLwnMe9B7PkJpSTGuBrutOjF5VJ0yofcbM4XjQQlOIkc8WWi94WMVxXpWAjFK9D5zmoyn9G5w1TahDZjePP%2FfkKNpJe2OqRQ59iXyHcG1nvA%2FUIx",
        "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0",
        "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
        "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V",
        "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855%0Ahttp://x1.c.lencr.org/%0Ahttp://c.pki.goog/r/r1.crl"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 0
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": [],
          "unique_indicators": 12990
        }
      }
    },
    "false_positive": [],
    "alexa": "http://www.alexa.com/siteinfo/hubspot.com",
    "whois": "http://whois.domaintools.com/hubspot.com",
    "domain": "hubspot.com",
    "hostname": "track.hubspot.com"
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 5,
  "pulses": [
    {
      "id": "69d0ac87c6799549809753ce",
      "name": "VirusTotal report\n                    for Other-20230212T074754Z-001.zip",
      "description": "<Registrant: 3432650ec337c945 \u00c2\u00a33.5m.>com - is the name of a German domain registered with the United-Domains AG.<pretext>\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.",
      "modified": "2026-04-04T06:43:37.685000",
      "created": "2026-04-04T06:15:35.668000",
      "tags": [
        "date",
        "server",
        "registrar abuse",
        "postal code",
        "registrant name",
        "expiration date",
        "registry domain",
        "registrar iana",
        "registrar url",
        "registrant city",
        "ascii text",
        "javascript",
        "mitre attack",
        "network info",
        "dropped info",
        "file type",
        "processes extra",
        "overview zenbox",
        "linux verdict",
        "guest system",
        "ultimate file",
        "info file",
        "persistence",
        "next",
        "pe file",
        "text format",
        "ansi",
        "ms windows",
        "zip archive",
        "found",
        "crlf line",
        "windows start",
        "default",
        "delphi",
        "code",
        "malicious",
        "windows sandbox",
        "calls clear",
        "ascii",
        "java source",
        "web open",
        "font format",
        "truetype",
        "version",
        "python",
        "cape sandbox",
        "machine summary",
        "report time",
        "machine name",
        "analysis id",
        "machine label",
        "duration",
        "machine manager",
        "kvm os",
        "shutdown",
        "https",
        "shpk",
        "performs dns",
        "t1055 process",
        "layer protocol",
        "overview",
        "title",
        "phishing",
        "loader",
        "script",
        "meta",
        "albania",
        "structured data",
        "artan lenja",
        "street",
        "building",
        "tiran",
        "body",
        "icloud",
        "free",
        "apple",
        "link",
        "style",
        "doctype html",
        "timestamp",
        "sectigo",
        "official",
        "disney",
        "walt disney",
        "countryus",
        "center",
        "head",
        "forbidden",
        "creates",
        "command",
        "clear filters",
        "sigma",
        "verdict"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW",
        "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU",
        "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F",
        "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG",
        "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com",
        "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM",
        "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky",
        "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD",
