{ "type": "URL", "indicator": "https://www.youtube.com/embed/", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.youtube.com/embed/", "type": "url", "type_title": "URL", "validation": [ { "source": "alexa", "message": "Alexa rank: #2", "name": "Listed on Alexa" }, { "source": "akamai", "message": "Akamai rank: #22", "name": "Akamai Popular Domain" }, { "source": "whitelist", "message": "Whitelisted domain youtube.com", "name": "Whitelisted domain" }, { "source": "majestic", "message": "Whitelisted domain youtube.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 2703383250, "indicator": "https://www.youtube.com/embed/", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 12, "pulses": [ { "id": "6a11810e7bc0d9d7652b4fcb", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:44:37.782000", "created": "2026-05-23T10:27:26.040000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 194, "FileHash-MD5": 63, "FileHash-SHA1": 65, "FileHash-SHA256": 456, "domain": 116, "hostname": 495, "URL": 862, "email": 1 }, "indicator_count": 2252, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1181104aab1e5b6484a6d2", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:34:56.494000", "created": "2026-05-23T10:27:28.048000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 70, "FileHash-MD5": 19, "FileHash-SHA1": 18, "FileHash-SHA256": 412, "domain": 96, "hostname": 409, "URL": 810, "email": 1 }, "indicator_count": 1835, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69770bdfbdd845a3d5cb2484", "name": "Drive-by Compromise | Rootkit installed on Apple Device", "description": "Drive-by Compromise | Rootkit installed on Apple Device | The devices in this example are obviously compromised. We tested a device another Apple device by viewing a Sprouts Farmers Market E-commerce website. The App crashed revealing the source of the issue. I admit that even though device is HEAVILY compromised by threat actors; it continued to preform.\nThis week the Apple devices have experienced a series of BLACK & PINK stutters One had the letter \u2018P\u2019. The most important part of the research is who & why someone targets victims of crime who are either deceased or catastrophically injured. One victims \u2018voice\u2019 has been captured and is now calling people she knew and creeping them out. \n\nAlso curious about the \u2018Hello\u2019 api lineages. Malware packed. Check-ins & Bot Network found.\n\n[OTX auto populated- Here is the full list of URLs from the 20th anniversary of the birth of Daylin Olson, who was born and raised in New York in the US, and who he is now.]\n\n#stop", "modified": "2026-02-25T06:02:12.072000", "created": "2026-01-26T06:38:23.334000", "tags": [ "url https", "url http", "netherlands", "france", "united", "canada", "spain", "ascii text", "pattern match", "mitre att", "ck id", "null", "refresh", "title", "span", "hybrid", "general", "local", "path", "strings", "error", "tools", "look", "verify", "restart", "meta", "form", "bad traffic", "et info", "tls handshake", "failure", "flag", "windir", "openurl c", "prefetch2", "analysis", "ck matrix", "href", "network traffic", "encrypt", "learn", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "ssl certificate", "initial access", "zerobits", "allocationtype", "protect", "programfiles", "processhandle", "commitsize", "viewsize", "regionsize", "viewsize d5000", "viewsize c9000", "phishing", "filehandle", "report uid", "handles modules", "files amsi", "streams", "path filehandle", "porthandle", "modules files", "amsi streams", "accept", "starfield", "onload", "root", "backdoor", "passive dns", "next associated", "gmt location", "ipv4 add", "urls", "files", "search", "domain address", "markmonitor", "name server", "se referen", "ntprotec", "data upload", "extraction", "country", "overview dns", "requests domain", "date", "contacted hosts", "ip address", "defense evasion", "found", "size", "mask", "enterprise", "trojanspy", "checkin", "gmt content", "vercel x", "twitter", "trojan", "malware", "for privacy", "servers", "domains ii", "record value", "ca issuers", "unknown aaaa", "status", "present jul", "moved", "present jan", "present oct", "present sep", "unknown ns", "present dec", "ipv4", "url analysis", "location united", "1.25.26", "q.vashti pulse", "cloud", "foundry", "process details", "formbook cnc", "cape", "autoit", "high", "formbook", "yara rule", "delete", "get na", "write", "unknown", "copy", "autoit error", "autoIt paused", "global", "div div", "script script", "h6 div", "p div", "registrar", "project", "showing", "emails", "name servers", "ids detec", "domain", "hostname", "hello", "spyware" ], "references": [ "https://hello.extendedstay.com/api/mailings/unsubscribe/PMRGSZBCHIYTGOBWGYYTOLBCN5ZGOIR2EI2DGYZVMQ3DMNZNGY3GEYZNGQ2GIMBNMEYGENBNGQZDMMZYGA3DGZRZGI4SELBCOZSXE43JN5XCEORCGQRCYITTNFTSEORCHAZEKSCRNZ3UWTKHLA4US2BWNFVWK2SKKNXHAZTBO5RGOY2FGFYUOTTGNRJHQ5RZFU4TAPJCPU", "NtProtectVirtualMemory@NTDLL.DLL", "66.33.60.130 command_and_control", "76.76.21.61 command_and_control", "IDS Detections Trojan.Generic.KDV.545753 Checkin", "https://communityinviter.com/apps/cloudfoundry/cloud-foundry", "http://cve.chainguard.dev", "http://partners.spycloud.com", "https://signin-pro-azure.crayon.com/signin-oidc", "Invalid IP (052.105.023.053)", "https://codesearch.criteois.com/opengrok/search?q=", "https://grok-chatbot.tapnetic.pro/$", "spywarewatchdog.org", "http://git.spywarewatchdog.org", "https://bot.dev.talos-systems.io/", "https://otx.alienvault.com/pulse/6976d6afd744c55bd596ed6e" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Dropper.Gh0stRAT-10028210-0", "display_name": "Win.Dropper.Gh0stRAT-10028210-0", "target": null }, { "id": "Backdoor:Win32/Kanav.A", "display_name": "Backdoor:Win32/Kanav.A", "target": "/malware/Backdoor:Win32/Kanav.A" }, { "id": "Win.Trojan.Upatre-3371", "display_name": "Win.Trojan.Upatre-3371", "target": null }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "Win.Trojan.Upatre-3371", "display_name": "Win.Trojan.Upatre-3371", "target": null }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "Win.Dropper.LokiBot-10010685-0", "display_name": "Win.Dropper.LokiBot-10010685-0", "target": null }, { "id": "Win.Packed.Dapato-10021645-0", "display_name": "Win.Packed.Dapato-10021645-0", "target": null }, { "id": "TrojanSpy:Win32/Nivdort.CW", "display_name": "TrojanSpy:Win32/Nivdort.CW", "target": "/malware/TrojanSpy:Win32/Nivdort.CW" }, { "id": "Win.Packed.Malwarex-9792170-0", "display_name": "Win.Packed.Malwarex-9792170-0", "target": null }, { "id": "Trojan:Win32/Glupteba.MT!MTB", "display_name": "Trojan:Win32/Glupteba.MT!MTB", "target": "/malware/Trojan:Win32/Glupteba.MT!MTB" }, { "id": "AutoIt", "display_name": "AutoIt", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1456", "name": "Drive-by Compromise", "display_name": "T1456 - Drive-by Compromise" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1568.002", "name": "Domain Generation Algorithms", "display_name": "T1568.002 - Domain Generation Algorithms" }, { "id": "T1116", "name": "Code Signing", "display_name": "T1116 - Code Signing" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1553.002", "name": "Code Signing", "display_name": "T1553.002 - Code Signing" }, { "id": "T1016.001", "name": "Internet Connection Discovery", "display_name": "T1016.001 - Internet Connection Discovery" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1583.004", "name": "Server", "display_name": "T1583.004 - Server" }, { "id": "T1078.004", "name": "Cloud Accounts", "display_name": "T1078.004 - Cloud Accounts" }, { "id": "T1584.003", "name": "Virtual Private Server", "display_name": "T1584.003 - Virtual Private Server" } ], "industries": [ "Ecommerce", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6777, "domain": 907, "hostname": 2070, "FileHash-SHA256": 1120, "FileHash-MD5": 202, "FileHash-SHA1": 184, "SSLCertFingerprint": 23, "email": 4 }, "indicator_count": 11287, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "95 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657099cf5e89b0e746c45d1a", "name": "bad header p3p csv from 2020 - basically some shady youtube shit and torrents \ud83d\udc81", "description": "", "modified": "2023-12-06T15:57:03.643000", "created": "2023-12-06T15:57:03.643000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 123, "hostname": 72, "domain": 56, "URL": 2513, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2766, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709180cc164d76aeb361cf", "name": "Michigan.gov ~ Tis the season to HACK elections", "description": "", "modified": "2023-12-06T15:21:36.435000", "created": "2023-12-06T15:21:36.435000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1530, "hostname": 501, "domain": 169, "URL": 1060, "CIDR": 3, "FileHash-MD5": 129 }, "indicator_count": 3392, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64482a3f2b107b380abdc5f7", "name": "bad header p3p csv from 2020 - basically some shady youtube shit and torrents \ud83d\udc81", "description": "File upload: https://otx.alienvault.com/indicator/file/6b383976427a4a9e932ac6516af5a6198d4f6828f63beac882107596203903b8", "modified": "2023-04-25T20:09:10.655000", "created": "2023-04-25T19:30:07.973000", "tags": [ "united", "america", "privacy", "netherlands", "meppel", "viet nam", "vnpt corp", "array", "tuyen quang", "hanoi", "https://otx.alienvault.com/indicator/file/6b383976427a4a9e932ac6" ], "references": [ "p3p-policy-commonto.1000klist.pulsedive_1605829585.csv", "https://otx.alienvault.com/indicator/file/6b383976427a4a9e932ac6516af5a6198d4f6828f63beac882107596203903b8", "youtube torrents" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3788, "hostname": 125, "domain": 66, "FileHash-SHA256": 306, "IPv4": 13, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 4300, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "630030f2cdba6cf05bdcd070", "name": "Michigan.gov ~ Tis the season to HACK elections", "description": "", "modified": "2022-09-18T00:03:55.814000", "created": "2022-08-20T00:55:14.285000", "tags": [ "Ransomware" ], "references": [ "michigan.gov.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Ransom:Win32/Wannaren.A", "display_name": "Ransom:Win32/Wannaren.A", "target": "/malware/Ransom:Win32/Wannaren.A" } ], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 501, "domain": 169, "URL": 1061, "FileHash-SHA256": 1530, "CIDR": 3, "FileHash-MD5": 129 }, "indicator_count": 3393, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1351 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6266c416c4598fa139868c64", "name": "\u05de\u05e9\u05e8\u05d3 \u05e4\u05e8\u05e1\u05d5\u05dd \u05d5\u05d1\u05e0\u05d9\u05d9\u05ea \u05d0\u05ea\u05e8\u05d9\u05dd | TOPWEB - \u05d8\u05d5\u05e4 \u05d5\u05d5\u05d1- \u05d4\u05d5\u05e4\u05db\u05d9\u05dd \u05e2\u05e1\u05e7\u05d9\u05dd \u05dc\u05de\u05d5\u05ea\u05d2\u05d9\u05dd \u05d1\u05d3\u05d9\u05d2\u05d9\u05d8\u05dc", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T15:53:58.206000", "tags": [ "init", "803911410135716", "pageview", "date", "datalayer", "gtmnqnvc6k", "copyright", "closure library", "facebook", "google", "linkedin", "reddit", "tumblr", "digg", "stumbleupon", "telegram", "whatsapp", "email", "kfunction", "u05deu05dcu05d0", "aw363516812", "error", "promise", "inull", "webfontconfig", "webfont", "gc", "number", "string", "uint8array", "regexp", "xhfunction", "yhfunction", "host", "path", "code", "topweb", "top web", "beyond", "forex", "hackeru", "one stop", "shop", "bgroup", "typesubmit", "datasecret", "shape", "html", "span", "false", "scrl", "haschildren", "zoomindown", "show hide", "dark", "checkbox", "back", "light", "typeof e", "formdata", "typeof symbol", "customevent", "post", "refill", "wpcf7", "wpcf7locale", "wpcf7unittag", "reflect", "math", "array", "object", "typeerror", "symbol", "function", "null", "title", "body", "click", "lecount", "count", "typeof define", "typeof t", "this", "close", "twitter", "open", "next", "blank", "xpercent0", "failure", "xpercent50", "essential grid", "blackberry", "author", "themepunch", "android", "typeof module", "tweenlite", "version", "onull", "updates and", "tools", "linear", "ticker", "bounce", "alpha", "fancybox", "plugin", "janis skarnelis", "100n", "right", "bottom", "left", "html tags", "ox20trnf", "dom element", "class", "attr", "pseudo", "child", "js foundation", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c" ], "references": [ "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "https://topweb.co.il/", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1158, "FileHash-SHA256": 671, "hostname": 304, "domain": 329, "email": 2 }, "indicator_count": 2464, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628bc74f5b92614c08d99f88", "name": "Update Agent - Dinan.", "description": "", "modified": "2022-05-23T17:41:35.234000", "created": "2022-05-23T17:41:35.234000", "tags": [ "dinan", "performance", "update agent", "help center", "products", "lubricants", "engine hardware", "exhaust", "dinan dealer", "dealer login", "mini", "contact", "agent", "download", "alpha", "verdana", "arial", "opacity35", "copyright", "foundation", "opacity0", "opacity70", "opacity80", "hubspot script", "loader", "closure library", "number", "string", "regexp", "uint8array", "date", "fnumber", "aw1027984682", "xdfunction", "code", "null", "error", "activexobject", "xmlhttprequest", "android", "worker", "installtrigger", "ccon", "false", "error occured", "body", "please", "shippingphone", "event", "item", "shippingaddress", "billingphone", "promise", "click", "window", "this", "close", "model", "drop", "main", "facebook", "form", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "open", "express", "spinner", "copy", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "0x4b3a", "error message", "signifydglobal", "0x1c7d", "current order", "x0x4b3a", "gtmpkdjjpc", "host", "path", "adfunction" ], "references": [ "https://www.googletagmanager.com/gtm.js?id=GTM-PKDJJPC", "https://cdn-scripts.signifyd.com/api/script-tag.js", "https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js", "https://www.dinancars.com/assets/js/combine/min/v1653077793/e88cd3e3db8ab2b910e50cf4deb60529f/default;jquery-ui.min;js.cookie;util;nav;cart;accountfunctions;jquery.activity-indicator-1.0.0.min;drawer_plugin;floating_label_gen;jquery.autoellipsis-1.0.10;fresco;fresco-custom;isotope_imagesloaded.min;promo_autoplus_helpers;slick.min;widgets;jquery.custom-carousel;waterfall_helpers/", "https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=7632E9E9-DE48-41D8-9BAC-1E27A98D17EC&pageid=2", "https://www.googletagmanager.com/gtag/js?id=AW-1027984682", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027984682/?random=1653327072015&cv=9&fst=1653327072015&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=6&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa5b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.dinancars.com%2Fabout%2F&ref=https%3A%2F%2Fwww.dinancars.com%2Fupdate-agent&tiba=About%20Dinan%20-%20Dinan&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://js.hs-scripts.com/8009596.js", "https://www.dinancars.com/assets/css/jquery-ui-custom.css", "https://www.dinancars.com/update-agent" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1806, "hostname": 682, "FileHash-SHA256": 240, "domain": 274 }, "indicator_count": 3002, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1468 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62609c764fab13bbe96613f8", "name": "Pegasus - pegtech.com", "description": "New RegExp:function(a,b), a new type, has its own built-up property, as well as an ability to store information in place when it is not already available.", "modified": "2022-05-20T00:01:19.453000", "created": "2022-04-20T23:51:18.734000", "tags": [ "fontface", "woff", "sans", "woff2", "u1c801c88", "u20b4", "u2de02dff", "ua640a69f", "ufe2efe2f", "u04b004b1", "u2116", "datasecret", "chrome", "opredge", "isoperaedge", "opera", "browsername", "gecko", "iphone", "body", "srchttp", "strhashchange", "software", "sectionindex", "srchttps", "etslidertimer", "copyright", "typeof define", "etslidesnumber", "columns", "date", "error", "cowboy", "function", "placeheld", "customevent", "click", "minimum", "tooshort", "wpcf7wfreetext", "alert", "invert", "null", "form", "fast", "false", "path", "next", "video lightbox", "plugin", "expand", "previous", "setposition", "isset", "srcyoutube", "srcvimeo", "image", "lightbox clone", "stephane caron", "typeof therel", "regexp", "play", "close", "pseudo", "child", "typeof b", "array", "sufeffxa0", "class", "attr", "void", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "uddb0uddb3", "udd74udd75" ], "references": [ "xfe-URL-pegtech.com-stix2-2.1-export.json", "https://pegtech.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20", "https://pegtech.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.min.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.6", "https://pegtech.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.2", "https://pegtech.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.100", "https://pegtech.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.100", "https://pegtech.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext", "https://pegtech.com/wp-includes/css/dashicons.min.css?ver=4.9.20" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 856, "domain": 190, "hostname": 364, "FileHash-SHA256": 216 }, "indicator_count": 1626, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "62276abfaa65cd33f64331f8", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2022-04-07T00:04:02.553000", "created": "2022-03-08T14:39:59.235000", "tags": [ "march", "lookup go", "rescan add", "verdict report", "de summary", "http", "redirects links", "behaviour", "similar dom", "content api", "value", "search url", "search domain", "scan url", "url search", "domain scan", "url url", "motor vehicle", "aqb1", "eventsevent10", "meta", "show", "download go", "full url", "reverse dns", "resource", "windows nt", "win64", "khtml", "gecko", "response", "main", "milan", "apache", "paris", "accept" ], "references": [ "TarrantCounty3df.pdf", "TarantCounty2df.pdf", "TarrantCounty4df.pdf", "TarrantCounty5df.pdf", "tarrant23df.pdf", "TarrantCounty1df.pdf", "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "TarrantCounty6df.pdf", "TarrantCounty7df.pdf", "TarrantCounty10df.pdf", "TarrantCounty9df.pdf", "TarrantCounty17df.pdf", "TarrantCounty15df.pdf", "TarrantCounty12df.pdf", "TarrantCounty14df.pdf", "tarrantcounty8df.pdf", "TarrantCounty18df.pdf", "TarrantCounty19df.pdf", "TarrantCounty21df.pdf", "tarrantcounty22df.pdf", "TarrantCounty20df.pdf", "tarrantcountydf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4134, "hostname": 