{ "type": "URL", "indicator": "https://www.thawte.com/repository0W", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.thawte.com/repository0W", "type": "url", "type_title": "URL", "validation": [ { "source": "akamai", "message": "Akamai rank: #882", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain thawte.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain thawte.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 2241372057, "indicator": "https://www.thawte.com/repository0W", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 10, "pulses": [ { "id": "69f3015173657943b5b74fbb", "name": "VirusTotal report\n for sample.rar", "description": "[guide to a new Windows tool called pnputil.exe, which detects suspicious drivers being installed via the command line, has been published by the Microsoft Research Institute (MSR]", "modified": "2026-05-30T07:10:11.175000", "created": "2026-04-30T07:14:25.796000", "tags": [ "driver install", "hai vaknin", "luxnobulishit", "avihay", "aloneliassaf", "austin songer", "austinsonger", "imageendswith", "sha256", "imphash" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 424, "FileHash-SHA1": 191, "FileHash-SHA256": 1571, "URL": 55, "domain": 14, "hostname": 116, "CVE": 2 }, "indicator_count": 2373, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de653101bee17699c7d1e8", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.690000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6531bfca82db8c335ebb", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.171000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 66, "FileHash-SHA1": 39, "FileHash-SHA256": 323, "URL": 126, "hostname": 255, "domain": 87 }, "indicator_count": 896, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6532d8458a36f68ce083", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:58.015000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a051c0938484a8a43d4084b", "name": "Clone by DorkingBeauty1 ['/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/\"] 2022-year", "description": "", "modified": "2026-05-14T00:49:13.494000", "created": "2026-05-14T00:49:13.494000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "62f27865570c2cb418127dd0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698054a372fb3461e21b616b", "name": "RelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption", "description": "Arrival Details: \nThis Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.\nInstallation: \nThis Adware adds the follows processes, Deletes files, Other System Modifications , It adds registry entries. || \n\nRelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption \n\u201cTypes of RelevantKnowledge Adware\u201d\nPUP.Optional.RelevantKnowledge is sometimes considered adware and by some even as spyware. MarketScore, formerly known as Netsetter, uses RelevantKnowledge to gather data about Internet usage. The data is sold for various goals. These include Internet development, commerce, economic analysis, market predictions, and page ranking in search results.PUP.Optional.RelevantKnowledge is adware that comes bundled with many freeware utilities.", "modified": "2026-03-04T06:02:39.413000", "created": "2026-02-02T07:39:15.479000", "tags": [ "dynamicloader", "oamazon", "cnamazon rsa", "mozilla", "write c", "united", "globalc", "win32", "iwin", "write", "encrypt", "malware", "file deletion", "relevant knowledge", "deletes files", "system modification", "registry", "adding", "process", "drops files", "drive by", "compromise", "g2 c", "legalcopyright", "productname", "thawte", "thawte code", "signing ca", "certification", "division cn", "primary root", "quietuninstallstring", "present jan", "unknown aaaa", "ip address", "unknown ns", "trojan", "title error", "ipv4 add", "urls", "reverse dns", "spyware", "united states", "servers", "hostname", "legal", "amazon", "awsdns", "amazon.com ,inc", "amazon legal", "crazyfrost", "brian sabey", "aaaa", "name servers", "ahmann related", "cloudfront", "read c", "medium", "memcommit", "entries", "high", "checks", "windows", "delete", "execution", "dock", "persistence", "capture", "next", "local", "show", "search", "officeoffice16", "virustotal api", "screenshots", "comments", "vendor finding", "notes clamav", "files matching", "number", "sample analysis", "copy", "hide samples", "ransomware", "nsis", "nullsoft", "teslacrypt" ], "references": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adware.win32.relevantknowledge.p", "File Description: iWin Games Downloader FileVersion: 1.0.3.0", "LegalCopyright\u00a9 iWin inc. ProductName: iWin Games ProductVersion 1.0.3.0", "Mutexes _!SHMSFTHISTORY!