{ "type": "URL", "indicator": "https://www.opussiena.it/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.opussiena.it/", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4352130814, "indicator": "https://www.opussiena.it/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "6a0050a3b1d71cc50840286e", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-29T19:06:32.951000", "created": "2026-05-10T09:32:19.100000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 669, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 131, "IPv4": 285, "URL": 346, "domain": 286, "hostname": 274, "CIDR": 2, "email": 2 }, "indicator_count": 2119, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a164795207832b4331", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:06.849000", "created": "2026-05-10T09:32:17.372000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 773, "URI": 5, "FileHash-MD5": 200, "FileHash-SHA1": 197, "IPv4": 304, "URL": 461, "domain": 319, "hostname": 315, "CIDR": 8, "email": 9, "Mutex": 1, "CVE": 62 }, "indicator_count": 2654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a527cf92f4dfd0195b", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:00.258000", "created": "2026-05-10T09:32:21.717000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 666, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 131, "IPv4": 286, "URL": 346, "domain": 286, "hostname": 274, "CIDR": 2, "email": 2 }, "indicator_count": 2117, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a78094bfae20c7f947", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:39:59.516000", "created": "2026-05-10T09:32:23.727000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 666, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 137, "IPv4": 293, "URL": 350, "domain": 296, "hostname": 289, "CIDR": 2, "email": 2, "CVE": 4 }, "indicator_count": 2163, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 2536 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/opussiena.it", "whois": "http://whois.domaintools.com/opussiena.it", "domain": "opussiena.it", "hostname": "www.opussiena.it" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "6a0050a3b1d71cc50840286e", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-29T19:06:32.951000", "created": "2026-05-10T09:32:19.100000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 669, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 131, "IPv4": 285, "URL": 346, "domain": 286, "hostname": 274, "CIDR": 2, "email": 2 }, "indicator_count": 2119, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a164795207832b4331", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:06.849000", "created": "2026-05-10T09:32:17.372000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 773, "URI": 5, "FileHash-MD5": 200, "FileHash-SHA1": 197, "IPv4": 304, "URL": 461, "domain": 319, "hostname": 315, "CIDR": 8, "email": 9, "Mutex": 1, "CVE": 62 }, "indicator_count": 2654, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a527cf92f4dfd0195b", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:40:00.258000", "created": "2026-05-10T09:32:21.717000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 666, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 131, "IPv4": 286, "URL": 346, "domain": 286, "hostname": 274, "CIDR": 2, "email": 2 }, "indicator_count": 2117, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a0050a78094bfae20c7f947", "name": "*Dormant