{ "type": "URL", "indicator": "https://uupdump.net/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://uupdump.net/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4263585652, "indicator": "https://uupdump.net/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69d3843cba399db62eeae702", "name": "CAPE Sandbox - Stalking", "description": "A full report on the latest Android operating system: PK.3.4.5.1 (c) on 1 January, 2026, to be published by the Google Research Institute (GRI).", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:00:28.397000", "tags": [ "renewed", "8gbram", "windows10", "19inlcdmonitor", "desktop pc", "package", "intel core", "hard drive", "dvdrw", "wifi", "title", "blink", "date", "meta", "elite", "body", "https", "mitre attack", "network info", "tls version", "united", "overview", "zenbox android", "verdict", "guest system", "ultimate file", "fraud", "cloud", "next", "program", "processes extra", "overview zenbox", "info file", "file type", "default", "parent pid", "full path", "command line", "registry keys", "commands c", "k dcomlaunch", "files c", "devicecng c", "read registry" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469608&Signature=fK1I2%2FxXVm0l3ZiELwtstes8iVN402Ww%2By%2BgvxYOB0LiC2iO3J9cedWJk1hMIr4IfLSGKprfui8vANzR%2BkWfSd594S%2FFe9A59YKyOA2MFmQTBRXVy6O3xF1e1lPETp5Md%2FbGJCOzrZxdHyReyuk7cgdDDBAewptjJhfTYxql7F9X%2FB4qe9BYWPrvned2fFWfU%2F4G%2F4UBqY9Jj%2BG1CTP%2FaGqOdWFs0Q5cPYZ4bytp", "https://vtbehaviour.commondatastorage.googleapis.com/6c39ae0368703f254070a0648c0066115140c3e762d9bf5b52833a037a1e3743_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469752&Signature=Df%2Bamm33qFPdsDg6nWC5FQjse7h4fksSXqONp4nMEItb0gpBwqx66TqcCnFzQplUk6ExMge79qNZR2OElv63sX54D4fSGwI9nvHYhQoiVdZIgf4ct8dIAr%2BYO9jSx0WpPUVFsvf%2FXtXvm6jM5n5v7CGiyFRyAz8PES5g%2FcOlLt%2BDhsc8bhi%2FMU9mAkyyr5nFVPcTmUSHOTNXOeKDUlyRkQE6b9FEbFhUL1h3%2B%2FBVtysh", "https://vtbehaviour.commondatastorage.googleapis.com/5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469810&Signature=Mj5ODxCW7tD5UNn6P11Ta7F2cmDLSJuEB7JSLFg%2FERfANmnRR5L7XzDwXxI5G48vkQFx0%2FBMtjMLwWHn6ZHKlt13rfzkvoOu5fJ%2Fb5lMJqUp1rSQIG0JLL80QAnXyJf2W8pL7MvK97Tr4jsCIUfd8ezliJtV5SmahV6Q8lYu2KJUnANrHkA10RFrcT4O26Vk7gbDsuC7caDXC6U9KXTTB0cpC77%2FV7w86ftN2JPXx6oEHUvSj02qsvhKwKQvmM", "https://vtbehaviour.commondatastorage.googleapis.com/5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469831&Signature=ZlRZLvCaJ%2F9niupu9DFCvXvfgFpDEOsK%2FsH46CB2zEVUDjcQRNMDp9XXKKx0dekmHQbhl02yqygHPOA8Wty5duGtK216QCvKNkYpbpdOjN7xgAg3AsldciWbqeJr8N4I%2F1%2FPRSdVfB%2BNGaBJKxZG1RQkX206MSvX%2BeY%2FdeEYpq3NYdrPWlxdV0pa3yaqcMrf2s%2FCFSM%2FdO3xt5PKyXWG%2FDCNM5iiuXh8OT2ckhZhf%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 781, "FileHash-SHA1": 509, "FileHash-SHA256": 539, "URL": 387, "hostname": 361, "domain": 100, "CIDR": 1, "email": 1 }, "indicator_count": 