        "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1064",
          "name": "Scripting",
          "display_name": "T1064 - Scripting"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1046",
          "name": "Network Service Scanning",
          "display_name": "T1046 - Network Service Scanning"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 204,
        "email": 2,
        "hostname": 470,
        "URL": 746,
        "FileHash-SHA256": 827,
        "FileHash-MD5": 19,
        "FileHash-SHA1": 17,
        "IPv4": 187
      },
      "indicator_count": 2472,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "15 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d0ac884cb646fac0b8d3d4",
      "name": "VirusTotal report\n                    for Other-20230212T074754Z-001.zip",
      "description": "<Registrant: 3432650ec337c945 \u00c2\u00a33.5m.>com - is the name of a German domain registered with the United-Domains AG.<pretext>\n\n3 hearts\npure bleeds. sigma shields. commander hunts.\nlegacy puppetmaster suppresses.\nthe octopus is forever tangled.",
      "modified": "2026-04-04T06:43:36.558000",
      "created": "2026-04-04T06:15:36.916000",
      "tags": [
        "date",
        "server",
        "registrar abuse",
        "postal code",
        "registrant name",
        "expiration date",
        "registry domain",
        "registrar iana",
        "registrar url",
        "registrant city",
        "ascii text",
        "javascript",
        "mitre attack",
        "network info",
        "dropped info",
        "file type",
        "processes extra",
        "overview zenbox",
        "linux verdict",
        "guest system",
        "ultimate file",
        "info file",
        "persistence",
        "next",
        "pe file",
        "text format",
        "ansi",
        "ms windows",
        "zip archive",
        "found",
        "crlf line",
        "windows start",
        "default",
        "delphi",
        "code",
        "malicious",
        "windows sandbox",
        "calls clear",
        "ascii",
        "java source",
        "web open",
        "font format",
        "truetype",
        "version",
        "python",
        "cape sandbox",
        "machine summary",
        "report time",
        "machine name",
        "analysis id",
        "machine label",
        "duration",
        "machine manager",
        "kvm os",
        "shutdown",
        "https",
        "shpk",
        "performs dns",
        "t1055 process",
        "layer protocol",
        "overview",
        "title",
        "phishing",
        "loader",
        "script",
        "meta",
        "albania",
        "structured data",
        "artan lenja",
        "street",
        "building",
        "tiran",
        "body",
        "icloud",
        "free",
        "apple",
        "link",
        "style",
        "doctype html",
        "timestamp",
        "sectigo",
        "official",
        "disney",
        "walt disney",
        "countryus",
        "center",
        "head",
        "forbidden",
        "creates",
        "command",
        "clear filters",
        "sigma",
        "verdict"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281711&Signature=G81N%2BSvpl7rLMvDIGLovzSBK8YJzNBOTs7Ycfze1L%2BdFheZX%2BS6EbtlDx545BRgefMUoJSwn%2BdK4eRpYlyMGmHvkv2tw3apezXxBF5J95vedk3RlOzXgGUAvJvewt0RBBR9f9hiVn9CuYTHvY3Cf%2BVog32%2BRLrv8sMhZ%2FeqX0%2FhraP6leNtAta5iUv73pYWeMmdsQ7nX2EvTO7uUvGggX6TmnBhiHHd8E9uCsoPHCTP4i0",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281734&Signature=3FFHeC27RvCC9623M2f8xoSU4fl9LBd%2FvI%2F98rUNvmdceN4AZjjw77yTU0ApUTXU5FbdCpODVhKi0X4pqDz1pqEP%2FBRLq%2FNhgoRliai6LlD4yhdTtKNi4zrfCDG%2Bd4dRzD5y674IfEPynxGiFOWxc6wiCtl3rhwTPEqisyDqFbvnF57SxrcPoVSzVO3wEtxpCOIw8iAFXdW2zgnnYYbSrbaQBfghKLtFA6r2vP%2Bmrd33YSUiH%2Fe2EqBz",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281812&Signature=jttp%2BTn66O5EfEB%2FASdpjDONf%2BzydGtfIUy3AtwYz0ppPzVA88%2BzZ8LtzV0TDhkMiju4oLHr%2BauJnKYexqnF0MfNTXGKPfj3ux9oZ2%2Baqve%2B3xgapdwdz0N64RgWo3SBqCKFBOQmi57mqIy%2F8qgnAfdVX99BwF2BuRSYSbIjNW5NHjir1JrAAKwOHZFyNsKj99PImyug2FPpRnss8VrJvDyYdnaGLHIAbZMRl72V",