1607, "domain": 838, "FileHash-SHA256": 1078, "FileHash-SHA1": 2, "email": 3, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1515 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "tarrantcounty.com:en:elections:Voter-Information:Voter- Registration.html%22,.pdf", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027984682/?random=1653327072015&cv=9&fst=1653327072015&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=6&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa5b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.dinancars.com%2Fabout%2F&ref=https%3A%2F%2Fwww.dinancars.com%2Fupdate-agent&tiba=About%20Dinan%20-%20Dinan&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "xfe-URL-pegtech.com-stix2-2.1-export.json", "tarrantcountydf.pdf", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/video-lightbox.js?ver=3.1.6", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "https://otx.alienvault.com/indicator/file/6b383976427a4a9e932ac6516af5a6198d4f6828f63beac882107596203903b8", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "http://git.spywarewatchdog.org", "TarrantCounty17df.pdf", "https://pegtech.com/wp-content/plugins/wp-video-lightbox/js/jquery.prettyPhoto.min.js?ver=3.1.6", "Invalid IP (052.105.023.053)", "https://www.googletagmanager.com/gtm.js?id=GTM-PKDJJPC", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "NtProtectVirtualMemory@NTDLL.DLL", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "http://cve.chainguard.dev", "https://bot.dev.talos-systems.io/", "https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js", "youtube torrents", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D", "https://topweb.co.il/", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW", "tarrantcounty22df.pdf", "https://pegtech.com/wp-includes/js/wp-embed.min.js?ver=4.9.20", "TarrantCounty4df.pdf", "https://hello.extendedstay.com/api/mailings/unsubscribe/PMRGSZBCHIYTGOBWGYYTOLBCN5ZGOIR2EI2DGYZVMQ3DMNZNGY3GEYZNGQ2GIMBNMEYGENBNGQZDMMZYGA3DGZRZGI4SELBCOZSXE43JN5XCEORCGQRCYITTNFTSEORCHAZEKSCRNZ3UWTKHLA4US2BWNFVWK2SKKNXHAZTBO5RGOY2FGFYUOTTGNRJHQ5RZFU4TAPJCPU", "https://pegtech.com/wp-content/themes/Divi/js/custom.min.js?ver=3.0.100", "spywarewatchdog.org", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "IDS Detections Trojan.Generic.KDV.545753 Checkin", "https://www.dinancars.com/assets/js/combine/min/v1653077793/e88cd3e3db8ab2b910e50cf4deb60529f/default;jquery-ui.min;js.cookie;util;nav;cart;accountfunctions;jquery.activity-indicator-1.0.0.min;drawer_plugin;floating_label_gen;jquery.autoellipsis-1.0.10;fresco;fresco-custom;isotope_imagesloaded.min;promo_autoplus_helpers;slick.min;widgets;jquery.custom-carousel;waterfall_helpers/", "https://www.googletagmanager.com/gtag/js?id=AW-1027984682", "https://js.hs-scripts.com/8009596.js", "https://otx.alienvault.com/pulse/6976d6afd744c55bd596ed6e", "TarrantCounty19df.pdf", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "https://www.dinancars.com/assets/css/jquery-ui-custom.css", "TarrantCounty18df.pdf", "TarrantCounty10df.pdf", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "tarrantcounty8df.pdf", "TarrantCounty14df.pdf", "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "http://partners.spycloud.com", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "TarrantCounty12df.pdf", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "tarrant23df.pdf", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "TarantCounty2df.pdf", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://cdn-scripts.signifyd.com/api/script-tag.js", "TarrantCounty6df.pdf", "https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=7632E9E9-DE48-41D8-9BAC-1E27A98D17EC&pageid=2", "66.33.60.130 command_and_control", "https://pegtech.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20", "https://www.dinancars.com/update-agent", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "TarrantCounty21df.pdf", "https://pegtech.com/wp-includes/js/jquery/jquery.js?ver=1.12.4", "https://pegtech.com/wp-content/themes/Divi/core/admin/js/common.js?ver=3.0.100", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://communityinviter.com/apps/cloudfoundry/cloud-foundry", "TarrantCounty5df.pdf", "TarrantCounty3df.pdf", "michigan.gov.pdf", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "TarrantCounty7df.pdf", "https://signin-pro-azure.crayon.com/signin-oidc", "TarrantCounty15df.pdf", "TarrantCounty9df.pdf", "p3p-policy-commonto.1000klist.pulsedive_1605829585.csv", "https://pegtech.com/wp-includes/css/dashicons.min.css?ver=4.9.20", "76.76.21.61 command_and_control", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext", "https://grok-chatbot.tapnetic.pro/$", "TarrantCounty20df.pdf", "https://codesearch.criteois.com/opengrok/search?q=", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "TarrantCounty1df.pdf", "https://pegtech.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.2" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [ "Trojandownloader:win32/upatre.a", "Win.dropper.gh0strat-10028210-0", "Trojanspy:win32/nivdort.cw", "Win.packed.dapato-10021645-0", "Formbook", "Gc", "Win.trojan.upatre-3371", "Win.dropper.lokibot-10010685-0", "Win.packed.malwarex-9792170-0", "Autoit", "Backdoor:win32/kanav.a", "Trojan:win32/glupteba.mt!mtb", "Ransom:win32/wannaren.a" ], "industries": [ "Government", "Ecommerce" ], "unique_indicators": 31051 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/youtube.com", "whois": "http://whois.domaintools.com/youtube.com", "domain": "youtube.com", "hostname": "www.youtube.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 12, "pulses": [ { "id": "6a11810e7bc0d9d7652b4fcb", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:44:37.782000", "created": "2026-05-23T10:27:26.040000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 194, "FileHash-MD5": 63, "FileHash-SHA1": 65, "FileHash-SHA256": 456, "domain": 116, "hostname": 495, "URL": 862, "email": 1 }, "indicator_count": 2252, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6a1181104aab1e5b6484a6d2", "name": "* ghostware * CAPE Sandbox", "description": "[Results of an analysis of a KVM operating system, conducted by the MIT Research Institute (MIT), are published on the web. \u00c2\u00a32.5m.com (\u20ac3.4m; $4.6m).] pretext. a deeper follow up on impression domain from the last post shared. this is some of the evasive 2019-2020 attached malware in a sandbox. this is not easy to track or flag. Lb, cape, zenbox, vt are exceptional at this. Interesting string: preload js notes, \"fired\". this sha indicator won't run a sandbox despite all the flags: [a57ac7b63c282739aa...] though it now appears revoked - attached the certs in any event. (1 exp2 valid) exp:cosmina beteringhe\nStatus\nCertificate out of its validity period\nIssuer\nApple Inc.