_", "Win.Ransomware.TeslaCrypt-9828161-0", "YARA Detections:: Nullsoft_NSIS \uffadNullsoftInst NullSoft" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Adware.RelevantKnowledge-9939891-0", "display_name": "Win.Adware.RelevantKnowledge-9939891-0", "target": null }, { "id": "Win.Ransomware.TeslaCrypt", "display_name": "Win.Ransomware.TeslaCrypt", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 32, "FileHash-SHA256": 106, "domain": 17, "hostname": 70, "SSLCertFingerprint": 12, "URL": 174, "email": 4 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "88 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709134e73d6efb17198811", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "", "modified": "2023-12-06T15:20:20.504000", "created": "2023-12-06T15:20:20.504000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA256": 976, "hostname": 203, "URL": 789, "domain": 17, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ff8e1cd2e25819001c6", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "", "modified": "2023-12-06T15:15:04.906000", "created": "2023-12-06T15:15:04.906000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "FileHash-MD5": 68, "CVE": 1, "domain": 22, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f27865570c2cb418127dd0", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "Cert Hell brought to you bt CN probably via M$", "modified": "2022-08-09T15:08:21.620000", "created": "2022-08-09T15:08:21.620000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1390 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bc6e8c81962fea1a414234", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "Boom_Beach-soft32epic99.exe\nCVE-2021-22941", "modified": "2022-07-29T00:00:24.010000", "created": "2022-06-29T15:23:56.541000", "tags": [ "ck id", "installer", "powershell", "media", "delphi", "february", "template", "april", "august", "launch", "install", "null", "blank", "green", "spool", "little", "team", "ip check", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "references": [ "http://checkip.dyndns.org/Gelir_idaresi_Baskanligi/gib.exe", "http://84.22.104.244/data.exe", "http://iphones5sg.name/data.exe", "http://comslibingmakk.asia/data.exe", "https://hybrid-analysis.com/sample/4681d0b707c72394d9951a96d1bbdd4749299437dd4d43e0c9e63fb7a84f9cd1/62bc6a0a3092241dc7209dd2", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "domain": 22, "CVE": 1, "FileHash-MD5": 68, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1402 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "Boom_Beach-soft32epic99.exe", "Cert Hell brought to you by CN", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "CVE-2021-22941", "http://comslibingmakk.asia/data.exe", "http://iphones5sg.name/data.exe", "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "LegalCopyright\u00a9 iWin inc. ProductName: iWin Games ProductVersion 1.0.3.0", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "http://checkip.dyndns.org/Gelir_idaresi_Baskanligi/gib.exe", "Win.Ransomware.TeslaCrypt-9828161-0", "https://hybrid-analysis.com/sample/4681d0b707c72394d9951a96d1bbdd4749299437dd4d43e0c9e63fb7a84f9cd1/62bc6a0a3092241dc7209dd2", "Mutexes _!SHMSFTHISTORY!_", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "File Description: iWin Games Downloader FileVersion: 1.0.3.0", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "http://84.22.104.244/data.exe", "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adware.win32.relevantknowledge.p", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M", "YARA Detections:: Nullsoft_NSIS \uffadNullsoftInst NullSoft" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Win.ransomware.teslacrypt", "Win.adware.relevantknowledge-9939891-0" ], "industries": [], "unique_indicators": 4724 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/thawte.com", "whois": "http://whois.domaintools.com/thawte.com", "domain": "thawte.com", "hostname": "www.thawte.