        "https://vtbehaviour.commondatastorage.googleapis.com/100a90c0ff019b19f0f2622cfa529d874f580b2ac6257d018e5eb9ab6d861f44_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281904&Signature=B9x8BUVCeldkVImU%2Bb%2B7d97Q9Y2suAJFE1HvxBCu6MQUOt52HrgAUTBIeXPKgNP0gKiqrr%2BwDvN7q637Ht6n5C9QhuTPI%2FhWTub0F22jsp8lU2Pvp2bS%2FlaSchLRN5gDngyPABgnaqYERICP8QQkwfaB9pY%2Bii1%2FAeel%2BIDGYwxPPfIcYevejNv2O%2F0J6qYRftrtXwa95pbsecrfOzH6bpF3AzHQrTLJAuZ%2B%2BykW",
        "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281954&Signature=Tythlx%2B0x7Dzf2SYvJDgwby2Ifinb7IbK5GTx%2ByqvqVc1r4cz7rhoVD3NZqUAgUpxSkIAsRAK5WV5tMXUGiiB6JWp8Y9YmaL7Zhb5NxMBcodk57r7XhYzEbDxYg%2Fh1ChwMliA5cBr%2BXbUcW4q2aA4xQeNE1XVNpalGtyHh8bsDTKgQG0Ch1gikPF%2BeKc2ANprXe6z%2FJBXtqJBxh6%2Bem6fGON6%2BpRP1%2BgmNg4%2FtFnlQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/bc3cc97398d5f56a4731085e8a385694f6ef1ab37243c6c00deed4a1335ced55_CAPE%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775281979&Signature=LrquDQAOc%2Bf90O7wkZ9lRNx5uIZopS4VL7qYn7UKkzTI19c7sNJWNdGeBPtnE%2FG4yxsv1tBxkoojr78E808e78vceGG2xskRT6tUTjtDo2c8JW%2FD9Mr5ZAVe8Cn%2BP%2BpCbBkZXbtaceCtVq0b9zVWx9YstN2ju69uofX50LbI%2FgmHh%2Bghta79DgdBrNmkcQEXDu7t%2FqSZSozfso9i%2BoSZdHXEfsU59hoc%2FhUSoPMEPGFU",
        "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282019&Signature=VwsuvdyY52E5jzftipHSNWVrwmO7YUwSQa9yHiMIgbsXcJDnDNcdELamMXjmvzDn%2FT6L5HguJFyj%2F4DHLmPfddzVphNAKCPvz3IRVae2piJ%2B8VWa2%2B98W3RjMft93LZhdNHwxeEYM8oJ%2FOjAjw%2FIicginJBUwlGeHX3kfTJieSEC7SYf6BkJ4UNfnF2pPQjiaAqG9mop%2FPKsB%2FF1K%2FrL7Rpsxwhl1rGglHYPM4%2BtJj6zDYx%2F",
        "https://vtbehaviour.commondatastorage.googleapis.com/fa8a59149604c73572bf92b42640de49faa7e8f16cd4bc18345d3e6a16378744_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282044&Signature=Y%2FEJZwm3h4tUuhn9%2FgO7QDcTnUoojZIDnoL%2FuGaoe0o5h%2FPUEiZpyFQLH9JfrvNN0h58UWlcJNCMxaSZl%2BZDvBDliVat0wDr0fE35mo0jGTK3uwa7DykFrjyI0NAVFlzkVSyxC0euM4lSJaw9PqyJGgLb4FfaztkzK7ZQYTIsGMYWSsCAKzatCObwK%2B8nqV63M9VXUeJy8ZQx7IwbttNffD6FQUaPbtCwlsywb%2Bu7NVqkFSG",
        "https://www.icloud.com/attachment/?u=https%3a%2f%2f%cvws.icloud-content.com",
        "https://vtbehaviour.commondatastorage.googleapis.com/ba49f65ef5d694311c535991812ee2fa8f0c639f4e053d136c1161b8b1bfaf8f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282803&Signature=CE28%2B8Orp96YBz3AWi4L4LJoj5B677T4lpyJl4VIG%2BN68qLtOorzpmY%2BdQgPcKJxqxcvmf3JmeA2zAZFyVdmEzznUnaiSY6xhbkbZ8nrReWLN9MBQZJuFd6by3aYlQoYFg2Bxu5d%2FLEAxWm4ljnJApBcv1csUNbJ8KxjkdXXAyPkiWPwMc4JDmXrnH5%2FXBQ7Tf1qxmze1lX2S5QvktDVUA3Bdn67nGtMvguY5EIl7tj1AezbuTFM",
        "https://vtbehaviour.commondatastorage.googleapis.com/68e1e958d101feb1044553d3e8ba341448a17d917e4b613cb05873814159ed40_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775282913&Signature=TKCWJVTu8VHNWLhsI%2BkIN06KJgV4R1%2F2oO9G3V2x%2Bdxi14E9JDPHosmNkN%2Fk02BRc0I8Yg4HJPmcxjdAvb8mTCZjA10bizFznZC3epwH0hmoxTVgryMxpD%2B7zTQqKIRpE9UGGC1WSu0CTJ3rI9dCyopLkmeiyJPVw%2BIuERp37p2MEwzwwIPRuYpB190GfOdCkGt6TuMjDG6cVa%2BxvJlEdoEw8US6W8WPaioxSu1KVCoKjwky",
        "https://vtbehaviour.commondatastorage.googleapis.com/ffe3319990984c10c84fc18f6c1d40b2c7ad44666ebc2b54368bd96327ec6abc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283093&Signature=GU02WhsC3g0ztmDdXDNuqx9T9POv8DnaMp7NQX%2B70%2FybCmZtbIpyPiUCOuYG5ZD1RY8bCIR9k%2F%2BGsKSwWLVUNNih3CgvqShoWsNfLKvtS%2BDRbmV6G4ohLWIP0xPHJOCA%2FWvnSdblJ%2FdibwXFCT851RdpfK3f6ph2EPHXIq%2FBwhSc28%2BJfFSMK%2B1toESpR7COi%2FUwpnMfcoSpcIMZudaaU8JrTvEVLgtJ%2FAgHjmfoXxvJlD",
