{ "type": "URL", "indicator": "https://www.google.com/favicon.ico", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.google.com/favicon.ico", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #1", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #3", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain google.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain google.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 2918435069, "indicator": "https://www.google.com/favicon.ico", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 13, "pulses": [ { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-16T07:01:32.826000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 94, "FileHash-SHA1": 70, "FileHash-SHA256": 294, "domain": 50, "hostname": 410, "URL": 281, "CIDR": 1, "email": 3, "IPv4": 2 }, "indicator_count": 1205, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d79c38e0a059039b475ebe", "name": "CAPE Sandbox", "description": "Email today from them on my line. Very wild things happening here. trying to close my line", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T12:31:52.495000", "tags": [ "html document", "unicode text", "utf8 text", "crlf", "lf line", "site", "meta", "verizon", "wireless", "internet", "phone services", "official", "shop verizon", "lte network", "get fios", "title", "code", "error", "utc na", "utc google", "tag manager", "gtmw2vn2cq", "utc dc9849921", "utc dc685973", "utc g12r1dx1lx7", "utc aw647962234", "utc aw2761768", "utc aw685973", "verizon business", "verizon for business", "verizon business account", "verizon business phone", "verizon wireless for business", "verizon business service", "verizon business plan", "business internet services", "learn", "gartner", "contact", "find", "discover", "support", "close log", "shop", "upgrade", "small", "voice", "chat", "mitre attack", "network info", "program", "html page", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "phishing", "next", "ver2", "msclkidn", "utc amazon", "analytics na", "utc bing", "vids1", "vids0", "gdlname" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 772, "hostname": 706, "domain": 875, "FileHash-SHA256": 2348, "FileHash-MD5": 2237, "FileHash-SHA1": 2260, "CVE": 1, "email": 9 }, "indicator_count": 9208, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f4d72c30f9586634b9", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:52.444000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 220, "FileHash-MD5": 562, "FileHash-SHA1": 566, "FileHash-SHA256": 1011, "URL": 125, "hostname": 139, "email": 4 }, "indicator_count": 2627, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f511d0121d253b753d", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:53.436000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 224, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 140, "hostname": 166, "email": 2, "CVE": 8 }, "indicator_count": 2220, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f6657dd0c212d8344a", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.060000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 217, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 118, "hostname": 133, "email": 2 }, "indicator_count": 2150, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f683111bbbe1c9ae35", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.775000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f6f81dc2388c0fa027", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.563000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-08T06:44:52.553000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7 }, "indicator_count": 1704, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4f2d9ce86a445b484593b", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:41.097000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4f2db0b3448671adcce16", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:43.156000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4f2dd828bbf0ac5efaa23", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:44.957000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69b95579bdc4ac1824b7ee95", "name": "VirusTotal report\n for program.exe", "description": "", "modified": "2026-04-16T13:37:13.951000", "created": "2026-03-17T13:22:01.672000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 101, "FileHash-SHA1": 101, "FileHash-SHA256": 114, "URL": 106, "domain": 23, "hostname": 66 }, "indicator_count": 511, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "45 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65cdb305b6cb145e2e61c72f", "name": "Ransomware | www.ransomed.vc | Apple | M.Brian Sabey \u2022 Gambinos", "description": "", "modified": "2024-03-16T06:00:54.635000", "created": "2024-02-15T06:45:25.122000", "tags": [ "k0pmbc", "ssl certificate", "whois record", "spsfsb", "zwdk9d", "vwdzfe", "contacted", "efq78c", "egw7od", "en3i8d", "august", "gate", "stop ransomware", "startpage", "execution", "redline stealer", "https", "hiddentear", "phishing", "gambinos pizza", "in the sauce brands inc", "food & drink", "ios apps", "app", "appstore", "app store", "iphone", "ipad", "ipod touch", "itouch", "itunes", "sauce brands", "in the", "food", "pizza", "gambinos", "requires", "apple store", "apple", "copyright", "hate", "green", "gambinospizza", "brian sabey", "tulach", "hallrender" ], "references": [ "https://www.gambinospizza.com", "ransomed.vc", "https://www.hallrender.com/attorney/brian-sabey/", "https://tulach.cc/", "appleid.cdn-apple.com" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "RedLine Stealer", "display_name": "RedLine Stealer", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 24, "FileHash-SHA1": 24, "FileHash-SHA256": 432, "domain": 154, "hostname": 168, "URL": 274 }, "indicator_count": 1076, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "806 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "appleid.cdn-apple.com", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://www.verizon.com/business/", "ransomed.vc", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://tulach.cc/", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD", "https://www.hallrender.com/attorney/brian-sabey/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N", "https://www.gambinospizza.com" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Redline stealer", "Ransomware" ], "industries": [], "unique_indicators": 6777 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/google.com", "whois": "http://whois.domaintools.com/google.com", "domain": "google.com", "hostname": "www.google.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 13, "pulses": [ { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-16T07:01:32.826000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 94, "FileHash-SHA1": 70, "FileHash-SHA256": 294, "domain": 50, "hostname": 410, "URL": 281, "CIDR": 1, "email": 3, "IPv4": 2 }, "indicator_count": 1205, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d79c38e0a059039b475ebe", "name": "CAPE Sandbox", "description": "Email today from them on my line. Very wild things happening here. trying to close my line", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T12:31:52.495000", "tags": [ "html document", "unicode text", "utf8 text", "crlf", "lf line", "site", "meta", "verizon", "wireless", "internet", "phone services", "official", "shop verizon", "lte network", "get fios", "title", "code", "error", "utc na", "utc google", "tag manager", "gtmw2vn2cq", "utc dc9849921", "utc dc685973", "utc g12r1dx1lx7", "utc aw647962234", "utc aw2761768", "utc aw685973", "verizon business", "verizon for business", "verizon business account", "verizon business phone", "verizon wireless for business", "verizon business service", "verizon business plan", "business internet services", "learn", "gartner", "contact", "find", "discover", "support", "close log", "shop", "upgrade", "small", "voice", "chat", "mitre attack", "network info", "program", "html page", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "phishing", "next", "ver2", "msclkidn", "utc amazon", "analytics na", "utc bing", "vids1", "vids0", "gdlname" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 772, "hostname": 706, "domain": 875, "FileHash-SHA256": 2348, "FileHash-MD5": 2237, "FileHash-SHA1": 2260, "CVE": 1, "email": 9 }, "indicator_count": 9208, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f4d72c30f9586634b9", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:52.444000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 220, "FileHash-MD5": 562, "FileHash-SHA1": 566, "FileHash-SHA256": 1011, "URL": 125, "hostname": 139, "email": 4 }, "indicator_count": 2627, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f511d0121d253b753d", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:53.436000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 224, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 140, "hostname": 166, "email": 2, "CVE": 8 }, "indicator_count": 2220, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f6657dd0c212d8344a", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.060000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 217, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 118, "hostname": 133, "email": 2 }, "indicator_count": 2150, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f683111bbbe1c9ae35", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.775000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d7a3f6f81dc2388c0fa027", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.563000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-08T06:44:52.553000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7 }, "indicator_count": 1704, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4f2d9ce86a445b484593b", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:41.097000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69d4f2db0b3448671adcce16", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:43.156000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.google.com/favicon.ico", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.google.com/favicon.ico", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780262104.5283623 }