{ "type": "URL", "indicator": "https://transip.nl/cp/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://transip.nl/cp/", "type": "url", "type_title": "URL", "validation": [ { "source": "majestic", "message": "Whitelisted domain transip.nl", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4299474389, "indicator": "https://transip.nl/cp/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ede4900c0c36d508b00892", "name": "VirusTotal report for index.html tlp:green", "description": "[The following is the full text of the following:..woff2/akamai/clientlib-brand-base/resources/InstrumentSans-Variable-Latin-Italic] pdfkit[.net] = trans ip. Otx kept having server errors when trying to upload more comprehensive reports on this. Interference not by otx, suspect.", "modified": "2026-05-26T10:06:50.708000", "created": "2026-04-26T10:10:24.165000", "tags": [ "html internet", "html document", "unicode text", "utf8 text", "ascii text", "language", "https", "mitre attack", "network info", "processes extra", "transip", "performs dns", "t1055 process", "layer protocol", "overview", "overview zenbox", "title", "next", "meta", "link", "path", "doctype html", "ieedge", "bezet", "head", "body", "get url", "ip reputation", "divi child", "site kit", "google", "truetype", "woff", "user", "agent", "style", "original", "unknown", "has permission", "tls version", "file type", "loads", "urls", "persistence", "cloud", "malicious", "found", "dropped info", "zenbox android", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 554, "FileHash-MD5": 53, "FileHash-SHA1": 4, "URL": 561, "hostname": 275, "domain": 114 }, "indicator_count": 1561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-16T07:01:32.826000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 94, "FileHash-SHA1": 70, "FileHash-SHA256": 294, "domain": 50, "hostname": 410, "URL": 281, "CIDR": 1, "email": 3, "IPv4": 2 }, "indicator_count": 1205, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-08T06:44:52.553000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7 }, "indicator_count": 1704, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc0f45c9945c939e6406f2", "name": "The dates are odd lately, so Im going back in history.", "description": "[ at the key vulnerabilities in Fortinet FortiOS 6.0.7 and FortiProxy 2.2.3.4.9.. and the full list of vulnerabilities]\nCVE 2018 and its associated current malware dating mostly 2020-2024", "modified": "2026-05-07T05:26:18.669000", "created": "2026-05-07T04:04:21.095000", "tags": [ "targeted", "legal", "epss", "impact", "scan endpoints", "all msudosos", "pulse pulses", "files", "exploits", "cve overview", "media", "defense", "energy", "authentication" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 8, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "domain": 10, "URL": 64, "hostname": 23 }, "indicator_count": 126, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ec2d769862439b9fbe", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:36.375000", "created": "2026-05-07T04:37:00.866000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 47, "email": 1 }, "indicator_count": 1149, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ee1cf2fec4f744c156", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:02.134000", "created": "2026-05-07T04:37:02.134000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ec7fd623409a3982b2", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:00.680000", "created": "2026-05-07T04:37:00.680000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters.", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Wipes", "Apnic" ], "industries": [], "unique_indicators": 8103 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/transip.nl", "whois": "http://whois.domaintools.com/transip.nl", "domain": "transip.nl", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69ede4900c0c36d508b00892", "name": "VirusTotal report for index.html tlp:green", "description": "[The following is the full text of the following:..woff2/akamai/clientlib-brand-base/resources/InstrumentSans-Variable-Latin-Italic] pdfkit[.net] = trans ip. Otx kept having server errors when trying to upload more comprehensive reports on this. Interference not by otx, suspect.", "modified": "2026-05-26T10:06:50.708000", "created": "2026-04-26T10:10:24.165000", "tags": [ "html internet", "html document", "unicode text", "utf8 text", "ascii text", "language", "https", "mitre attack", "network info", "processes extra", "transip", "performs dns", "t1055 process", "layer protocol", "overview", "overview zenbox", "title", "next", "meta", "link", "path", "doctype html", "ieedge", "bezet", "head", "body", "get url", "ip reputation", "divi child", "site kit", "google", "truetype", "woff", "user", "agent", "style", "original", "unknown", "has