        "https://vtbehaviour.commondatastorage.googleapis.com/02b1749e96b257099d5bafaeb1fc502442b4e064cca63fbcf4fc52af34b6435d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283154&Signature=m%2BGdulpws9rcUoJIzr45sR5qJdIxK89UYb6GUJL6p7n4mgYV69NJWbc3Jslcn117UKHnbSYYtRZSBRhviHhLuWsbhUG199mW8iGDiwaarp%2BbvmEIw6OXF2MgVIh%2FrJYr8slRZbUwjd9t8dMWwn%2FM5DNq6AzLyBqpznrBoVrvlibZuA9pWsHraA3P24WyEGUlbWN3NqLfmJ6gDeCKRfG7zhubGI%2Bb8Wl8GaBCodOtX2LlrA",
        "https://vtbehaviour.commondatastorage.googleapis.com/3e6e0898a7b1b297d2b9322f5f578b02e2fd5d5647dbeef6b9273cda383e1547_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775283189&Signature=PtLPpZoeHrLkYIaV2etyfYslOxR9PtxqmjNNDdMHoJjBUuweFaoOVGyfkf%2BUGEiGQCogCu7az%2B4btIJ3frL%2BEdzwNV7Ufeb24KQqbVUQrVITPGPCW42mMdsKdDoNQsqLooDqFsjxRGt2meZgP3F3roSTIWDEJPwr35bBBkdANOOdXZG1mg3O8JHm35%2BBQMkSxOiAxeftigjPK7On%2Fk%2FvMli1USxDUfi2eRlkRaL090nKenRXt3cz4FEBe8"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        },
        {
          "id": "T1064",
          "name": "Scripting",
          "display_name": "T1064 - Scripting"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1564",
          "name": "Hide Artifacts",
          "display_name": "T1564 - Hide Artifacts"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1046",
          "name": "Network Service Scanning",
          "display_name": "T1046 - Network Service Scanning"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 359,
        "email": 2,
        "hostname": 664,
        "URL": 794,
        "FileHash-SHA256": 827,
        "FileHash-MD5": 21,
        "FileHash-SHA1": 17,
        "IPv4": 187
      },
      "indicator_count": 2871,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "15 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d096edff67896dccb36a4d",
      "name": "VirusTotal report\n                    for index.html",
      "description": "The full name of the German domain registrar: COFFEEDESIGNCODE.com, or coffeedesign code, has been published.. and it is not yet known.",
      "modified": "2026-04-04T04:43:25.967000",
      "created": "2026-04-04T04:43:25.967000",
      "tags": [
        "date",
        "server",
        "registrar abuse",
        "registrant name",
        "expiration date",
        "registry domain",
        "registrar iana",
        "registrar url",
        "registrant city",
        "ag registrant",
        "thumbprint",
        "html document",
        "unicode text",
        "utf8 text",
        "title microsoft",
        "ms05019",
        "none",
        "docs",
        "betafred ms",
        "content tocrel",
        "conceptual",
        "performs dns",
        "https",
        "file type",
        "tls version",
        "mitre attack",
        "network info",
        "urls",
        "t1055 process",
        "layer protocol",
        "united",
        "phishing",
        "malicious",
        "next",
        "cache entry",
        "chrome cache",
        "entry",
        "extra info",
        "process",
        "nothing",
        "registry keys",
        "mutexes nothing",
        "data",
        "datacrashpad",
        "edge",
        "created",
        "parent pid",
        "full path",
        "command line",
        "status code",
        "ssl certificates",
        "tls certificates",
        "website security",
        "signtool",
        "sectigo",
        "microsoft",
        "signtool let",
        "web site",
        "rsasha256",
        "rsasha384",
        "rsasha512",
        "signcode",
        "ssl certificate",
        "logo",
        "sxa0",
        "object",
        "regexp",
        "null",
        "tdfunction",
        "ddfunction",
        "array",
        "string",
        "dfunction",
        "iana id",
        "contact phone",
        "dnssec",
        "domain status",
        "registrar whois",
        "registrar",