2679, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d389d979acb0e20217e451", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:24:25.849000", "tags": [ "p2404", "strong", "sha256", "library", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "none rticon", "info", "path", "win32", "accept", "null", "activator", "false", "black", "powershell", "error", "team", "code", "date", "download", "stop", "green", "class", "void", "cheap", "shutdown", "impact", "guard", "tools", "comspec", "enterprise", "terminal", "music", "desktop", "crypt32", "lockfile", "write", "open", "stub", "delta", "title", "body", "project", "windows sandbox", "calls process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f65b955b42f6834de9bd8b084cdab903144a4ddaf38222a1408b4dda59fc3c25_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471046&Signature=m8P0sVa9IvW1ZUOv%2BlJipa01bT4c79dbjaPj0vJUplT1orO5ImM8ekzIM2p0n75b9OEnqifkI5qLdfWrbmw1MrpBdv2Hs%2FONRoVZLAcoIvGCFqtOm1ICKHXI7AQepGbQIIKcchoCtZCxiNmnqeLqW7rvtLrzc7vMo1bjRvzVK03X83b1Ap5vCgvQmNvbBgeaA9McOs4JBMiOjb2%2FtrBU0yB4aY1eKvhfKIsVis5sY90Ljch5h8umrIYl", "https://vtbehaviour.commondatastorage.googleapis.com/04debe133ee8e0c49579e2cc84b9ddae38a9ada8d5e64409055573f59f8b374d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471300&Signature=llYVmKPsFPumnoaQibMHdribcji6%2FleUI8SnqlNHmcEnMAkiee7AsqjLt4hAuJ2ohPNbUL3Pcp%2FdiSxG0ou5IxM59BKrDeFqeHfJga%2BFZPNwU9puoAbZeeNlEaDuk76OjORjSNUMwTg3Z%2Fqq5grDxUUbQ7tO6Yvc58%2FJ26Mbgh2DSdT8qT6wcBZD9RUcie7RY5wMC1TDAalZdS5wiqTw1I412KZa0Ka9Q8pN0jBXaionvI" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 151, "FileHash-SHA256": 121, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 596, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d389dab37e607e415f7304", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:24:26.731000", "tags": [ "p2404", "strong", "sha256", "library", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "none rticon", "info", "path", "win32", "accept", "null", "activator", "false", "black", "powershell", "error", "team", "code", "date", "download", "stop", "green", "class", "void", "cheap", "shutdown", "impact", "guard", "tools", "comspec", "enterprise", "terminal", "music", "desktop", "crypt32", "lockfile", "write", "open", "stub", "delta", "title", "body", "project", "windows sandbox", "calls process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f65b955b42f6834de9bd8b084cdab903144a4ddaf38222a1408b4dda59fc3c25_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471046&Signature=m8P0sVa9IvW1ZUOv%2BlJipa01bT4c79dbjaPj0vJUplT1orO5ImM8ekzIM2p0n75b9OEnqifkI5qLdfWrbmw1MrpBdv2Hs%2FONRoVZLAcoIvGCFqtOm1ICKHXI7AQepGbQIIKcchoCtZCxiNmnqeLqW7rvtLrzc7vMo1bjRvzVK03X83b1Ap5vCgvQmNvbBgeaA9McOs4JBMiOjb2%2FtrBU0yB4aY1eKvhfKIsVis5sY90Ljch5h8umrIYl", "https://vtbehaviour.commondatastorage.googleapis.com/04debe133ee8e0c49579e2cc84b9ddae38a9ada8d5e64409055573f59f8b374d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471300&Signature=llYVmKPsFPumnoaQibMHdribcji6%2FleUI8SnqlNHmcEnMAkiee7AsqjLt4hAuJ2ohPNbUL3Pcp%2FdiSxG0ou5IxM59BKrDeFqeHfJga%2BFZPNwU9puoAbZeeNlEaDuk76OjORjSNUMwTg3Z%2Fqq5grDxUUbQ7tO6Yvc58%2FJ26Mbgh2DSdT8qT6wcBZD9RUcie7RY5wMC1TDAalZdS5wiqTw1I412KZa0Ka9Q8pN0jBXaionvI" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 