permission", "tls version", "file type", "loads", "urls", "persistence", "cloud", "malicious", "found", "dropped info", "zenbox android", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 554, "FileHash-MD5": 53, "FileHash-SHA1": 4, "URL": 561, "hostname": 275, "domain": 114 }, "indicator_count": 1561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-16T07:01:32.826000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 94, "FileHash-SHA1": 70, "FileHash-SHA256": 294, "domain": 50, "hostname": 410, "URL": 281, "CIDR": 1, "email": 3, "IPv4": 2 }, "indicator_count": 1205, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-08T06:44:52.553000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7 }, "indicator_count": 1704, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc0f45c9945c939e6406f2", "name": "The dates are odd lately, so Im going back in history.", "description": "[ at the key vulnerabilities in Fortinet FortiOS 6.0.7 and FortiProxy 2.2.3.4.9.. and the full list of vulnerabilities]\nCVE 2018 and its associated current malware dating mostly 2020-2024", "modified": "2026-05-07T05:26:18.669000", "created": "2026-05-07T04:04:21.095000", "tags": [ "targeted", "legal", "epss", "impact", "scan endpoints", "all msudosos", "pulse pulses", "files", "exploits", "cve overview", "media", "defense", "energy", "authentication" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 8, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "domain": 10, "URL": 64, "hostname": 23 }, "indicator_count": 126, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ec2d769862439b9fbe", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:36.375000", "created": "2026-05-07T04:37:00.866000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 47, "email": 1 }, "indicator_count": 1149, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ee1cf2fec4f744c156", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:02.134000", "created": "2026-05-07T04:37:02.134000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69fc16ec7fd623409a3982b2", "name": "CAPE Sandbox - CAC-BLOCK44 - 216.107.138.162 'Datacamp'", "description": "[ full text of IANA-CIDR-BLock, the name given to a block on the net, has been published by the Internet Assigned Numbers Authority (APNIC] pretext. 800+ connections that have moved from VT on Refresh. This one I was able to sandbox. The first one that is no longer there was a spotify condrive. highlights the DRV installer, dating to Jan 15,2025. Pdfkit[.net] DRV version I have written about at length.", "modified": "2026-05-07T04:37:00.680000", "created": "2026-05-07T04:37:00.680000", "tags": [ "apnic", "iana", "iana web", "date", "internet", "parent pid", "full path", "command line", "files c", "devicerasacd c", "registry keys", "read files", "modified files", "settings read", "keys nothing", "drops pe", "pe file", "pe32", "ms windows", "found", "file type", "intel", "spawns", "creates", "window", "malicious", "code", "persistence", "phishing", "miner", "defense evasion", "next", "server", "cacblock44", "net21610712801", "ipxo llc", "il845", "net21610713601", "net216107138024", "net21610713801", "address range", "cidr", "network name", "allocation type", "whois server", "handle", "apnic whois", "database", "please", "arin whois", "north america", "caribbean", "africa", "analysis date", "win32 exe", "nvcontainer", "dosya klasr", "united", "cac-block44" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778127990&Signature=juBkVQLRUAcpV3F0HxZfnt9d%2Bg7bPLCUSVJeI43MQxda0Suv1G9OYQjsG8Cp0h%2F7aNgbQkkpbcnGE6YBOAtbcw8u44jv6DrpLVFR01Q8rKKAhLAw8r5Bl9QIcS6%2F%2FxFlBhqvsBbEnxJqHbI3lvfHymEgYHSfpSduh63E5h55Dmd9DxKaaOu5Xo8AsR9Q3Kbn2Xl%2Flsyt6YeakFhL37TBmDLoJMzseRa1QjWE%2BdyPIxvp6JiGBm", "https://vtbehaviour.commondatastorage.googleapis.com/1eed4d0238b82b2e324d7d111c5c1d73ebe6245932530779ba17000d935a1dcf_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778128024&Signature=gmdTh4HdtQiM8x8q0MGvrguSweTXZQieJBVP4J1PhKBEJGfTBHIvjf70jGQzFATJrPKHohftu2h77Mju%2FOECsYFwG6EpyNURMRQmAWdBuSeFcukzPuu%2BRcpPD8%2F8OlF9MmSvuZ9%2BJH0VytZEzn7barm2PIK%2F%2Fvi%2FAUNG93W%2FqjZI0cifFE%2FSxo%2F%2Ffd%2BGqHPECcrTMo8s5P99DChh5a75CMJadFVvZBtPrCNVezJ0PK3flE" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "APNIC", "display_name": "APNIC", "target": null } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 4, "URL": 193, "hostname": 110, "IPv4": 33, "FileHash-MD5": 112, "FileHash-SHA1": 112, "FileHash-SHA256": 537, "domain": 46, "email": 1 }, "indicator_count": 1148, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://transip.nl/cp/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://transip.nl/cp/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780248470.2727563 }