        "language",
        "html internet",
        "doctype",
        "learn",
        "seomatic og",
        "timestamp",
        "sectigo ssl",
        "sectigo og",
        "sectigohq og",
        "utf8",
        "crlf line",
        "text",
        "ipxw1920",
        "fwebp",
        "win32 exe",
        "pe32",
        "ms windows",
        "win16 ne",
        "icons library",
        "os2 executable",
        "generic windos",
        "executable",
        "pe64 compiler",
        "sha256",
        "pc bitmap",
        "windows bitmap",
        "bitmap",
        "zip archive",
        "text text",
        "ascii text",
        "has permission",
        "reads",
        "accesses",
        "found",
        "t1413 access",
        "sensitive data",
        "device logs",
        "persistence",
        "fraud",
        "cloud"
      ],
      "references": [
        "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855%0Ahttp://x1.c.lencr.org/%0Ahttp://c.pki.goog/r/r1.crl",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276100&Signature=NczLfuk5dyPFskbtz7UwIjCT2DzeU5uAQP%2FL%2BC5bjk7Ng%2FHccJbUFWcb%2FqpvZaJ%2BWg4tg6aaPKihJzwDyiF7UaJOwdX3172ddwGJAfggvgpJ68YtVBE1nyhHAoFO6KsLL73DjNj58e8Uhq6Bcx4nXa86FETCR%2FzzXDlLDXyQSxf%2FKhG8zuxEsss9vRDCF%2B3TJGvJ5EmQ5HwGvk2ex9wf6H1FrBxEyx6BH5i6txcC9vMG9SXQ6eYR2p",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276177&Signature=iO1RoMLTZsC3s7nBZ8wieXl6wwWrnnCqu%2F5pXBAa2Luk2wKtKTXUyyZEOOhqaCFNbUPjsIfY1v0KxEBxzkumSiDs3XXBs%2FYt49goHGNudddQOKcmLsjbT2GhALTnmmVvl79aLJaLwnMe9B7PkJpSTGuBrutOjF5VJ0yofcbM4XjQQlOIkc8WWi94WMVxXpWAjFK9D5zmoyn9G5w1TahDZjePP%2FfkKNpJe2OqRQ59iXyHcG1nvA%2FUIx",
        "http://timestamp.sectigo.com/",
        "https://www.google-analytics.com/analytics.js",
        "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277214&Signature=y3%2FkmodrmzpLTVDtkzYvlqSkUTQ8Tri%2FDiLIqIpCBmJ6%2Bwk5p%2FJDSAwE5V8Wdp0vWLWjfA4DvRyS%2FvmNV4kFOr422iVZH2Ap2evf8%2Bq2bp9CW%2BAuBCjgz9K329V4%2B%2B9duUsUhVBqZ%2BNKz%2Fj4z7ZDBI%2BjqPV8XjvTI7pXAfzknmFAfZU%2FjalCNigHCX%2FIOgymeTOfzSOLYLClpNTr%2BYle8VSI%2BHf9TgUWP2WgNF",
        "https://vtbehaviour.commondatastorage.googleapis.com/028e16744de653383b403efd4b755075deeb7d8ce264d7edd4615725e5b4c4c6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277967&Signature=oSvtx7eGCctItNKSDZN4tpJp11yn5QQjCHsLi45z7kUOa9nbuhPdVjh9gBKlXtNuGfXbpItYf6NFI%2B4pKCin266TJQP7FzDSnUzzziJTuqmZwxihDeoZ1RauqVOzGoAmrj9sG8nOYXqbOHNxQ3E6SugSzW3UFbyQJzfKt%2FsqsPsKAvl4su%2FlkWsqTHUR%2FT%2FLTTQV0ZXLwnrLv%2FdBA7DdsiE35g%2FPOiUdzJjkjhSILF%2BR"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1406",
          "name": "Obfuscated Files or Information",
          "display_name": "T1406 - Obfuscated Files or Information"
        },
        {
          "id": "T1409",
          "name": "Access Stored Application Data",
          "display_name": "T1409 - Access Stored Application Data"
        },
        {
          "id": "T1413",
          "name": "Access Sensitive Data in Device Logs",
          "display_name": "T1413 - Access Sensitive Data in Device Logs"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1424",
          "name": "Process Discovery",
          "display_name": "T1424 - Process Discovery"
        },
        {
          "id": "T1426",
          "name": "System Information Discovery",
          "display_name": "T1426 - System Information Discovery"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1430",
          "name": "Location Tracking",
          "display_name": "T1430 - Location Tracking"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 50,
        "email": 2,
        "hostname": 196,
        "FileHash-SHA1": 51,
        "URL": 234,
        "FileHash-MD5": 54,
        "FileHash-SHA256": 715,
        "IPv4": 32
      },