151, "FileHash-SHA256": 121, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 596, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d389db09844fda2dd3d26d", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:24:27.141000", "tags": [ "p2404", "strong", "sha256", "library", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "none rticon", "info", "path", "win32", "accept", "null", "activator", "false", "black", "powershell", "error", "team", "code", "date", "download", "stop", "green", "class", "void", "cheap", "shutdown", "impact", "guard", "tools", "comspec", "enterprise", "terminal", "music", "desktop", "crypt32", "lockfile", "write", "open", "stub", "delta", "title", "body", "project", "windows sandbox", "calls process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f65b955b42f6834de9bd8b084cdab903144a4ddaf38222a1408b4dda59fc3c25_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471046&Signature=m8P0sVa9IvW1ZUOv%2BlJipa01bT4c79dbjaPj0vJUplT1orO5ImM8ekzIM2p0n75b9OEnqifkI5qLdfWrbmw1MrpBdv2Hs%2FONRoVZLAcoIvGCFqtOm1ICKHXI7AQepGbQIIKcchoCtZCxiNmnqeLqW7rvtLrzc7vMo1bjRvzVK03X83b1Ap5vCgvQmNvbBgeaA9McOs4JBMiOjb2%2FtrBU0yB4aY1eKvhfKIsVis5sY90Ljch5h8umrIYl", "https://vtbehaviour.commondatastorage.googleapis.com/04debe133ee8e0c49579e2cc84b9ddae38a9ada8d5e64409055573f59f8b374d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471300&Signature=llYVmKPsFPumnoaQibMHdribcji6%2FleUI8SnqlNHmcEnMAkiee7AsqjLt4hAuJ2ohPNbUL3Pcp%2FdiSxG0ou5IxM59BKrDeFqeHfJga%2BFZPNwU9puoAbZeeNlEaDuk76OjORjSNUMwTg3Z%2Fqq5grDxUUbQ7tO6Yvc58%2FJ26Mbgh2DSdT8qT6wcBZD9RUcie7RY5wMC1TDAalZdS5wiqTw1I412KZa0Ka9Q8pN0jBXaionvI" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 151, "FileHash-SHA256": 121, "URL": 80, "domain": 17, "hostname": 59 }, "indicator_count": 600, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b4e828809a73c4baff9c5b", "name": "CAPE Sandbox terrible chain", "description": "", "modified": "2026-04-13T04:23:40.153000", "created": "2026-03-14T04:46:32.492000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b4e829e206f1e64d6fa31b", "name": "CAPE Sandbox terrible chain", "description": "", "modified": "2026-04-13T04:23:40.153000", "created": "2026-03-14T04:46:33.543000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b48ce44221764174cb6aab", "name": "CAPE Sandbox", "description": "", "modified": "2026-04-12T22:04:09.704000", "created": "2026-03-13T22:17:07.826000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b48ce57b26a7b8bb9222b8", "name": "CAPE