{ "type": "URL", "indicator": "https://www.cloudflare.com/abuseARIN", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.cloudflare.com/abuseARIN", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #465", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #268", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain cloudflare.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain cloudflare.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4313066828, "indicator": "https://www.cloudflare.com/abuseARIN", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "69f2e121bccc56769ea096e9", "name": "May4-May 5th&the timestamp that lived forever", "description": "ILOVEYOU", "modified": "2026-05-31T10:27:23.455000", "created": "2026-04-30T04:57:05.360000", "tags": [ "domain", "ip check", "http host", "contacted", "analysis date", "file score", "trojan", "public ip", "check external", "ip lookup", "virustotal" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 263, "FileHash-SHA1": 259, "FileHash-SHA256": 695, "hostname": 463, "domain": 291, "CVE": 5, "CIDR": 34, "URL": 536, "email": 62 }, "indicator_count": 2608, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e70462533707c15e72292", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T03:36:39.925000", "created": "2026-05-21T02:39:02.897000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 212, "FileHash-SHA1": 226, "FileHash-SHA256": 1512, "IPv4": 409, "URL": 880, "hostname": 1350, "domain": 378, "CIDR": 1, "email": 3, "Mutex": 3 }, "indicator_count": 4974, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e703e7c0457682c548691", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:54.394000", "created": "2026-05-21T02:38:54.394000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e703e6a884aeed75d9180", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:54.205000", "created": "2026-05-21T02:38:54.205000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e7033ee9e679939ba3294", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:43.726000", "created": "2026-05-21T02:38:43.726000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e702f7b1b513a66e1789e", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:39.508000", "created": "2026-05-21T02:38:39.508000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69dff4fbb4f7d05b46e99978", "name": ".net, ripe", "description": "<< full list of names, addresses and details has been released by Rpe.net, the site where the name and address of a group of users is set to be posted on its website.>>", "modified": "2026-05-15T20:36:25.046000", "created": "2026-04-15T20:28:43.400000", "tags": [ "handle", "address range", "cidr", "network name", "allocation type", "assigned pa", "status", "whois server", "plaza", "street", "marbella", "bella vista", "panama city", "panama phone", "ripe", "filtered person", "alina gatsaniuk", "cloudflare", "entity cloud14" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 2, "URL": 117, "hostname": 42, "FileHash-SHA256": 376, "domain": 8, "email": 8, "FileHash-MD5": 24, "FileHash-SHA1": 24 }, "indicator_count": 601, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a164795207832b4331", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:06.849000", "created": "2026-05-10T09:32:17.372000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 773, "URI": 5, "FileHash-MD5": 200, "FileHash-SHA1": 197, "IPv4": 304, "URL": 461, "domain": 319, "hostname": 315, "CIDR": 8, "email": 9, "Mutex": 1, "CVE": 62 }, "indicator_count": 2654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e01b6fb3a0564fe8a9a976", "name": "104.18.35.94 (104.16.0.0/14) AS 13335 ( Cloudflare, Inc. )", "description": "Communicating files and passive dns. Research.", "modified": "2026-04-16T00:00:50.998000", "created": "2026-04-15T23:12:47.466000", "tags": [ "cloudflare", "net104", "net1040000", "cloud14", "geofeed", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "handle", "address range", "cidr", "network name", "type", "status", "whois server", "entity cloud14", "postalcode" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 92, "CIDR": 1, "URL": 16, "hostname": 950, "FileHash-MD5": 26, "FileHash-SHA1": 17, "domain": 134, "email": 3 }, "indicator_count": 1239, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ", "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters.", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Wipes" ], "industries": [], "unique_indicators": 10726 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/cloudflare.com", "whois": "http://whois.domaintools.com/cloudflare.com", "domain": "cloudflare.com", "hostname": "www.cloudflare.