      "indicator_count": 1334,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "16 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "69d096edd596a1a9e9a0aa92",
      "name": "VirusTotal report\n                    for index.html",
      "description": "The full name of the German domain registrar: COFFEEDESIGNCODE.com, or coffeedesign code, has been published.. and it is not yet known.",
      "modified": "2026-04-04T04:43:25.258000",
      "created": "2026-04-04T04:43:25.258000",
      "tags": [
        "date",
        "server",
        "registrar abuse",
        "registrant name",
        "expiration date",
        "registry domain",
        "registrar iana",
        "registrar url",
        "registrant city",
        "ag registrant",
        "thumbprint",
        "html document",
        "unicode text",
        "utf8 text",
        "title microsoft",
        "ms05019",
        "none",
        "docs",
        "betafred ms",
        "content tocrel",
        "conceptual",
        "performs dns",
        "https",
        "file type",
        "tls version",
        "mitre attack",
        "network info",
        "urls",
        "t1055 process",
        "layer protocol",
        "united",
        "phishing",
        "malicious",
        "next",
        "cache entry",
        "chrome cache",
        "entry",
        "extra info",
        "process",
        "nothing",
        "registry keys",
        "mutexes nothing",
        "data",
        "datacrashpad",
        "edge",
        "created",
        "parent pid",
        "full path",
        "command line",
        "status code",
        "ssl certificates",
        "tls certificates",
        "website security",
        "signtool",
        "sectigo",
        "microsoft",
        "signtool let",
        "web site",
        "rsasha256",
        "rsasha384",
        "rsasha512",
        "signcode",
        "ssl certificate",
        "logo",
        "sxa0",
        "object",
        "regexp",
        "null",
        "tdfunction",
        "ddfunction",
        "array",
        "string",
        "dfunction",
        "iana id",
        "contact phone",
        "dnssec",
        "domain status",
        "registrar whois",
        "registrar",
        "language",
        "html internet",
        "doctype",
        "learn",
        "seomatic og",
        "timestamp",
        "sectigo ssl",
        "sectigo og",
        "sectigohq og",
        "utf8",
        "crlf line",
        "text",
        "ipxw1920",
        "fwebp",
        "win32 exe",
        "pe32",
        "ms windows",
        "win16 ne",
        "icons library",
        "os2 executable",
        "generic windos",
        "executable",
        "pe64 compiler",
        "sha256",
        "pc bitmap",
        "windows bitmap",
        "bitmap",
        "zip archive",
        "text text",
        "ascii text",
        "has permission",
        "reads",
        "accesses",
        "found",
        "t1413 access",
        "sensitive data",
        "device logs",
        "persistence",
        "fraud",
        "cloud"
      ],
      "references": [
        "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855%0Ahttp://x1.c.lencr.org/%0Ahttp://c.pki.goog/r/r1.crl",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276100&Signature=NczLfuk5dyPFskbtz7UwIjCT2DzeU5uAQP%2FL%2BC5bjk7Ng%2FHccJbUFWcb%2FqpvZaJ%2BWg4tg6aaPKihJzwDyiF7UaJOwdX3172ddwGJAfggvgpJ68YtVBE1nyhHAoFO6KsLL73DjNj58e8Uhq6Bcx4nXa86FETCR%2FzzXDlLDXyQSxf%2FKhG8zuxEsss9vRDCF%2B3TJGvJ5EmQ5HwGvk2ex9wf6H1FrBxEyx6BH5i6txcC9vMG9SXQ6eYR2p",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775276177&Signature=iO1RoMLTZsC3s7nBZ8wieXl6wwWrnnCqu%2F5pXBAa2Luk2wKtKTXUyyZEOOhqaCFNbUPjsIfY1v0KxEBxzkumSiDs3XXBs%2FYt49goHGNudddQOKcmLsjbT2GhALTnmmVvl79aLJaLwnMe9B7PkJpSTGuBrutOjF5VJ0yofcbM4XjQQlOIkc8WWi94WMVxXpWAjFK9D5zmoyn9G5w1TahDZjePP%2FfkKNpJe2OqRQ59iXyHcG1nvA%2FUIx",