Destruction* VirusTotal report for index.html", "description": "This threat intelligence pulse tracks a long-dormant wiper, dating back to the early 2000s, which has persisted across multiple environments undetected. The malware features sophisticated, \"hidden\" destructive mechanisms capable of widespread data wiping. It appears to leverage administrative-level access, allowing it to move laterally and compromise systems extensively. Continued inaction regarding this infection chain poses a critical risk to data integrity. The ONLY way to fix this as it has taken over the root is by addressing the problem for what it actually is, the math and drops do not lie, deletion and new certs/exp certs will fail. The science is clear, the answer is foggy. Its best to see clearly.", "modified": "2026-05-12T06:39:59.516000", "created": "2026-05-10T09:32:23.727000", "tags": [ "mitre attack", "network info", "processes extra", "meta", "performs dns", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "defense evasion", "next", "system process", "sigma", "united", "federation", "file type", "yara", "creates", "pe32", "intel", "malicious", "persistence", "window", "default", "cname", "inprocserver32", "shell folders", "parent pid", "full path", "command line", "accept", "windows nt", "win64", "payload", "shutdown", "tofsee", "file size", "mwdb", "bazaar", "sha3384", "ssdeep", "win1", "acrongl integ", "adc4240758", "sha256", "back", "windows sandbox", "calls process", "kb body", "civicplus", "network admin", "net192", "net1920000", "icone2", "llc orgid", "houston", "suite e", "city", "ks postalcode", "orgtechhandle", "orgtechref", "houston address", "e city", "address range", "cidr", "network name", "type", "status", "whois server", "entity icone2", "handle", "algorithm", "key identifier", "x509v3 subject", "number", "issuer", "cus cnrapidssl", "rsa ca", "odigicert inc", "subject public", "key info", "thumbprint", "entity", "rdap database", "iana registrar", "host name", "links", "v3 serial", "cus olet", "encrypt cne8", "validity", "key algorithm", "ec oid", "value a", "please", "javascript", "ascii", "json", "openpgp secret", "extra info", "spawns", "layer protocol", "attack network", "allocated pa", "date", "ripe", "alphen", "rijn", "urls", "suricata ids", "smtp", "poland", "france", "germany", "canada", "japan", "slovakia", "toggle", "msie", "post", "wpaddetectedurl", "settingswpad", "wpaddhcp", "wpaddns", "dynamicloader", "static analysis", "first", "path", "enterprise", "service", "close", "zenbox android", "info", "pdf document", "adobe portable", "document format", "sha1", "bootkit", "loads" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/e1b97b7f87063caf2e7a8ae6c7ec834006eb3a3753f185415adbd3ab4d063662_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402037&Signature=YNxp5VCG9MJMmG%2F9SM0xFj86aE%2BDn4d%2BloEbjzGdWh57oS%2BoKZQuQ4QX6wuKgoTNgbG%2FJXPBfOce4rMNJK2biVU0MQNsEcn6Rvez7%2BPKxBDgTVfW5ZqYvEIC4%2BPIP5R7Wz5S9lD88AhsPMpRD5uNmWf8UCUEtZbDvU7gCQ55%2F9YjNz4oKzn%2B2zIIaq1ZfP2RPOZAJmU%2FryFIfChNBecPcHBhrVolEMxMMG9aDrJTiyT4dyIQ4M", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402076&Signature=CoPEm0rKM9zwB6jfYndZxnY5%2BHhs4eKx7qJL%2BE5nSaoEFD3ERDi7iaNDKE1KQxnCcmgEph04lJ80Ske0vRMKuUyMKplSXMUL%2BMze5w54QIipWo%2BIpHNq5nBajpvcTxzX9cvn4XFMEfOqwDud1H6YsOFGMotCi0%2Fqhuoq5GfohsdoBJtIDdIpnPyhaH%2BxNkWtB0pKkulsN1pBugmA8C9tjFan9P%2F%2BH3gzFI84nd8t6BWD%2BoecalP%", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