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 10, "pulses": [ { "id": "69f3015173657943b5b74fbb", "name": "VirusTotal report\n for sample.rar", "description": "[guide to a new Windows tool called pnputil.exe, which detects suspicious drivers being installed via the command line, has been published by the Microsoft Research Institute (MSR]", "modified": "2026-05-30T07:10:11.175000", "created": "2026-04-30T07:14:25.796000", "tags": [ "driver install", "hai vaknin", "luxnobulishit", "avihay", "aloneliassaf", "austin songer", "austinsonger", "imageendswith", "sha256", "imphash" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 424, "FileHash-SHA1": 191, "FileHash-SHA256": 1571, "URL": 55, "domain": 14, "hostname": 116, "CVE": 2 }, "indicator_count": 2373, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de653101bee17699c7d1e8", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.690000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6531bfca82db8c335ebb", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:57.171000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 66, "FileHash-SHA1": 39, "FileHash-SHA256": 323, "URL": 126, "hostname": 255, "domain": 87 }, "indicator_count": 896, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de6532d8458a36f68ce083", "name": "CAPE Sandbox", "description": "A sample of Google updateSetup.exe has been found on a Windows operating system. \u00c2\u00a31.5m (US$2.4m) in the first half of the year.", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:02:58.015000", "tags": [ "parent pid", "full path", "command line", "sessionid", "files c", "registry keys", "mutexes globalg", "globalg", "commands", "read files", "pe file", "file type", "pe32", "ms windows", "intel", "found", "drops pe", "aslr", "ole file", "contains", "title", "installer", "template", "code", "persistence", "malicious", "next", "error", "google", "meta", "style", "sans", "woff2", "u0131", "u01520153", "u02bb02bc", "success", "deletefilew", "createfilew", "genericwrite", "readfile", "genericread", "regopenkeyexw", "programfilesdir", "shimcachemutex", "copyfileexw", "detail info", "behaviour", "processid", "threadid", "startaddress", "parameter", "offset", "socket", "filename", "window", "class", "shell", "find", "windows sandbox", "calls process", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "ultimate file", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182210&Signature=v%2Fh1wL%2BRqA6ODz%2BCtJphjW%2BDUpdO%2F68AGOQiHd%2Be57uK7rMu6S9s9l8R7XteebRHwmiQnBDXOOns7VLwWQ00hHcNwEmbQKruEeJXn%2F2RZMYnzuTEbBMt2RuB9%2FrCQMUMo55FqSuXeY%2FsydSKysRi%2F4yxX55NU5uLfx%2FhZQRtjTgQticy0YGUTCqqY3HzJd7A8bc1PNd%2Fb6mTJ2S5iod1uNc17yFnn2UDVXHCJV", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182405&Signature=ZMUm29yvOSEjo0LQQD1asxG2sdFlK5%2F4y2UHODrULP%2B6HqNNjMHfmfRv%2BVxnED4359E6L9MXV4n6tEBGdnia8EvQYzZQJ58Ros6%2F%2FfYr9WoRACqGslsG%2BHVMKGMGX62YA2UlrAH35OCDgUTwdGIHtpLgXfOd%2B46e6wzXuB1t8GANSgN4v5xv3S83gd7W14KQ2aD95Q0vZt%2F7Ue48%2B53m2JvkcBosiH2AxKaRxQIN%2BXz6cshh6p", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182430&Signature=dN0pX9yoqvCitnZXnkVEon6PzscVdKCHo9%2BUUZnv%2BJW5HH1B0IOfrsGiMX87NmcyM8XAqYVzFRNmrjIUnlP3rF5KPV0ZOtwlbL8mMIVCmrmQGuIPFB7QRfWpfjMPq41IbMb3yAdxVIpw5dEn%2BSrkIKgkCLVaDG0B69qjr%2FCR2ZNYpHIeR5Duwn%2BFgQxdFB2%2BwLQCyLAmPP5xsWgLCvmNM%2Fb1SoMUHKytZTY%2BPXKlThbjrh", "https://vtcuckoo.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182459&Signature=LC2D3TixRgdru1j51oquFRwzr%2BlKJQyHmkjrFbrD9AxRvZsqhwceRAcEEGhjpqbDfW%2BbsgyFvpG0re3VebM3vlaRaFk7nZYgSJVcbEdapmTOrCrzVGT4Ajtbfi0%2B0W4gjSG1fOa9RsxdcT0f%2FwscG2zKqSVZYOhNjlaCWjVWD65MvQpKbDqOdRhIgL5Bu6oG2MiYwAr2UWZECS53O8AHYr8UnWqzXy1DPzHyG9rl4xG8elXsHkFhuo4X9w%2BHyAnudZvoF4XgyBi", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182484&Signature=ZhGulxlaniGue38b6AlCfXFOolhEEd1LRl1zQL4iS7pgld1GcOA1rAFnLpPUfTa7QbYt2XYl%2B69trqlFhS56HAJodeHJl8hLN1ZSe2yD56hBs5FNe45OeTzGmGRCvB23eCa6%2BFf7lkBEMPU7P6T4BylmHDskYtaXGm8%2B4J65yK3h3rEBYG7%2FzfMCeIqLzMARAW%2BGN%2B9skhx5nFTl5z9mYcTJpsJWUVIM6gdkzdOt8rkSI4WTZU", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182551&Signature=pFmSgFS63F9nD5idScNlwrNQf0IwHGZXagtahm%2BCtBwvWshbJt7BHIwYHPaLKabmBSfvP4qNSVA9sCNWl6uMcrJDL6vNnebIQXG5N3C2UXzWC2GBLt6xa13F6jEnHnc8w7XgMnC2qixReqfUzmKH11llWvimieI7YNlY%2BWO91jTSdiqFyCnd95VovUDx2kK%2BF%2BM0clx89XmZRfU9PfWIReaDleGU%2Bho9t0vqCx0Fkz%2Fa", "https://vtbehaviour.commondatastorage.googleapis.com/