        "http://timestamp.sectigo.com/",
        "https://www.google-analytics.com/analytics.js",
        "http://clients2.google.com/time/1/current?cup2key=8:JROu1MtiAi1ExACtDuYde399VG2TxRqflS_l7p_q0tU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
        "https://vtbehaviour.commondatastorage.googleapis.com/5a28f4a80025385ca11cce22b13e5eed52999965afbe16cccbc5e7165c7a0ac9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277214&Signature=y3%2FkmodrmzpLTVDtkzYvlqSkUTQ8Tri%2FDiLIqIpCBmJ6%2Bwk5p%2FJDSAwE5V8Wdp0vWLWjfA4DvRyS%2FvmNV4kFOr422iVZH2Ap2evf8%2Bq2bp9CW%2BAuBCjgz9K329V4%2B%2B9duUsUhVBqZ%2BNKz%2Fj4z7ZDBI%2BjqPV8XjvTI7pXAfzknmFAfZU%2FjalCNigHCX%2FIOgymeTOfzSOLYLClpNTr%2BYle8VSI%2BHf9TgUWP2WgNF",
        "https://vtbehaviour.commondatastorage.googleapis.com/028e16744de653383b403efd4b755075deeb7d8ce264d7edd4615725e5b4c4c6_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775277967&Signature=oSvtx7eGCctItNKSDZN4tpJp11yn5QQjCHsLi45z7kUOa9nbuhPdVjh9gBKlXtNuGfXbpItYf6NFI%2B4pKCin266TJQP7FzDSnUzzziJTuqmZwxihDeoZ1RauqVOzGoAmrj9sG8nOYXqbOHNxQ3E6SugSzW3UFbyQJzfKt%2FsqsPsKAvl4su%2FlkWsqTHUR%2FT%2FLTTQV0ZXLwnrLv%2FdBA7DdsiE35g%2FPOiUdzJjkjhSILF%2BR"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1070",
          "name": "Indicator Removal on Host",
          "display_name": "T1070 - Indicator Removal on Host"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1573",
          "name": "Encrypted Channel",
          "display_name": "T1573 - Encrypted Channel"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1406",
          "name": "Obfuscated Files or Information",
          "display_name": "T1406 - Obfuscated Files or Information"
        },
        {
          "id": "T1409",
          "name": "Access Stored Application Data",
          "display_name": "T1409 - Access Stored Application Data"
        },
        {
          "id": "T1413",
          "name": "Access Sensitive Data in Device Logs",
          "display_name": "T1413 - Access Sensitive Data in Device Logs"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1424",
          "name": "Process Discovery",
          "display_name": "T1424 - Process Discovery"
        },
        {
          "id": "T1426",
          "name": "System Information Discovery",
          "display_name": "T1426 - System Information Discovery"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1430",
          "name": "Location Tracking",
          "display_name": "T1430 - Location Tracking"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 1,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 50,
        "email": 2,
        "hostname": 196,
        "FileHash-SHA1": 51,
        "URL": 234,
        "FileHash-MD5": 54,
        "FileHash-SHA256": 715,
        "IPv4": 32
      },
      "indicator_count": 1334,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 48,
      "modified_text": "16 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    },
    {
      "id": "68ff6bf46f5d8662048ca7a1",
      "name": "symcd.com \u2022 Netify.ai",
      "description": "Seen in multiple attacks including CrowdStrike\nincident that was truly a breach found and reported prior to outage. SYCMD..com\nis consistently removed / deleted from pulses.\n\nI have nothing to say. OTX will pulse this let\u2019s see if anything happens..\n#rootkit? #ai #netify #malware #running_webserver #ottowa #elf #agent #malware #known #network_icmp #nolookup_communication\nantivm_generic_disk #dead host\n#dumped_buffer\n#network_cnc_http\n#network_http\n#allocates_rwx\n#av_detect_china_key #m\n[ELF:Agent-VW\\ [Trj]]\nIDS Detections :\n*GoBrut Service Bruter CnC Activity \n*GoBrut Service Bruter CnC Checkin \n*Generic.Go.Bruteforcer CnC Beacon\neval String.fromCharCode String Which May Be #malicious\nYara Detections:\ncompromised_site_redirector_fromcharcode\nfromCharCode | Yara Detections:\nKnownMaliciousObfuscationPattern\n[External IP Address Lookup via api .ip138 .com]\n[Win.Malware.Softcnapp-6932830-0]\nMultiple malware attack.",