402098&Signature=xdj6GkorlDc6S8s%2FMjlB%2BNQyXwa%2F1fpMkkOwWytsu1U3NwFTxbNfgkNR4Exa7frC11A9IyqmxX3rDIHw%2FZkYR%2Ba2IC16wTto%2BuFOj1KtZVJjsGwgG5HsGoJy8xfiNvBfMKxGZk0wuBG%2B0VlG%2Bp1dDWariTtLVxuneQjQUwiSWFqStKrdJjFHrfhqdSxggVR7Kq31S%2Bw0fbveIvONeGSv%2FULwQAZ4V%2Be0wea94lxz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402306&Signature=hf7TRgRfZ09UHHXoMh4kZC9nDUIFKmmOpbEGQL%2BRY%2BhxSyC%2F5C7YQCpHUlVYDnUyZ0YvtO5z2T%2FDZyUuzdmJGopuc8AzF%2FV8l2v3cboHR37ku0q9rSds5%2FuHStLQXakQki1S74aBixjHGRWwNse3XqlIxOXzaD2bMaMuLtxp2DJjycVxWnTWgG6IkLKxn17cY9GrfaVqdbkUOsPiPHhzJv4KD5Gu1wPjbRqkgfFIBCOOShM1M%2F%2F7Vz", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402360&Signature=QdukcaW5xWJAXHy7L5Wlrhp7Fbl5B7ruGInmUghMlbYS%2B58VlmR8pKCqWOru3Ayq%2BnCHEi7svEzUEZPH%2BTxVPOIz4QtVCb1%2FyyJBXuYJNrhX%2FljFo%2Bj%2Ftqgb%2F7PgRCo3UBr7cGbLq1%2FEzSBiwApZqUhcDGTIw9uFhxd1XZLcODEu%2BBWIQW1Bcaq6al%2BMVclyuNjGF08msv99Y5%2FsufmOaXETQ561NMUtg7Kf4Y", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402433&Signature=fzgApvZFpRqQQR%2FqOj4lIRpve9d%2FyvYl04itAdLoyMKXstzu2CT3KiOmR0Zp4euPLDwcqskfB1E8tMlbjB8jhJK8zxF0gmN1NZoL8H7rNi21bXimGf7obVucirIj63DjHLKtV6QVELZnTvfmviaEHkX2CDHVqArFgOaezhS7msZ273wDaQSWcJHNpo2%2F14v1YenlTvV2ynBHRfDaYamM0MsLpdmz%2BrfI5K2P%2BzE8SZyW%2FzGrfF", "https://vtbehaviour.commondatastorage.googleapis.com/242cf4ff8a4167353b01b7cfc7ecc5430c7ce4a385a3290c43dd28c016f03761_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402546&Signature=QcJ3mvV%2FEBhcZxMeAJUxKHP%2BPI28f7pnarMn9PpZrvsxLKxpRmkwXjvTZ7Om3GJ72ykfji6gfNpRgDYK2M5Ft44D72%2B3kjMqJuRZmObcTY47nG2d7OuUbNBYufoqyoBiIA5fdiiOVARm%2FULdQ4xMo6P5wUBttgRiwF6qTcnefajnbn8ULwKmwsG%2FkP6CjI4ZsID7VI9Qq%2Bo08eFIH15kLUfrA%2B9XRExHTGoheVAld%2BIBpqgAn%2FgV", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402679&Signature=tYgx%2Btx9Wo5u4OONyhm8h8HlC8ikfb1WagGKhy3grrUW6vFIL998hEF8Wpe7avm3ErO3WihRVaUQOsrOV%2Beag%2BqPh35di%2FAuTjcO96quMa54BzzpUbwLqc8Q3OSyFORzvewpEF2nYlGg865A1Vy5go4hxDKI709M1sYpKoV5FGB7ed%2Fa9z0beRBh0XlEIyPluTNf08ZGoATIA7rEsDrFHAWS%2BK72cMBe4e5LrJepBNWw0c4%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1c515f592472daa56b5dfb73f1cfb421177bccda1475a9f28ce329c97e17ee5a_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778402736&Signature=cMwy0s44mI2KEExAz3Mv0ahtxdPxHk2QnEYZMoIzkeHz6hkMLCxpY5PdTkUOhnhOccVmLlmhn5Wx87K7G5%2FSeOFVRnv9ov6fxkKV4KYqKR%2Bq6hBQ7yju1HSFlRUwnDt32CJlcx9ULx60AfFkXOjbc21UWy%2BUYe32SPTiCL5%2FTS8FrFsXNI8w6oIdKSaAoGo1cRrK1I3vAB%2BR93vbnHBYIDivvFAA3MYOYrQAUO8X3rHcUU", "https://vtbehaviour.commondatastorage.googleapis.com/25d9183d8c0958f0ddde370d964d9729aa40c9faef270c4a9bc4301a07a8ed37_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403579&Signature=AdxQo3GHHARKwoNS8r33uGWFGkXoZ71d5KmoiPTM4yephbPsZTXn%2Fb%2Fobup7NTbAQcceFe6Rx%2Bx8n9O7KKQoInOEewOENKdE7pnMJddLDxmAMPXDDYV%2Fhm5MkJLRljcyhU6lcX2ESSeND4A5g0qI5MY1QBoAFwJhRpC%2FSzDOxuZ8tdvV3SaOSXEj7XhJjNhnyrB4g3z2nyfkMo0xa8iigqKnzgq%2F%2B7tOpwvy6uB1S2", "https://vtbehaviour.commondatastorage.googleapis.com/3db1349cf555337f7e1bcfaea53710a33e1b3d088e12b0ab2b416cb1b43df7ee_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778403775&Signature=jSzPctxlS%2F0o4jpadvN%2BG4XQ69muJMHwIQZNulWuy1D5cGeaZqaL6bj2dP2Keh43XTfPBvmpE0l%2B%2FK%2BHsi%2FLbUvfQJB0Ow%2FoH9zplQpYc%2FQs7rxg7IPb%2BZA0uWqA2bccRt1JYYyXi%2BUvK5CsfeXr8DeAo3W6wHLwqwQfirNfrhBeO48dDsEJyUcFRn8NqorGiudjV8PBV1VK9rS%2BogLTZ7Wj1wMnBipbOgm6lOYX", "https://www.virustotal.com/gui/search?query=entity%3Adomain%