{ "type": "URL", "indicator": "https://www.uncaic.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.uncaic.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 4310874039, "indicator": "https://www.uncaic.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "69ede4900c0c36d508b00892", "name": "VirusTotal report for index.html tlp:green", "description": "[The following is the full text of the following:..woff2/akamai/clientlib-brand-base/resources/InstrumentSans-Variable-Latin-Italic] pdfkit[.net] = trans ip. Otx kept having server errors when trying to upload more comprehensive reports on this. Interference not by otx, suspect.", "modified": "2026-05-26T10:06:50.708000", "created": "2026-04-26T10:10:24.165000", "tags": [ "html internet", "html document", "unicode text", "utf8 text", "ascii text", "language", "https", "mitre attack", "network info", "processes extra", "transip", "performs dns", "t1055 process", "layer protocol", "overview", "overview zenbox", "title", "next", "meta", "link", "path", "doctype html", "ieedge", "bezet", "head", "body", "get url", "ip reputation", "divi child", "site kit", "google", "truetype", "woff", "user", "agent", "style", "original", "unknown", "has permission", "tls version", "file type", "loads", "urls", "persistence", "cloud", "malicious", "found", "dropped info", "zenbox android", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 554, "FileHash-MD5": 53, "FileHash-SHA1": 4, "URL": 561, "hostname": 275, "domain": 114 }, "indicator_count": 1561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03cc521e13c5d6d34555d0", "name": "Judgement Day. VirusTotal report for index.html", "description": "[Apple.com has sent a series of \"fl flushMessages\" to its servers, but what exactly is the data and what is it going to get out of the system and how does it feel?]", "modified": "2026-05-15T10:22:00.139000", "created": "2026-05-13T00:56:50.182000", "tags": [ "darwin kernel", "version", "wed feb", "apfs4kobjs", "instagram", "mosaic", "free", "get http", "dns resolutions", "ip traffic", "pattern domains", "memory pattern", "urls https", "tls sni", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "performs dns", "https", "urls", "united", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "phishing", "defense evasion", "next", "default", "parent pid", "full path", "command line", "k netsvcs", "k localservice", "s w32time", "event provider", "device", "registry keys" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132, "FileHash-MD5": 43, "FileHash-SHA1": 6, "hostname": 364, "IPv4": 75, "URL": 574, "Mutex": 1, "FileHash-SHA256": 404 }, "indicator_count": 1599, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69fe42542016114edaeb", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-15T00:18:05.091000", "created": "2026-04-14T16:23:26.071000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 114, "hostname": 130, "domain": 43 }, "indicator_count": 481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d5a54cff2f8c80ba0b", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:45.821000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 109, "hostname": 130, "domain": 41 }, "indicator_count": 474, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d5c691473d692fac54", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:45.160000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 109, "hostname": 130, "domain": 41 }, "indicator_count": 474, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d60272ee6be0b6be75", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:46.679000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 111, "hostname": 130, "domain": 42 }, "indicator_count": 477, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d63c6bc7ab66605f86", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:46.502000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 110, "hostname": 130, "domain": 41 }, "indicator_count": 475, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d6c23c1920ae49419b", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:46.723000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 114, "hostname": 130, "domain": 44 }, "indicator_count": 482, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69e81ae5bd040f77c01f", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:23:04.494000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 114, "hostname": 130, "domain": 43 }, "indicator_count": 481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 3510 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/uncaic.com", "whois": "http://whois.domaintools.com/uncaic.com", "domain": "uncaic.com", "hostname": "www.uncaic.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "69ede4900c0c36d508b00892", "name": "VirusTotal report for index.html tlp:green", "description": "[The following is the full text of the following:..woff2/akamai/clientlib-brand-base/resources/InstrumentSans-Variable-Latin-Italic] pdfkit[.net] = trans ip. Otx kept having server errors when trying to upload more comprehensive reports on this. Interference not by otx, suspect.", "modified": "2026-05-26T10:06:50.708000", "created": "2026-04-26T10:10:24.165000", "tags": [ "html internet", "html document", "unicode text", "utf8 text", "ascii text", "language", "https", "mitre attack", "network info", "processes extra", "transip", "performs dns", "t1055 process", "layer protocol", "overview", "overview zenbox", "title", "next", "meta", "link", "path", "doctype html", "ieedge", "bezet", "head", "body", "get url", "ip reputation", "divi child", "site kit", "google", "truetype", "woff", "user", "agent", "style", "original", "unknown", "has permission", "tls version", "file type", "loads", "urls", "persistence", "cloud", "malicious", "found", "dropped info", "zenbox android", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 554, "FileHash-MD5": 53, "FileHash-SHA1": 4, "URL": 561, "hostname": 275, "domain": 114 }, "indicator_count": 1561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a03cc521e13c5d6d34555d0", "name": "Judgement Day. VirusTotal report for index.html", "description": "[Apple.com has sent a series of \"fl flushMessages\" to its servers, but what exactly is the data and what is it going to get out of the system and how does it feel?]", "modified": "2026-05-15T10:22:00.139000", "created": "2026-05-13T00:56:50.182000", "tags": [ "darwin kernel", "version", "wed feb", "apfs4kobjs", "instagram", "mosaic", "free", "get http", "dns resolutions", "ip traffic", "pattern domains", "memory pattern", "urls https", "tls sni", "algorithm", "key identifier", "x509v3 subject", "v3 serial", "number", "cus olet", "encrypt cnr13", "validity", "subject public", "key info", "performs dns", "https", "urls", "united", "mitre attack", "network info", "processes extra", "t1055 process", "layer protocol", "overview", "phishing", "defense evasion", "next", "default", "parent pid", "full path", "command line", "k netsvcs", "k localservice", "s w32time", "event provider", "device", "registry keys" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 132, "FileHash-MD5": 43, "FileHash-SHA1": 6, "hostname": 364, "IPv4": 75, "URL": 574, "Mutex": 1, "FileHash-SHA256": 404 }, "indicator_count": 1599, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69fe42542016114edaeb", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-15T00:18:05.091000", "created": "2026-04-14T16:23:26.071000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 114, "hostname": 130, "domain": 43 }, "indicator_count": 481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d5a54cff2f8c80ba0b", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:45.821000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 109, "hostname": 130, "domain": 41 }, "indicator_count": 474, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d5c691473d692fac54", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:45.160000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 109, "hostname": 130, "domain": 41 }, "indicator_count": 474, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d60272ee6be0b6be75", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:46.679000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 111, "hostname": 130, "domain": 42 }, "indicator_count": 477, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d63c6bc7ab66605f86", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:46.502000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 110, "hostname": 130, "domain": 41 }, "indicator_count": 475, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69d6c23c1920ae49419b", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:22:46.723000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 114, "hostname": 130, "domain": 44 }, "indicator_count": 482, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69de69e81ae5bd040f77c01f", "name": "VirusTotal report\n for document.html", "description": "A full report on malicious code found in an HTML file, compiled by Adobe, has been published by the University of California, San Francisco, at \u00c2\u00a31.5m (US$2.3m).", "modified": "2026-05-14T16:01:00.010000", "created": "2026-04-14T16:23:04.494000", "tags": [ "license", "performs dns", "mitre attack", "network info", "processes extra", "t1055 process", "overview", "overview zenbox", "verdict", "guest system", "phishing", "next", "script", "adobe", "apache license", "version", "unless", "as is", "basis", "any kind", "doctype html", "meta", "body", "pe file", "binary", "aslr", "ole file", "cname", "strong", "library", "accept", "cape sandbox", "pdb path", "name", "address virtual", "ip address", "shutdown", "pe32", "ms windows", "win16 ne", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "linker", "windows third", "party component", "valid from", "valid", "valid usage", "whql crypto", "code signing", "algorithm", "thumbprint", "serial number", "more" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183621&Signature=uQSwwOzpii%2FcKjaUt3UZ%2FKZ3C4DkSr3t5dURsz2pP4Es9CFMIWEz6oIAcURcfVri02K%2BedntrmLkvOs6c3g0yFcdgd9a82ARJF9jS5mDQGPXq9y54iiFvjgN98zNT%2BgoGoBF3IxeSAWO47BNwqYPY%2FzaVM0Pv14iXCBltAIH2Ss8R0OYrQytKcQLW48ggBvdA6fDl9x78WtpptMgs9Eu85KAN0wwHvtcrRpd1notnOQZYiYBk1qaAWD4HSrr", "https://vtbehaviour.commondatastorage.googleapis.com/d11869fdfbf4bd87085e351b24d2c0e2ba5813fa267b05d969d9d2e46685d113_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183658&Signature=tGjgj1F2qTBNB3zHOFjuVYbUuozwv%2FUH29aF5d5gmEhofNVf4N5DfD%2BmI9DjozB0MrJ96DeCjGEoPRo7i9Whr%2BThEkSnRgHkjV%2FPWe7tUL3zkNeuKXjs4bWH8BIxmdFyqGSy4cKx99ymtQAp%2F8AWxhqd15coMoLM31YqCpn8PnzvKtYQnIORJQjfhTUdyhha%2FmWvy7gaHGpZvJpaXiyF4IlYWdn9uYy%2FOSAR5Sh3f4F8fX3v", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183676&Signature=IqbnhkkWYeM6kbjfuoTYF2bD3VY52MzFCe5v2P6L5%2FvT66S4ZUFYI3vDp1VG9lGc%2BD%2FJ2J3U67VgV%2BLYeRFGqnQdkctuODu7CXIAc%2FhcLsIB1HWqR9qge57%2FDpdeQUbM%2BjuZ5TWqdfA%2Bqhc1jioTcgrPNBR3JE6M97q%2BxKrz4CUb3WIOfl1mIP91XjXy2cReTAKc%2FsLCnmEvrIFVXx%2BaFUCpCCMCRxF8QOMb67WRJ8hD0iaM", "https://vtbehaviour.commondatastorage.googleapis.com/000020331380e6110b5beba407728730579ebf170517913cc364e7dcb114187b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1776183694&Signature=ZUnl%2FqTfn6nD5eHS7RvwcH%2Fv5Vtm4wB5Yc0hpeinjJ4Mk3V9%2FRkc6%2BJNireFTPFGSOwaLYwemKQwQA0okh9hYBN5ncSDlB6OSnED3OnM3iZUQDEdLBwgYUEP3M%2Bsg0s2XOV36s1V20ivPLzQVUrRM7CkuEyCsyWm7CCJQGdJBRcsNfR1BsgAOtLpiC6WPKr4xFa5QUh6PSgoGNXSDtj1Mk6Gs9iyav6G%2FtZYVoM%2FBUfcGg8W" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 16, "FileHash-SHA1": 3, "FileHash-SHA256": 175, "URL": 114, "hostname": 130, "domain": 43 }, "indicator_count": 481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "16 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.uncaic.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.uncaic.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780235281.9927416 }