\nValid From\n02:08 PM 04/02/2019\nValid To\n02:08 PM 04/02/2024\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\nB60CA526B0B84F7FF9B9CACC70702C5C10985B2C\nSerial Number\n6D E1 8E C8 70 AC A3 3E team identity:HYC4353YBE", "modified": "2026-05-23T10:34:56.494000", "created": "2026-05-23T10:27:28.048000", "tags": [ "token", "instance id", "date", "request", "version", "start", "callback", "indicate", "send instance", "id token", "default", "cname", "accept", "shell folders", "folders", "gmt ifnonematch", "cape sandbox", "bootkit", "t1055", "t1542", "shutdown", "defense evasion", "filename", "userclass", "source", "adprovider", "pair", "count", "null", "newtab", "result", "chrome web", "file type", "file size", "sha1", "mwdb", "bazaar", "sha3384", "ssdeep", "virtual address", "adknowledge", "guard", "loads", "back", "typeof", "catch", "impression", "none", "xmlhttprequest", "signaturehz", "mitre attack", "network info", "sigma", "program", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "ultimate file", "next", "has permission", "t1430 location", "zenbox android", "persistence", "issuer apple", "valid from", "valid", "serial number", "ac a3", "apple inc", "status valid", "thumbprint", "mac os", "x executable", "info file", "info", "a9 a8" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530336&Signature=p6VwVgKhapyzo9Qdy2STgvqVBCILyIVDELmCCzKAI3VnzeLfXf8kMElRnqtXzyceHxnFobEu5%2Bzot74n2%2FKVdQLGgjSNmpbV1vxI4qIMW44TnqKJz7q%2Bzl9L2qPXk2Xd24irnPUYT4Z6b52nITm3rElixM%2FxW5B7cYrEPVdMEQQ3axn7fZMtVXkHyakt5UbZUnglSc97W7kjMO7OSb6qTfAhWNZuFLn0hPzN3JeCVc6eH2VaF8qrMW", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530360&Signature=IoNgUEkiuiM2X4a2ueL9rEQPSxM3pwV%2Fg9ppA8C%2BBjHNorpe2t8rUBwA%2BU0UhSwLHm3J9bx4il%2Buly8trboaDKTDgdTvpIFdsHRjkQYF%2F8P2ot8tg5AnQeLV9Q8ddUazck3uN2LTNyDFCh5HiWfU%2FJ4BytbiANmLC8gGyCjX%2FX5Y%2FkYYJwEtsw0W90i9lyhlbNX%2FbAor8c1%2FRyPwUh8klvuYGDxvlbeal0nSXVYLSy", "https://vtbehaviour.commondatastorage.googleapis.com/59bd2b3f9e4fbc79518a31738080bc4b9b35b42f6e5a3b5c3a306e0b9aae7f2c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530394&Signature=EFtQdaqkkeNu27kPO7Zob0bl261oVyzlQmNL5Z9HnrD%2FemHBUX4%2BsRO8wGhrK9e53idu5dP%2FqFvjC3fYYvXzyeKs6x0kO0IqPs5Pp6y422zCXP9gKR7xBfnQIQtmWDVaBb4znOzF35Jd76v4D1Y4btKPazPqsa2hq38U%2F2BTS2Fjqng%2BtZLtgjXCV7Qy1iJuoL4wZxus6aU6uyk4Gt4%2FwQOFSxhXM9Sg6EzneRhhFzAhHkOWzW", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530419&Signature=UGGjvrHysNTHqCP%2F98o%2Bwr%2BBuUURMkCiQxj24hY6gaY6O3Jzu8n5c1DTGQyxmFDLTNd%2BVEq%2BLjiAQEKKja33wGAeycq9H84UiQaOgy5xch0rQRhWlH9BAU1XQopkUIfjd%2F%2FjszJyY9f5GeBUviWGN0fk%2Fjf%2Bu70ZC8sViEooYie0vbqyBBZF4n4kjfdDoEDUXKU9hjk4W9PIBcH1Y8tyFonohbjbq7%2BZwzERUsYwo2", "https://vtbehaviour.commondatastorage.googleapis.com/8203df818e55602f58e12749c5f43ef382d5829c540953ef5acd613e9339bbfa_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530508&Signature=GssLnauiY160oyi8Jf10sDf4bL46z5UIfcX%2F1jMAIWwy97%2Fw9GjbHzS38wt5ybxoiMkSIsTN%2BYE7Vd7kc7zHkudP8K6D2g6bTFX%2B%2Bao4FK6e0OYbJXqb%2BPeNSgeqrHMrCeXIW1H8RCC5QXuEjkQrE4TPFja5Gc790vYMvsT5oAuxbnFAzjQM%2BTwMcjJ1k9dWR0Hoh694C2boFVdHy3LxQkv7vk6CSmjQcZ4bBbHmEMC%2FNd", "https://vtbehaviour.commondatastorage.googleapis.com/7f9899e42bccdd1d6479b573fb1bb9277b4bd42e8f6ef73c5456f606949e7cf5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530727&Signature=xFLQpUtdhw77th%2BADVS4Sl3y8VCEFYpShlfIJ6D6zJme%2BtY0lUlxv2N7hvxGbwSTYKBYQSyu735BqpgvSUc5e%2BC%2B9XseD6ERlB2kCJmvUPalqCOgZABMyb6mGaG5MMGgxP19UjM1qrUOxI2iJSjEQQ4LLmmkLf7%2B6XGhtqkIG4O2hZ5ABCrdbqytgJkuVl7VMDYelEnoYLLma9GDq1ytLfUObtoINW48v1xg1Mykxldjv6gV2DWr", "https://vtbehaviour.commondatastorage.googleapis.com/37dcea337208645ad344413d9a8350033fe2264c91cc91a5a2bf50045d92a67c_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530784&Signature=CYyyJeKkeGqnH6T6m5Xruegrlkv2udvHSUC4MgjgnkaJP2%2BkZUvTfdoh5S5uXQZbk0By%2Bg1akNr3AALQqY%2B0SNoOJdW5fHCOavOpIuNkgM4efnxQQyuhR%2F6eccAejXvy0cFPKDUhdhvbItcx7lkgLwM3MhWL%2FzNneeST7yUf3g8Pad72u7BrItBCkJ23R2quBuKT3G22OMfreYhprgO398iL0htbNTBKh4csLc9QtPI%2FabWco3", "https://vtbehaviour.commondatastorage.googleapis.com/e068d8d9f9dae873ec78bd5a88df561893c18b1df6200a958a864c34d27e0a3d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779530824&Signature=oRifg%2BGsx5SCY%2B4rLdvAqryqS3Xlu3DCrHZifO%2Bh9YOQAM4528P%2Bi6LzgYdE0hyDe8HlrfIhswkzkUOf8K4%2FzdoebqTYkwrHmPiJeW4cetq5F2qEeUU7RVbiXVUvLGYwThftr3BuB%2FtW3u%2Fl9v9AyS38ZTrk3B%2BjdQI5OqLikCMwV9lO%2B3lOB05pg6dpqHO3ycZUK2sMy5MgMqqyj%2FY2HLFVTv4wp4ea8PF%2Fswj4", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531163&Signature=ymkpXNrWILdVetVt90LhjbwNPIy4I%2FXM%2B0jq5xPK4FE6N61CBJ0ZKsP%2FbvZXOM5lKJdG6ltKQtldTuXskK26NlEwbRlzn90t1KGmXS6%2FkK7pgbFTNlA9BWYrDLciKwIZJJeFn46IMGSClXk0BXzcveuQWp4G%2BnIJwwWw0EjgU6ONUydOZW4DhKFhmEvNGfqPrEd6apNA3C39kZP%2Bql4tWV7ma8oAP9cHc7RyoO%2Fw4zbcJKmP", "https://vtbehaviour.commondatastorage.googleapis.com/1b153c384510546d105b067e8b1be208f0686914841758441e857d7ffb18fa72_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531236&Signature=hz%2BT6I69NdrwImMGk8kcXqNnwp7K7z5sLWg7P7JvUVEckT5yV9zVAooLzjLyQGgNBxh%2Bw35npaMota9ooiK%2Bd3BWFd%2Bzr%2BUm76cQbsuLV5NH2LWXQFw1YzoSEXeXl4wmdHCWX4%2BP9tulqXFWpRQ4oOvqHWV10QWM4ubzWdft4N%2FCy4fQ90Iubm%2F1ywQ%2FuG66nNIy6ArwArpf2Md9Wb2k%2BVSwvmrPJqDUAM868u1jznd8SeGkYX", "https://vtbehaviour.commondatastorage.googleapis.com/23671e33d82282324fc51576616dbb92814adc4d17eb7014dc4e2f891ea7f4ae_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531342&Signature=MsuL%2B3SZcdwh8PtkojSZiAkej0M%2FX59YS9DllA%2BRLg6Z%2FV43R4XBkqKm%2BsQjDvTRdh%2BFRjO2rtuvYPHG%2By1RpurAOIjZEBs3F2ZYmv6mE62mgf4bDqgnUZS5myKTtlD%2BnuWRL7up%2B197%2F4VEXIqM8hxzhGDo7jmUeU0HERH%2FUnTThLnOjAWlGHNITZ7ffU0tKlYMKo%2BHqAkV9AerG5R%2FZdAh7nZidUf8wYpV", "https://vtbehaviour.commondatastorage.googleapis.com/79b0e5df7c5ebe1b2967a3d161ec0283531f20beb58cd8eb8e343f7ecbf0e142_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779531881&Signature=J%2FX46%2BkQxXt0avuUofAv2FrDA2NcHoY81F%2F%2FCOybzM72s9GqDbl34Hk6nMuCyVJ9cyKFYU4dKZ5PGnS5MZLN7tzYDYnGF6tmsCd56oCgYS4IN8%2Ffm7xi81ELi3QsBaKZaSKBYTcBzQZOzBgTX%2BjFL%2FH291KDNrb5QKNV0OYNHKzFrKXUZzUNPTZgDw2%2B2XVV4tQzxtRNdm0kQW19OOOv29%2FY0E9CK9qRsl4Nu2otAW" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 