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "69f2e121bccc56769ea096e9", "name": "May4-May 5th&the timestamp that lived forever", "description": "ILOVEYOU", "modified": "2026-05-31T10:27:23.455000", "created": "2026-04-30T04:57:05.360000", "tags": [ "domain", "ip check", "http host", "contacted", "analysis date", "file score", "trojan", "public ip", "check external", "ip lookup", "virustotal" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 263, "FileHash-SHA1": 259, "FileHash-SHA256": 695, "hostname": 463, "domain": 291, "CVE": 5, "CIDR": 34, "URL": 536, "email": 62 }, "indicator_count": 2608, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "17 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e70462533707c15e72292", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T03:36:39.925000", "created": "2026-05-21T02:39:02.897000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 212, "FileHash-SHA1": 226, "FileHash-SHA256": 1512, "IPv4": 409, "URL": 880, "hostname": 1350, "domain": 378, "CIDR": 1, "email": 3, "Mutex": 3 }, "indicator_count": 4974, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e703e7c0457682c548691", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:54.394000", "created": "2026-05-21T02:38:54.394000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e703e6a884aeed75d9180", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:54.205000", "created": "2026-05-21T02:38:54.205000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e7033ee9e679939ba3294", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:43.726000", "created": "2026-05-21T02:38:43.726000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0e702f7b1b513a66e1789e", "name": "snake logger darkbot CAPE Sandbox", "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST", "modified": "2026-05-21T02:38:39.508000", "created": "2026-05-21T02:38:39.508000", "tags": [ "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "file type", "strong", "crc32", "sha1", "library", "accept", "date", "mainexe", "body", "shutdown", "guard", "title", "lockfile", "pxff pxff", "qxff qxff", "rxff rxff", "vxff vxff", "x8bxe5", "sx8b", "px8be px8be", "xf7xd8 xf7xd8", "pxe8 pxe8", "wx8b", "done", "pass", "chat", "handle", "cloudflare", "whois server", "entity cloud14", "net104", "net1040000", "cloud14", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "postalcode", "pe file", "mitre attack", "network info", "sample", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "malicious", "darkbot", "next", "script", "meta", "virustotal", "style", "noscript", "vtuishell", "function", "base", "iframe", "persist", "full", "android sandbox", "europemadrid", "current object", "has permission", "accesses", "dropped info", "zenbox android", "guest system", "persistence" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv", "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc", "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na", "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t", "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1202", "name": "Indirect Command Execution", "display_name": "T1202 - Indirect Command Execution" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 163, "FileHash-SHA1": 98, "FileHash-SHA256": 884, "IPv4": 48, "URL": 150, "hostname": 170, "domain": 96, "CIDR": 1, "email": 3 }, "indicator_count": 1613, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69dff4fbb4f7d05b46e99978", "name": ".net, ripe", "description": "<< full list of names, addresses and details has been released by Rpe.net, the site where the name and address of a group of users is set to be posted on its website.>>", "modified": "2026-05-15T20:36:25.046000", "created": "2026-04-15T20:28:43.400000", "tags": [ "handle", "address range", "cidr", "network name", "allocation type", "assigned pa", "status", "whois server", "plaza", "street", "marbella", "bella vista", "panama city", "panama phone", "ripe", "filtered person", "alina gatsaniuk", "cloudflare", "entity cloud14" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CIDR": 2, "URL": 117, "hostname": 42, "FileHash-SHA256": 376, "domain": 8, "email": 8, "FileHash-MD5": 24, "FileHash-SHA1": 24 }, "indicator_count": 601, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a164795207832b4331", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:06.849000", "created": "2026-05-10T09:32:17.372000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 773, "URI": 5, "FileHash-MD5": 200, "FileHash-SHA1": 197, "IPv4": 304, "URL": 461, "domain": 319, "hostname": 315, "CIDR": 8, "email": 9, "Mutex": 1, "CVE": 62 }, "indicator_count": 2654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69e01b6fb3a0564fe8a9a976", "name": "104.18.35.94 (104.16.0.0/14) AS 13335 ( Cloudflare, Inc. )", "description": "Communicating files and passive dns. Research.", "modified": "2026-04-16T00:00:50.998000", "created": "2026-04-15T23:12:47.466000", "tags": [ "cloudflare", "net104", "net1040000", "cloud14", "geofeed", "cloud14 address", "townsend street", "city", "san francisco", "stateprov", "handle", "address range", "cidr", "network name", "type", "status", "whois server", "entity cloud14", "postalcode" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 92, "CIDR": 1, "URL": 16, "hostname": 950, "FileHash-MD5": 26, "FileHash-SHA1": 17, "domain": 134, "email": 3 }, "indicator_count": 1239, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "46 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.cloudflare.com/abuseARIN", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.cloudflare.com/abuseARIN", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780286200.2712054 }