264a5fc8205c3ca76d186e04238055427de9d189709bbc4b1844599d498d05d2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182568&Signature=oG3sKCviFlcMT0QiFuQ05ebZkwPVvz5I5HUTNiUwfN2ldGBghRVLc5N9lUiV%2F4Chnoqg2dtvRlBGdNJ9erW0jueVM%2FY6DerZ2%2BVfd4bJos9epiFLxlHY%2BIaL5pRHeWIfcZ%2FaTK%2BhCSACOVOCRPHlchcUIKNH2Qqwsk9qWywx3k%2BuYq9lkq6bHRqrSWRveTrqVd559kMHuKds6IWr3IHQ83cnniAy%2BrXs2PzbfQWr8YqSn1%2FvvDyM", "https://vtbehaviour.commondatastorage.googleapis.com/00002a21db1b687c9d78890d13e48ac1a96a9bf2a4c1b55423f4003ce96e7561_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776182603&Signature=P0yyclxoQLoZnvz37jWwZuw0aXUqKjhJmU3DLNGWvQc4OC6Xy1j%2FbtcEu%2BI9cYC3WKX6VyZKHliOMTv1yNar%2BVbIdYQ2PxzSYs7C8x4wcrhQ8Nq0FonreLyqkxdQ6BUO5WJ6vYVdHfY26X4wRftbfQYABiSyzCYAjcJm3X5xjQf9AN8iSukP8exig452BLXD3poZe3p5xx1HPXTohtMXnvUyJV7uM7EuFzFtWultkOCOwsTodS8HhJ4I%2BfMU1M" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 46, "FileHash-SHA1": 23, "FileHash-SHA256": 198, "URL": 94, "hostname": 107, "domain": 79 }, "indicator_count": 547, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a051c0938484a8a43d4084b", "name": "Clone by DorkingBeauty1 ['/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/\"] 2022-year", "description": "", "modified": "2026-05-14T00:49:13.494000", "created": "2026-05-14T00:49:13.494000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": "62f27865570c2cb418127dd0", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "17 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "698054a372fb3461e21b616b", "name": "RelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption", "description": "Arrival Details: \nThis Adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.\nInstallation: \nThis Adware adds the follows processes, Deletes files, Other System Modifications , It adds registry entries. || \n\nRelevantKnowledge Adware drops Malware including Ransomware TeslaCrypt | File deletion, system corruption \n\u201cTypes of RelevantKnowledge Adware\u201d\nPUP.Optional.RelevantKnowledge is sometimes considered adware and by some even as spyware. MarketScore, formerly known as Netsetter, uses RelevantKnowledge to gather data about Internet usage. The data is sold for various goals. These include Internet development, commerce, economic analysis, market predictions, and page ranking in search results.PUP.Optional.RelevantKnowledge is adware that comes bundled with many freeware utilities.", "modified": "2026-03-04T06:02:39.413000", "created": "2026-02-02T07:39:15.479000", "tags": [ "dynamicloader", "oamazon", "cnamazon rsa", "mozilla", "write c", "united", "globalc", "win32", "iwin", "write", "encrypt", "malware", "file deletion", "relevant knowledge", "deletes files", "system modification", "registry", "adding", "process", "drops files", "drive by", "compromise", "g2 c", "legalcopyright", "productname", "thawte", "thawte code", "signing ca", "certification", "division cn", "primary root", "quietuninstallstring", "present jan", "unknown aaaa", "ip address", "unknown ns", "trojan", "title error", "ipv4 add", "urls", "reverse dns", "spyware", "united states", "servers", "hostname", "legal", "amazon", "awsdns", "amazon.com ,inc", "amazon legal", "crazyfrost", "brian sabey", "aaaa", "name servers", "ahmann related", "cloudfront", "read c", "medium", "memcommit", "entries", "high", "checks", "windows", "delete", "execution", "dock", "persistence", "capture", "next", "local", "show", "search", "officeoffice16", "virustotal api", "screenshots", "comments", "vendor finding", "notes clamav", "files matching", "number", "sample analysis", "copy", "hide samples", "ransomware", "nsis", "nullsoft", "teslacrypt" ], "references": [ "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/adware.win32.relevantknowledge.p", "File Description: iWin Games Downloader FileVersion: 1.0.3.0", "LegalCopyright\u00a9 iWin inc. ProductName: iWin Games ProductVersion 1.0.3.0", "Mutexes _!SHMSFTHISTORY!