      "modified": "2025-11-26T12:00:39.551000",
      "created": "2025-10-27T12:56:20.090000",
      "tags": [
        "present may",
        "present jun",
        "name servers",
        "united",
        "status",
        "present aug",
        "present oct",
        "present jul",
        "present mar",
        "present nov",
        "date",
        "digicert",
        "whois",
        "forums",
        "symantec",
        "comcast",
        "levelblue",
        "open threat",
        "pulse",
        "urls",
        "as13335",
        "info",
        "server",
        "domain status",
        "registrar abuse",
        "registrar",
        "dnssec",
        "domain name",
        "us registrant",
        "email",
        "contact email",
        "host name",
        "handle",
        "rdap database",
        "iana registrar",
        "present sep",
        "canada unknown",
        "moved",
        "ip address",
        "search",
        "title",
        "encrypt",
        "ubuntu",
        "linux x8664",
        "gobrut service",
        "bruter cnc",
        "entries",
        "show",
        "activity",
        "stca",
        "unknown",
        "malware",
        "copy",
        "next",
        "team",
        "script urls",
        "a domains",
        "passive dns",
        "gmt server",
        "content type",
        "body",
        "meta",
        "for privacy",
        "creation date",
        "name redacted",
        "expiration date",
        "servers",
        "hostname add",
        "pulse pulses",
        "13371",
        "qq v",
        "process32nextw",
        "regopenkeyexw",
        "medium",
        "langchinese",
        "get na",
        "rticon",
        "security",
        "high",
        "win32",
        "write",
        "dynamicloader",
        "checks",
        "alerts",
        "bios",
        "dynamic",
        "total",
        "read",
        "delete",
        "name strings",
        "south korea"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "Australia",
        "Canada",
        "Bulgaria",
        "Germany",
        "Netherlands"
      ],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1045",
          "name": "Software Packing",
          "display_name": "T1045 - Software Packing"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1060",
          "name": "Registry Run Keys / Startup Folder",
          "display_name": "T1060 - Registry Run Keys / Startup Folder"
        },
        {
          "id": "T1063",
          "name": "Security Software Discovery",
          "display_name": "T1063 - Security Software Discovery"
        },
        {
          "id": "T1119",
          "name": "Automated Collection",
          "display_name": "T1119 - Automated Collection"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 3,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Q.Vashti",
        "id": "337942",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 3301,
        "email": 9,
        "hostname": 1202,
        "FileHash-SHA256": 1967,
        "domain": 1885,
        "FileHash-MD5": 153,
        "FileHash-SHA1": 151,
        "CVE": 1,
        "SSLCertFingerprint": 82,
        "FilePath": 1
      },
      "indicator_count": 8752,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 140,
      "modified_text": "144 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "URL",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "https://track.hubspot.com",
    "type": "URL"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "https://track.hubspot.com",
    "type": "URL",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1776663865.3387122
}