Sandbox", "description": "", "modified": "2026-04-12T22:04:09.704000", "created": "2026-03-13T22:17:09.654000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c39ae0368703f254070a0648c0066115140c3e762d9bf5b52833a037a1e3743_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469752&Signature=Df%2Bamm33qFPdsDg6nWC5FQjse7h4fksSXqONp4nMEItb0gpBwqx66TqcCnFzQplUk6ExMge79qNZR2OElv63sX54D4fSGwI9nvHYhQoiVdZIgf4ct8dIAr%2BYO9jSx0WpPUVFsvf%2FXtXvm6jM5n5v7CGiyFRyAz8PES5g%2FcOlLt%2BDhsc8bhi%2FMU9mAkyyr5nFVPcTmUSHOTNXOeKDUlyRkQE6b9FEbFhUL1h3%2B%2FBVtysh", "https://vtbehaviour.commondatastorage.googleapis.com/5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469810&Signature=Mj5ODxCW7tD5UNn6P11Ta7F2cmDLSJuEB7JSLFg%2FERfANmnRR5L7XzDwXxI5G48vkQFx0%2FBMtjMLwWHn6ZHKlt13rfzkvoOu5fJ%2Fb5lMJqUp1rSQIG0JLL80QAnXyJf2W8pL7MvK97Tr4jsCIUfd8ezliJtV5SmahV6Q8lYu2KJUnANrHkA10RFrcT4O26Vk7gbDsuC7caDXC6U9KXTTB0cpC77%2FV7w86ftN2JPXx6oEHUvSj02qsvhKwKQvmM", "https://vtbehaviour.commondatastorage.googleapis.com/5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469831&Signature=ZlRZLvCaJ%2F9niupu9DFCvXvfgFpDEOsK%2FsH46CB2zEVUDjcQRNMDp9XXKKx0dekmHQbhl02yqygHPOA8Wty5duGtK216QCvKNkYpbpdOjN7xgAg3AsldciWbqeJr8N4I%2F1%2FPRSdVfB%2BNGaBJKxZG1RQkX206MSvX%2BeY%2FdeEYpq3NYdrPWlxdV0pa3yaqcMrf2s%2FCFSM%2FdO3xt5PKyXWG%2FDCNM5iiuXh8OT2ckhZhf%", "https://vtbehaviour.commondatastorage.googleapis.com/f65b955b42f6834de9bd8b084cdab903144a4ddaf38222a1408b4dda59fc3c25_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471046&Signature=m8P0sVa9IvW1ZUOv%2BlJipa01bT4c79dbjaPj0vJUplT1orO5ImM8ekzIM2p0n75b9OEnqifkI5qLdfWrbmw1MrpBdv2Hs%2FONRoVZLAcoIvGCFqtOm1ICKHXI7AQepGbQIIKcchoCtZCxiNmnqeLqW7rvtLrzc7vMo1bjRvzVK03X83b1Ap5vCgvQmNvbBgeaA9McOs4JBMiOjb2%2FtrBU0yB4aY1eKvhfKIsVis5sY90Ljch5h8umrIYl", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469608&Signature=fK1I2%2FxXVm0l3ZiELwtstes8iVN402Ww%2By%2BgvxYOB0LiC2iO3J9cedWJk1hMIr4IfLSGKprfui8vANzR%2BkWfSd594S%2FFe9A59YKyOA2MFmQTBRXVy6O3xF1e1lPETp5Md%2FbGJCOzrZxdHyReyuk7cgdDDBAewptjJhfTYxql7F9X%2FB4qe9BYWPrvned2fFWfU%2F4G%2F4UBqY9Jj%2BG1CTP%2FaGqOdWFs0Q5cPYZ4bytp", "https://vtbehaviour.commondatastorage.googleapis.com/04debe133ee8e0c49579e2cc84b9ddae38a9ada8d5e64409055573f59f8b374d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471300&Signature=llYVmKPsFPumnoaQibMHdribcji6%2FleUI8SnqlNHmcEnMAkiee7AsqjLt4hAuJ2ohPNbUL3Pcp%2FdiSxG0ou5IxM59BKrDeFqeHfJga%2BFZPNwU9puoAbZeeNlEaDuk76OjORjSNUMwTg3Z%2Fqq5grDxUUbQ7tO6Yvc58%2FJ26Mbgh2DSdT8qT6wcBZD9RUcie7RY5wMC1TDAalZdS5wiqTw1I412KZa0Ka9Q8pN0jBXaionvI" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 1364 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/uupdump.net", "whois": "http://whois.domaintools.com/uupdump.net", "domain": "uupdump.net", "hostname": "Unavailable" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69d3843cba399db62eeae702", "name": "CAPE Sandbox - Stalking", "description": "A full report on the latest Android operating system: PK.3.4.5.1 (c) on 1 January, 2026, to be published by the Google Research Institute (GRI).", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:00:28.397000", "tags": [ "renewed", "8gbram", "windows10", "19inlcdmonitor", "desktop pc", "package", "intel core", "hard drive", "dvdrw", "wifi", "title", "blink", "date", "meta", "elite", "body", "https", "mitre attack", "network info", "tls version", "united", "overview", "zenbox android", "verdict", "guest system", "ultimate file", "fraud", "cloud", "next", "program", "processes extra", "overview zenbox", "info file", "file type", "default", "parent pid", "full path", "command line", "registry keys", "commands c", "k dcomlaunch", "files c", "devicecng c", "read registry" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469608&Signature=fK1I2%2FxXVm0l3ZiELwtstes8iVN402Ww%2By%2BgvxYOB0LiC2iO3J9cedWJk1hMIr4IfLSGKprfui8vANzR%2BkWfSd594S%2FFe9A59YKyOA2MFmQTBRXVy6O3xF1e1lPETp5Md%2FbGJCOzrZxdHyReyuk7cgdDDBAewptjJhfTYxql7F9X%2FB4qe9BYWPrvned2fFWfU%2F4G%2F4UBqY9Jj%2BG1CTP%2FaGqOdWFs0Q5cPYZ4bytp", "https://vtbehaviour.commondatastorage.googleapis.com/6c39ae0368703f254070a0648c0066115140c3e762d9bf5b52833a037a1e3743_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469752&Signature=Df%2Bamm33qFPdsDg6nWC5FQjse7h4fksSXqONp4nMEItb0gpBwqx66TqcCnFzQplUk6ExMge79qNZR2OElv63sX54D4fSGwI9nvHYhQoiVdZIgf4ct8dIAr%2BYO9jSx0WpPUVFsvf%2FXtXvm6jM5n5v7CGiyFRyAz8PES5g%2FcOlLt%2BDhsc8bhi%2FMU9mAkyyr5nFVPcTmUSHOTNXOeKDUlyRkQE6b9FEbFhUL1h3%2B%2FBVtysh", "https://vtbehaviour.commondatastorage.googleapis.com/5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469810&Signature=Mj5ODxCW7tD5UNn6P11Ta7F2cmDLSJuEB7JSLFg%2FERfANmnRR5L7XzDwXxI5G48vkQFx0%2FBMtjMLwWHn6ZHKlt13rfzkvoOu5fJ%2Fb5lMJqUp1rSQIG0JLL80QAnXyJf2W8pL7MvK97Tr4jsCIUfd8ezliJtV5SmahV6Q8lYu2KJUnANrHkA10RFrcT4O26Vk7gbDsuC7caDXC6U9KXTTB0cpC77%2FV7w86ftN2JPXx6oEHUvSj02qsvhKwKQvmM", "https://vtbehaviour.commondatastorage.googleapis.com/5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775469831&Signature=ZlRZLvCaJ%2F9niupu9DFCvXvfgFpDEOsK%2FsH46CB2zEVUDjcQRNMDp9XXKKx0dekmHQbhl02yqygHPOA8Wty5duGtK216QCvKNkYpbpdOjN7xgAg3AsldciWbqeJr8N4I%2F1%2FPRSdVfB%2BNGaBJKxZG1RQkX206MSvX%2BeY%2FdeEYpq3NYdrPWlxdV0pa3yaqcMrf2s%2FCFSM%2FdO3xt5PKyXWG%2FDCNM5iiuXh8OT2ckhZhf%" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 781, "FileHash-SHA1": 509, "FileHash-SHA256": 539, "URL": 387, "hostname": 361, "domain": 100, "CIDR": 1, "email": 1 }, "indicator_count": 2679, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d389d979acb0e20217e451", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:24:25.849000", "tags": [ "p2404", "strong", "sha256", "library", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "none rticon", "info", "path", "win32", "accept", "null", "activator", "false", "black", "powershell", "error", "team", "code", "date", "download", "stop", "green", "class", "void", "cheap", "shutdown", "impact", "guard", "tools", "comspec", "enterprise", "terminal", "music", "desktop", "crypt32", "lockfile", "write", "open", "stub", "delta", "title", "body", "project", "windows