20txt%3A%22v%3Dspf1%20include%3A_spf.tierra.net%20%7Eall%22", "https://vtbehaviour.commondatastorage.googleapis.com/e4aa1bc4332b59e6b635189e3225cc8544fb73582755d33ad1cee10e02be92a6_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404284&Signature=C8BgIjJ%2F31gsdkd94Wt%2B1LRHHkBHaDW7PqntQXRecjr%2Fa9idW6XwshKibZ00x%2B4s8pPhOifu5RP50H8NLe%2F4V3SIdajS3dQvkDP9UqmOJlOWBrC0r69zoaEGGEfkfQi1CEba4wvXfPM8y74L7ITDe3Yj6QCMLOnrTMRADc1e29KAc1aC5sKI%2Ba6tQWSaawZpoFXY8LPcZqFLtue1nh1Em7PyJXxcPqFIois%2Btfi7XdSXSGoMISk9F%2B", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404411&Signature=dDeNHkYz7S95CZY9qSQzDB9AfgnyHXFGIReDdaHaDiB5ZXNnbtM%2F410nKqbHWHWJ8Q8bbbEfQoAPf%2FecFgT6tD%2FDSosX0UvAii02cMO6IULYvtc3OppP9pf%2F2lRoJVo%2F%2FXUZ4%2FeW7%2F7LuofcP%2FEFFhmyJ%2BqaNSvA4vyaLkN04qrLrEeK6fgwrinWDCD9DJYx%2B6TbUZL%2Bdh1bd59v8P%2BN52%2FGgoeZd6m6I4%2FHErxr", "https://vtbehaviour.commondatastorage.googleapis.com/edd67d9681efbbb020648caad34b4ef8ad01ff4e80b54fb771dfa875fd9c85be_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404482&Signature=pzkjsdl%2FSRdVnXtKm74mqbETIgdy70CIbXyiOiFOEF0jkgthIekpKrvOpI2fDHbD5SfhqlkdAGCojl7fw86XmmyeItDqqiAG9dm%2FNUjZEwCKOgEtOEbtbqZq7XNJtBASf1%2BD8aCxIOuhSWuXfh8wLD5urtXfwjLRwIlElQblSTCgiI1CRaM5yXCzXkLMFCKc2cAlYl7qcxAcv5apZcyxWxszijCP3FHGduK7BA0PIoPX%2Fjs3bZs3Rto", "https://vtbehaviour.commondatastorage.googleapis.com/28371ee176b88da4266741c4e9f6786b41810ab8ab564aa5fb3de0c08d8f39b3_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778404622&Signature=X15DH2Rnn%2Fviy5Mx5jkaDvWzug5gYktkbXPA3dMrveSe0WEa3VYZtYI65kZU6q8MA50N76ZCKDY5M7HqhcLPRAsqUTGrvP231Dp1DVn0s0h7HPxFW4a%2BXdD96Xbx39ACwMYWVIZQC29BDFEhRj56BLif2KGyA20VlfKn0J8L0dbmnkgykOPnK70X5%2BRs0NQZ3olmkq%2BAMLwMkt3DcxhaEc6x78GH5eTgLoPKaBe2x8QvOYUrWxhy", "https://vtbehaviour.commondatastorage.googleapis.com/92130c8f1b6fc79dca5b103ac30bb118c92a9f877d6d5db67430b9dd40025d40_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405020&Signature=tTwKGyLIe8DNefa6LIf3AdycaRcbew94iXL6Zr%2BWMysNIuhtlIyEu4twuamne%2F5ijUNW0mo8fmhQ1VR8SsNpYxfE3Tk10WIfijvHyvcsfI6Yjj7syNsMDDbY5wRt22eShn0pJOnZ5gUbNPB74ucvYcq3DZCND9aJ%2FIq%2B71NVEcQHcCtZlsIcoutjIJh6mpzImo07ZZ5XcaiayiW4FpXkiaen%2BCn%2FaD1Yjb1%2FKFufmJ", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405119&Signature=zoh6wk%2BZ9Uohe5PZRAKPdhx9ruJ6BNx1cKG%2BFFPbD%2FQQJn3%2BgXv2%2F5JqX%2FT2zSw6LAkU%2FF%2Fzis%2FBUi2fyvifCnqG649sCld%2B1%2F%2BoJGdyAiGyaEp5aCn49BNYMeGLyi6gBjH1H%2FBldw7v2MAVOCEFX8A%2Bfx3T9j4Yay4lCVP2CRzUfPdJLNaJSvkU3wwfK%2FBJG9mDTyyuqQ%2B%2F0FPGRmvc4ZhYQHKh", "https://vtbehaviour.commondatastorage.googleapis.com/910c6d6b843dae92d9b13230244646f972dfbc3136b8455916c74e8d6da423ac_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778405312&Signature=aw4LTG90scEntjzrTn2oehQRQ2tyA8wKnsPgZzPJrOGU40FyGhgYV1GthrkNFo94u%2Fl9EaczgTtRWvIfeZW9JFU3mPAgAjE9FRonw9R8C9f5tN3mcg0SJUwG8NRDlzMOEvN2MjaY%2FuWLiTbz7xXWj9DyUrPzKGhkqw%2FAcv0B%2FWjesEVgf44XWE4mm95o%2B4x%2F5ZxZ2zEhXNSmJ0qL66Xpsq6Vl7cjbIkPNYp1%2BDZCQ7qObBP4" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 666, "URI": 3, "FileHash-MD5": 121, "FileHash-SHA1": 137, "IPv4": 293, "URL": 350, "domain": 296, "hostname": 289, "CIDR": 2, "email": 2, "CVE": 4 }, "indicator_count": 2163, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "19 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.opussiena.it/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.opussiena.it/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780226237.1854339 }