70, "FileHash-MD5": 19, "FileHash-SHA1": 18, "FileHash-SHA256": 412, "domain": 96, "hostname": 409, "URL": 810, "email": 1 }, "indicator_count": 1835, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "8 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "69770bdfbdd845a3d5cb2484", "name": "Drive-by Compromise | Rootkit installed on Apple Device", "description": "Drive-by Compromise | Rootkit installed on Apple Device | The devices in this example are obviously compromised. We tested a device another Apple device by viewing a Sprouts Farmers Market E-commerce website. The App crashed revealing the source of the issue. I admit that even though device is HEAVILY compromised by threat actors; it continued to preform.\nThis week the Apple devices have experienced a series of BLACK & PINK stutters One had the letter \u2018P\u2019. The most important part of the research is who & why someone targets victims of crime who are either deceased or catastrophically injured. One victims \u2018voice\u2019 has been captured and is now calling people she knew and creeping them out. \n\nAlso curious about the \u2018Hello\u2019 api lineages. Malware packed. Check-ins & Bot Network found.\n\n[OTX auto populated- Here is the full list of URLs from the 20th anniversary of the birth of Daylin Olson, who was born and raised in New York in the US, and who he is now.]\n\n#stop", "modified": "2026-02-25T06:02:12.072000", "created": "2026-01-26T06:38:23.334000", "tags": [ "url https", "url http", "netherlands", "france", "united", "canada", "spain", "ascii text", "pattern match", "mitre att", "ck id", "null", "refresh", "title", "span", "hybrid", "general", "local", "path", "strings", "error", "tools", "look", "verify", "restart", "meta", "form", "bad traffic", "et info", "tls handshake", "failure", "flag", "windir", "openurl c", "prefetch2", "analysis", "ck matrix", "href", "network traffic", "encrypt", "learn", "name tactics", "suspicious", "informative", "command", "adversaries", "spawns", "ssl certificate", "initial access", "zerobits", "allocationtype", "protect", "programfiles", "processhandle", "commitsize", "viewsize", "regionsize", "viewsize d5000", "viewsize c9000", "phishing", "filehandle", "report uid", "handles modules", "files amsi", "streams", "path filehandle", "porthandle", "modules files", "amsi streams", "accept", "starfield", "onload", "root", "backdoor", "passive dns", "next associated", "gmt location", "ipv4 add", "urls", "files", "search", "domain address", "markmonitor", "name server", "se referen", "ntprotec", "data upload", "extraction", "country", "overview dns", "requests domain", "date", "contacted hosts", "ip address", "defense evasion", "found", "size", "mask", "enterprise", "trojanspy", "checkin", "gmt content", "vercel x", "twitter", "trojan", "malware", "for privacy", "servers", "domains ii", "record value", "ca issuers", "unknown aaaa", "status", "present jul", "moved", "present jan", "present oct", "present sep", "unknown ns", "present dec", "ipv4", "url analysis", "location united", "1.25.26", "q.vashti pulse", "cloud", "foundry", "process details", "formbook cnc", "cape", "autoit", "high", "formbook", "yara rule", "delete", "get na", "write", "unknown", "copy", "autoit error", "autoIt paused", "global", "div div", "script script", "h6 div", "p div", "registrar", "project", "showing", "emails", "name servers", "ids detec", "domain", "hostname", "hello", "spyware" ], "references": [ "https://hello.extendedstay.com/api/mailings/unsubscribe/PMRGSZBCHIYTGOBWGYYTOLBCN5ZGOIR2EI2DGYZVMQ3DMNZNGY3GEYZNGQ2GIMBNMEYGENBNGQZDMMZYGA3DGZRZGI4SELBCOZSXE43JN5XCEORCGQRCYITTNFTSEORCHAZEKSCRNZ3UWTKHLA4US2BWNFVWK2SKKNXHAZTBO5RGOY2FGFYUOTTGNRJHQ5RZFU4TAPJCPU", "NtProtectVirtualMemory@NTDLL.DLL", "66.33.60.130 command_and_control", "76.76.21.61 command_and_control", "IDS Detections Trojan.Generic.KDV.545753 Checkin", "https://communityinviter.com/apps/cloudfoundry/cloud-foundry", "http://cve.chainguard.dev", "http://partners.spycloud.com", "https://signin-pro-azure.crayon.com/signin-oidc", "Invalid IP (052.105.023.053)", "https://codesearch.criteois.com/opengrok/search?q=", "https://grok-chatbot.tapnetic.pro/$", "spywarewatchdog.org", "http://git.spywarewatchdog.org", "https://bot.dev.talos-systems.io/", "https://otx.alienvault.com/pulse/6976d6afd744c55bd596ed6e" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Win.Dropper.Gh0stRAT-10028210-0", "display_name": "Win.Dropper.Gh0stRAT-10028210-0", "target": null }, { "id": "Backdoor:Win32/Kanav.A", "display_name": "Backdoor:Win32/Kanav.A", "target": "/malware/Backdoor:Win32/Kanav.A" }, { "id": "Win.Trojan.Upatre-3371", "display_name": "Win.Trojan.Upatre-3371", "target": null }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "Win.Trojan.Upatre-3371", "display_name": "Win.Trojan.Upatre-3371", "target": null }, { "id": "TrojanDownloader:Win32/Upatre.A", "display_name": "TrojanDownloader:Win32/Upatre.A", "target": "/malware/TrojanDownloader:Win32/Upatre.A" }, { "id": "Win.Dropper.LokiBot-10010685-0", "display_name": "Win.Dropper.LokiBot-10010685-0", "target": null }, { "id": "Win.Packed.Dapato-10021645-0", "display_name": "Win.Packed.Dapato-10021645-0", "target": null }, { "id": "TrojanSpy:Win32/Nivdort.CW", "display_name": "TrojanSpy:Win32/Nivdort.CW", "target": "/malware/TrojanSpy:Win32/Nivdort.CW" }, { "id": "Win.Packed.Malwarex-9792170-0", "display_name": "Win.Packed.Malwarex-9792170-0", "target": null }, { "id": "Trojan:Win32/Glupteba.MT!MTB", "display_name": "Trojan:Win32/Glupteba.MT!MTB", "target": "/malware/Trojan:Win32/Glupteba.MT!MTB" }, { "id": "AutoIt", "display_name": "AutoIt", "target": null }, { "id": "FormBook", "display_name": "FormBook", "target": null } ], "attack_ids": [ { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1069", "name": "Permission Groups Discovery", "display_name": "T1069 - Permission Groups Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1480", "name": "Execution Guardrails", "display_name": "T1480 - Execution Guardrails" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" }, { "id": "T1456", "name": "Drive-by Compromise", "display_name": "T1456 - Drive-by Compromise" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1583", "name": "Acquire Infrastructure", "display_name": "T1583 - Acquire Infrastructure" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1069.002", "name": "Domain Groups", "display_name": "T1069.002 - Domain Groups" }, { "id": "T1568.002", "name": "Domain Generation Algorithms", "display_name": "T1568.002 - Domain Generation Algorithms" }, { "id": "T1116", "name": "Code Signing", "display_name": "T1116 - Code Signing" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1590", "name": "Gather Victim Network Information", "display_name": "T1590 - Gather Victim Network Information" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1562.001", "name": "Disable or Modify Tools", "display_name": "T1562.001 - Disable or Modify Tools" }, { "id": "T1553.002", "name": "Code Signing", "display_name": "T1553.002 - Code Signing" }, { "id": "T1016.001", "name": "Internet Connection Discovery", "display_name": "T1016.001 - Internet Connection Discovery" }, { "id": "T1584.005", "name": "Botnet", "display_name": "T1584.005 - Botnet" }, { "id": "T1583.004", "name": "Server", "display_name": "T1583.004 - Server" }, { "id": "T1078.004", "name": "Cloud Accounts", "display_name": "T1078.004 - Cloud Accounts" }, { "id": "T1584.003", "name": "Virtual Private Server", "display_name": "T1584.003 - Virtual Private Server" } ], "industries": [ "Ecommerce", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 6777, "domain": 907, "hostname": 2070, "FileHash-SHA256": 1120, "FileHash-MD5": 202, "FileHash-SHA1": 184, "SSLCertFingerprint": 23, "email": 4 }, "indicator_count": 11287, "is_author": false, "is_subscribing": null, "subscriber_count": 144, "modified_text": "95 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657099cf5e89b0e746c45d1a", "name": "bad header p3p csv from 2020 - basically some shady youtube shit and torrents \ud83d\udc81", "description": "", "modified": "2023-12-06T15:57:03.643000", "created": "2023-12-06T15:57:03.643000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 123, "hostname": 72, "domain": 56, "URL": 2513, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 2766, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65709180cc164d76aeb361cf", "name": "Michigan.gov ~ Tis the season to HACK elections", "description": "", "modified": "2023-12-06T15:21:36.435000", "created": "2023-12-06T15:21:36.435000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1530, "hostname": 501, "domain": 169, "URL": 1060, "CIDR": 3, "FileHash-MD5": 129 }, "indicator_count": 3392, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "657080d20f7e10c1e37fcf89", "name": "TarrantCounty.com ~ 03.01.2022", "description": "", "modified": "2023-12-06T14:10:26.301000", "created": "2023-12-06T14:10:26.301000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1078, "domain": 838, "hostname": 1607, "URL": 4134, "email": 3, "FileHash-SHA1": 2, "CIDR": 4, "FileHash-MD5": 15 }, "indicator_count": 7681, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "64482a3f2b107b380abdc5f7", "name": "bad header p3p csv from 2020 - basically some shady youtube shit and torrents \ud83d\udc81", "description": "File upload: https://otx.alienvault.com/indicator/file/6b383976427a4a9e932ac6516af5a6198d4f6828f63beac882107596203903b8", "modified": "2023-04-25T20:09:10.655000", "created": "2023-04-25T19:30:07.973000", "tags": [ "united", "america", "privacy", "netherlands", "meppel", "viet nam", "vnpt corp", "array", "tuyen quang", "hanoi", "https://otx.alienvault.com/indicator/file/6b383976427a4a9e932ac6" ], "references": [ "p3p-policy-commonto.1000klist.pulsedive_1605829585.csv", "https://otx.alienvault.com/indicator/file/6b383976427a4a9e932ac6516af5a6198d4f6828f63beac882107596203903b8", "youtube torrents" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3788, "hostname": 125, "domain": 66, "FileHash-SHA256": 306, "IPv4": 13, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 4300, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1131 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "630030f2cdba6cf05bdcd070", "name": "Michigan.gov ~ Tis the season to HACK elections", "description": "", "modified": "2022-09-18T00:03:55.814000", "created": "2022-08-20T00:55:14.285000", "tags": [ "Ransomware" ], "references": [ "michigan.gov.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "Ransom:Win32/Wannaren.A", "display_name": "Ransom:Win32/Wannaren.A", "target": "/malware/Ransom:Win32/Wannaren.A" } ], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 501, "domain": 169, "URL": 1061, "FileHash-SHA256": 1530, "CIDR": 3, "FileHash-MD5": 129 }, "indicator_count": 3393, "is_author": false, "is_subscribing": null, "subscriber_count": 407, "modified_text": "1351 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "6266c416c4598fa139868c64", "name": "\u05de\u05e9\u05e8\u05d3 \u05e4\u05e8\u05e1\u05d5\u05dd \u05d5\u05d1\u05e0\u05d9\u05d9\u05ea \u05d0\u05ea\u05e8\u05d9\u05dd | TOPWEB - \u05d8\u05d5\u05e4 \u05d5\u05d5\u05d1- \u05d4\u05d5\u05e4\u05db\u05d9\u05dd \u05e2\u05e1\u05e7\u05d9\u05dd \u05dc\u05de\u05d5\u05ea\u05d2\u05d9\u05dd \u05d1\u05d3\u05d9\u05d2\u05d9\u05d8\u05dc", "description": "New RegExp(M) is a new type, and it will change any of the elements to the same type if you want to add them to your HTML page or add a third element.", "modified": "2022-05-25T00:04:03.622000", "created": "2022-04-25T15:53:58.206000", "tags": [ "init", "803911410135716", "pageview", "date", "datalayer", "gtmnqnvc6k", "copyright", "closure library", "facebook", "google", "linkedin", "reddit", "tumblr", "digg", "stumbleupon", "telegram", "whatsapp", "email", "kfunction", "u05deu05dcu05d0", "aw363516812", "error", "promise", "inull", "webfontconfig", "webfont", "gc", "number", "string", "uint8array", "regexp", "xhfunction", "yhfunction", "host", "path", "code", "topweb", "top