sandbox", "calls process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f65b955b42f6834de9bd8b084cdab903144a4ddaf38222a1408b4dda59fc3c25_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471046&Signature=m8P0sVa9IvW1ZUOv%2BlJipa01bT4c79dbjaPj0vJUplT1orO5ImM8ekzIM2p0n75b9OEnqifkI5qLdfWrbmw1MrpBdv2Hs%2FONRoVZLAcoIvGCFqtOm1ICKHXI7AQepGbQIIKcchoCtZCxiNmnqeLqW7rvtLrzc7vMo1bjRvzVK03X83b1Ap5vCgvQmNvbBgeaA9McOs4JBMiOjb2%2FtrBU0yB4aY1eKvhfKIsVis5sY90Ljch5h8umrIYl", "https://vtbehaviour.commondatastorage.googleapis.com/04debe133ee8e0c49579e2cc84b9ddae38a9ada8d5e64409055573f59f8b374d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471300&Signature=llYVmKPsFPumnoaQibMHdribcji6%2FleUI8SnqlNHmcEnMAkiee7AsqjLt4hAuJ2ohPNbUL3Pcp%2FdiSxG0ou5IxM59BKrDeFqeHfJga%2BFZPNwU9puoAbZeeNlEaDuk76OjORjSNUMwTg3Z%2Fqq5grDxUUbQ7tO6Yvc58%2FJ26Mbgh2DSdT8qT6wcBZD9RUcie7RY5wMC1TDAalZdS5wiqTw1I412KZa0Ka9Q8pN0jBXaionvI" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 151, "FileHash-SHA256": 121, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 596, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d389dab37e607e415f7304", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:24:26.731000", "tags": [ "p2404", "strong", "sha256", "library", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "none rticon", "info", "path", "win32", "accept", "null", "activator", "false", "black", "powershell", "error", "team", "code", "date", "download", "stop", "green", "class", "void", "cheap", "shutdown", "impact", "guard", "tools", "comspec", "enterprise", "terminal", "music", "desktop", "crypt32", "lockfile", "write", "open", "stub", "delta", "title", "body", "project", "windows sandbox", "calls process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f65b955b42f6834de9bd8b084cdab903144a4ddaf38222a1408b4dda59fc3c25_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471046&Signature=m8P0sVa9IvW1ZUOv%2BlJipa01bT4c79dbjaPj0vJUplT1orO5ImM8ekzIM2p0n75b9OEnqifkI5qLdfWrbmw1MrpBdv2Hs%2FONRoVZLAcoIvGCFqtOm1ICKHXI7AQepGbQIIKcchoCtZCxiNmnqeLqW7rvtLrzc7vMo1bjRvzVK03X83b1Ap5vCgvQmNvbBgeaA9McOs4JBMiOjb2%2FtrBU0yB4aY1eKvhfKIsVis5sY90Ljch5h8umrIYl", "https://vtbehaviour.commondatastorage.googleapis.com/04debe133ee8e0c49579e2cc84b9ddae38a9ada8d5e64409055573f59f8b374d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471300&Signature=llYVmKPsFPumnoaQibMHdribcji6%2FleUI8SnqlNHmcEnMAkiee7AsqjLt4hAuJ2ohPNbUL3Pcp%2FdiSxG0ou5IxM59BKrDeFqeHfJga%2BFZPNwU9puoAbZeeNlEaDuk76OjORjSNUMwTg3Z%2Fqq5grDxUUbQ7tO6Yvc58%2FJ26Mbgh2DSdT8qT6wcBZD9RUcie7RY5wMC1TDAalZdS5wiqTw1I412KZa0Ka9Q8pN0jBXaionvI" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 151, "FileHash-SHA256": 121, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 596, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d389db09844fda2dd3d26d", "name": "CAPE