_", "Win.Ransomware.TeslaCrypt-9828161-0", "YARA Detections:: Nullsoft_NSIS \uffadNullsoftInst NullSoft" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Adware.RelevantKnowledge-9939891-0", "display_name": "Win.Adware.RelevantKnowledge-9939891-0", "target": null }, { "id": "Win.Ransomware.TeslaCrypt", "display_name": "Win.Ransomware.TeslaCrypt", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1027.005", "name": "Indicator Removal from Tools", "display_name": "T1027.005 - Indicator Removal from Tools" }, { "id": "T1054", "name": "Indicator Blocking", "display_name": "T1054 - Indicator Blocking" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1143", "name": "Hidden Window", "display_name": "T1143 - Hidden Window" }, { "id": "T1158", "name": "Hidden Files and Directories", "display_name": "T1158 - Hidden Files and Directories" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 44, "FileHash-SHA1": 32, "FileHash-SHA256": 106, "domain": 17, "hostname": 70, "SSLCertFingerprint": 12, "URL": 174, "email": 4 }, "indicator_count": 459, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "88 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709134e73d6efb17198811", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "", "modified": "2023-12-06T15:20:20.504000", "created": "2023-12-06T15:20:20.504000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA256": 976, "hostname": 203, "URL": 789, "domain": 17, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65708ff8e1cd2e25819001c6", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "", "modified": "2023-12-06T15:15:04.906000", "created": "2023-12-06T15:15:04.906000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "FileHash-MD5": 68, "CVE": 1, "domain": 22, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "906 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62f27865570c2cb418127dd0", "name": "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg - 100/100", "description": "Cert Hell brought to you bt CN probably via M$", "modified": "2022-08-09T15:08:21.620000", "created": "2022-08-09T15:08:21.620000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "memoryfile scan", "ansi", "unicode", "pattern match", "runtime data", "beijing", "indicator", "cultureneutral", "baidu", "code signing", "kuaizip", "suspicious", "path", "error", "win64", "sogou", "hybrid", "close", "click", "class", "model", "stretch", "august", "general", "strings", "malicious", "/cdn.jsdelivr.net/gh/the1812/Malware-Patch@master/mwp.pkg" ], "references": [ "https://hybrid-analysis.com/sample/594a0fc97bdedb22ed46098ac0c136017a942d88a086f6573313565cff76f05e/62f1549a1218e0786f14f8f5", "Cert Hell brought to you by CN" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1200", "name": "Hardware Additions", "display_name": "T1200 - Hardware Additions" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 789, "hostname": 203, "domain": 17, "FileHash-SHA256": 976, "CVE": 4, "FileHash-MD5": 6, "FileHash-SHA1": 1 }, "indicator_count": 1996, "is_author": false, "is_subscribing": null, "subscriber_count": 395, "modified_text": "1390 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62bc6e8c81962fea1a414234", "name": "https://d1x9snl812q4nd.cloudfront.net/installer/com.supercell.boombeach/Boom_Beach-soft32epic99.exe", "description": "Boom_Beach-soft32epic99.exe\nCVE-2021-22941", "modified": "2022-07-29T00:00:24.010000", "created": "2022-06-29T15:23:56.541000", "tags": [ "ck id", "installer", "powershell", "media", "delphi", "february", "template", "april", "august", "launch", "install", "null", "blank", "green", "spool", "little", "team", "ip check", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "references": [ "http://checkip.dyndns.org/Gelir_idaresi_Baskanligi/gib.exe", "http://84.22.104.244/data.exe", "http://iphones5sg.name/data.exe", "http://comslibingmakk.asia/data.exe", "https://hybrid-analysis.com/sample/4681d0b707c72394d9951a96d1bbdd4749299437dd4d43e0c9e63fb7a84f9cd1/62bc6a0a3092241dc7209dd2", "Boom_Beach-soft32epic99.exe", "CVE-2021-22941" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "dorkingbeauty1", "id": "80137", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 132, "URL": 145, "hostname": 11, "domain": 22, "CVE": 1, "FileHash-MD5": 68, "FileHash-SHA1": 23, "SSLCertFingerprint": 2 }, "indicator_count": 404, "is_author": false, "is_subscribing": null, "subscriber_count": 393, "modified_text": "1402 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.thawte.com/repository0W", "type": "URL" }, "abuseipdb": null, "urlhaus": { "error": "Expecting value: line 1 column 1 (char 0)", "indicator": "https://www.thawte.com/repository0W", "type": "URL" }, "from_cache": true, "_cached_at": 1780234299.1436672 }