web", "beyond", "forex", "hackeru", "one stop", "shop", "bgroup", "typesubmit", "datasecret", "shape", "html", "span", "false", "scrl", "haschildren", "zoomindown", "show hide", "dark", "checkbox", "back", "light", "typeof e", "formdata", "typeof symbol", "customevent", "post", "refill", "wpcf7", "wpcf7locale", "wpcf7unittag", "reflect", "math", "array", "object", "typeerror", "symbol", "function", "null", "title", "body", "click", "lecount", "count", "typeof define", "typeof t", "this", "close", "twitter", "open", "next", "blank", "xpercent0", "failure", "xpercent50", "essential grid", "blackberry", "author", "themepunch", "android", "typeof module", "tweenlite", "version", "onull", "updates and", "tools", "linear", "ticker", "bounce", "alpha", "fancybox", "plugin", "janis skarnelis", "100n", "right", "bottom", "left", "html tags", "ox20trnf", "dom element", "class", "attr", "pseudo", "child", "js foundation", "udc66udc67", "ud83d", "ufe0f", "ud83e", "udc68udc69", "udfcbudfcc", "u2640u2642", "source", "image", "ud83dudc6cud83c" ], "references": [ "xfe-URL-anyweb.co.il-stix2-2.1-export.json", "https://anyweb.co.il/wp-includes/js/wp-emoji-release.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/js/jquery/jquery.min.js?ver=3.5.1", "https://anyweb.co.il/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/lightbox.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.tools.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=2.0.9.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/assets.js?ver=5.7.3", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/post-like.min.js?ver=1.0", "https://anyweb.co.il/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4", "https://anyweb.co.il/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.1", "https://anyweb.co.il/wp-content/themes/superfine/assets/js/script.js", "https://anyweb.co.il/wp-includes/js/wp-embed.min.js?ver=5.7.3", "https://anyweb.co.il/wp-includes/css/dist/block-library/style.min.css?ver=5.7.3", "https://topweb.co.il/", "https://www.googletagmanager.com/gtm.js?id=GTM-NQNVC6K", "https://topweb.co.il/wp-content/plugins/litespeed-cache/assets/js/webfontloader.min.js", "https://topweb.co.il/wp-content/litespeed/js/c3a18f91ebd798da3e120a12aec7c615.js?ver=7c615", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/363516812/?random=1650901467024&cv=9&fst=1650901467024&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=1&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa4k0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Ftopweb.co.il%2F&tiba=%D7%9E%D7%A9%D7%A8%D7%93%20%D7%A4%D7%A8%D7%A1%D7%95%D7%9D%20%D7%95%D7%91%D7%A0%D7%99%D7%99%D7%AA%20%D7%90%D7%AA%D7%A8%D7%99%D7%9D%20%7C%20TOPWEB%20-%20%D7%98%D" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Gc", "display_name": "Gc", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1158, "FileHash-SHA256": 671, "hostname": 304, "domain": 329, "email": 2 }, "indicator_count": 2464, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "1467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "628bc74f5b92614c08d99f88", "name": "Update Agent - Dinan.", "description": "", "modified": "2022-05-23T17:41:35.234000", "created": "2022-05-23T17:41:35.234000", "tags": [ "dinan", "performance", "update agent", "help center", "products", "lubricants", "engine hardware", "exhaust", "dinan dealer", "dealer login", "mini", "contact", "agent", "download", "alpha", "verdana", "arial", "opacity35", "copyright", "foundation", "opacity0", "opacity70", "opacity80", "hubspot script", "loader", "closure library", "number", "string", "regexp", "uint8array", "date", "fnumber", "aw1027984682", "xdfunction", "code", "null", "error", "activexobject", "xmlhttprequest", "android", "worker", "installtrigger", "ccon", "false", "error occured", "body", "please", "shippingphone", "event", "item", "shippingaddress", "billingphone", "promise", "click", "window", "this", "close", "model", "drop", "main", "facebook", "form", "next", "february", "april", "june", "august", "atom", "cookie", "back", "bounce", "open", "express", "spinner", "copy", "typeof e", "typeof t", "class", "attr", "pseudo", "child", "function", "typeof module", "0x4b3a", "error message", "signifydglobal", "0x1c7d", "current order", "x0x4b3a", "gtmpkdjjpc", "host", "path", "adfunction" ], "references": [ "https://www.googletagmanager.com/gtm.js?id=GTM-PKDJJPC", "https://cdn-scripts.signifyd.com/api/script-tag.js", "https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js", "https://www.dinancars.com/assets/js/combine/min/v1653077793/e88cd3e3db8ab2b910e50cf4deb60529f/default;jquery-ui.min;js.cookie;util;nav;cart;accountfunctions;jquery.activity-indicator-1.0.0.min;drawer_plugin;floating_label_gen;jquery.autoellipsis-1.0.10;fresco;fresco-custom;isotope_imagesloaded.min;promo_autoplus_helpers;slick.min;widgets;jquery.custom-carousel;waterfall_helpers/", "https://imgs.signifyd.com/fp/tags.js?org_id=w2txo5aa&session_id=7632E9E9-DE48-41D8-9BAC-1E27A98D17EC&pageid=2", "https://www.googletagmanager.com/gtag/js?id=AW-1027984682", "https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1027984682/?random=1653327072015&cv=9&fst=1653327072015&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=844&u_w=390&u_ah=844&u_aw=390&u_cd=32&u_his=6&u_tz=-240&u_java=false&u_nplug=0&u_nmime=0>m=2oa5b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.dinancars.com%2Fabout%2F&ref=https%3A%2F%2Fwww.dinancars.com%2Fupdate-agent&tiba=About%20Dinan%20-%20Dinan&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4", "https://js.hs-scripts.com/8009596.js", "https://www.dinancars.com/assets/css/jquery-ui-custom.css", "https://www.dinancars.com/update-agent" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1806, "hostname": 682, "FileHash-SHA256": 240, "domain": 274 }, "indicator_count": 3002, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1468 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.youtube.com/embed/", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.youtube.com/embed/", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780248317.4486005 }