Sandbox", "description": "", "modified": "2026-05-06T10:13:24.260000", "created": "2026-04-06T10:24:27.141000", "tags": [ "p2404", "strong", "sha256", "library", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "none rticon", "info", "path", "win32", "accept", "null", "activator", "false", "black", "powershell", "error", "team", "code", "date", "download", "stop", "green", "class", "void", "cheap", "shutdown", "impact", "guard", "tools", "comspec", "enterprise", "terminal", "music", "desktop", "crypt32", "lockfile", "write", "open", "stub", "delta", "title", "body", "project", "windows sandbox", "calls process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f65b955b42f6834de9bd8b084cdab903144a4ddaf38222a1408b4dda59fc3c25_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471046&Signature=m8P0sVa9IvW1ZUOv%2BlJipa01bT4c79dbjaPj0vJUplT1orO5ImM8ekzIM2p0n75b9OEnqifkI5qLdfWrbmw1MrpBdv2Hs%2FONRoVZLAcoIvGCFqtOm1ICKHXI7AQepGbQIIKcchoCtZCxiNmnqeLqW7rvtLrzc7vMo1bjRvzVK03X83b1Ap5vCgvQmNvbBgeaA9McOs4JBMiOjb2%2FtrBU0yB4aY1eKvhfKIsVis5sY90Ljch5h8umrIYl", "https://vtbehaviour.commondatastorage.googleapis.com/04debe133ee8e0c49579e2cc84b9ddae38a9ada8d5e64409055573f59f8b374d_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775471300&Signature=llYVmKPsFPumnoaQibMHdribcji6%2FleUI8SnqlNHmcEnMAkiee7AsqjLt4hAuJ2ohPNbUL3Pcp%2FdiSxG0ou5IxM59BKrDeFqeHfJga%2BFZPNwU9puoAbZeeNlEaDuk76OjORjSNUMwTg3Z%2Fqq5grDxUUbQ7tO6Yvc58%2FJ26Mbgh2DSdT8qT6wcBZD9RUcie7RY5wMC1TDAalZdS5wiqTw1I412KZa0Ka9Q8pN0jBXaionvI" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 172, "FileHash-SHA1": 151, "FileHash-SHA256": 121, "URL": 80, "domain": 17, "hostname": 59 }, "indicator_count": 600, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b4e828809a73c4baff9c5b", "name": "CAPE Sandbox terrible chain", "description": "", "modified": "2026-04-13T04:23:40.153000", "created": "2026-03-14T04:46:32.492000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b4e829e206f1e64d6fa31b", "name": "CAPE Sandbox terrible chain", "description": "", "modified": "2026-04-13T04:23:40.153000", "created": "2026-03-14T04:46:33.543000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b48ce44221764174cb6aab", "name": "CAPE Sandbox", "description": "", "modified": "2026-04-12T22:04:09.704000", "created": "2026-03-13T22:17:07.826000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b48ce57b26a7b8bb9222b8", "name": "CAPE Sandbox", "description": "", "modified": "2026-04-12T22:04:09.704000", "created": "2026-03-13T22:17:09.654000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 173, "FileHash-SHA1": 150, "FileHash-SHA256": 123, "URL": 78, "domain": 15, "hostname": 59 }, "indicator_count": 598, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "49 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://uupdump.net/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://uupdump.net/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780310501.3287566 }