{ "type": "Domain", "indicator": "instructions.md", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/instructions.md", "alexa": "http://www.alexa.com/siteinfo/instructions.md", "indicator": "instructions.md", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4297727444, "indicator": "instructions.md", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 5, "pulses": [ { "id": "6a0eac9ae62f3f9f50ca0d18", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T07:00:40.184000", "created": "2026-05-21T06:56:26.458000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 101, "FileHash-SHA1": 99, "FileHash-SHA256": 799, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1356, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0eac9bd286b53466d6e28f", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T06:56:27.437000", "created": "2026-05-21T06:56:27.437000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 38, "FileHash-SHA1": 37, "FileHash-SHA256": 741, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1173, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9725b323ae1350c36488", "name": "no comment", "description": "", "modified": "2026-05-21T06:52:08.577000", "created": "2026-05-21T05:24:53.947000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 366, "FileHash-SHA1": 366, "FileHash-SHA256": 5078, "IPv4": 44, "URL": 2414, "domain": 1305, "hostname": 366, "CIDR": 1, "email": 2, "Mutex": 1 }, "indicator_count": 9943, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d43faf7160e03036338663", "name": "VirusTotal report\n for hr100xfiles.zip", "description": "The full text of the full set of files compiled by Microsoft, Microsoft and other companies, as well as their own, has been published on the Microsoft website, and here is the complete list:", "modified": "2026-04-06T23:20:15.603000", "created": "2026-04-06T23:20:15.603000", "tags": [ "file type", "php script", "ascii text", "ascii", "html document", "json", "unicode text", "utf8 text", "creates", "mitre attack", "window", "info", "next", "sgml document", "web open", "toggle", "xd0tb xd0tb", "xc7exfc xc7exfc", "x85xc0u x85xc0u", "x85xc0t x85xc0t", "x8bxe5", "xc7a xc7a", "xc7exf8 xc7exf8", "x85xc0 x85xc0", "xc7exf0 xc7exf0", "dynamicloader", "first", "path", "enterprise", "service", "close" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW", "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 30, "FileHash-SHA256": 1018, "domain": 6, "URL": 23, "hostname": 2 }, "indicator_count": 1112, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "55 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d43fae5b7c4b40e3c63fb2", "name": "VirusTotal report\n for hr100xfiles.zip", "description": "The full text of the full set of files compiled by Microsoft, Microsoft and other companies, as well as their own, has been published on the Microsoft website, and here is the complete list:", "modified": "2026-04-06T23:20:14.130000", "created": "2026-04-06T23:20:14.130000", "tags": [ "file type", "php script", "ascii text", "ascii", "html document", "json", "unicode text", "utf8 text", "creates", "mitre attack", "window", "info", "next", "sgml document", "web open", "toggle", "xd0tb xd0tb", "xc7exfc xc7exfc", "x85xc0u x85xc0u", "x85xc0t x85xc0t", "x8bxe5", "xc7a xc7a", "xc7exf8 xc7exf8", "x85xc0 x85xc0", "xc7exf0 xc7exf0", "dynamicloader", "first", "path", "enterprise", "service", "close" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW", "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 30, "FileHash-SHA256": 1018, "domain": 6, "URL": 23, "hostname": 2 }, "indicator_count": 1112, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "55 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k", "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 5, "pulses": [ { "id": "6a0eac9ae62f3f9f50ca0d18", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T07:00:40.184000", "created": "2026-05-21T06:56:26.458000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 101, "FileHash-SHA1": 99, "FileHash-SHA256": 799, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1356, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0eac9bd286b53466d6e28f", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T06:56:27.437000", "created": "2026-05-21T06:56:27.437000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 38, "FileHash-SHA1": 37, "FileHash-SHA256": 741, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1173, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "11 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9725b323ae1350c36488", "name": "no comment", "description": "", "modified": "2026-05-21T06:52:08.577000", "created": "2026-05-21T05:24:53.947000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 366, "FileHash-SHA1": 366, "FileHash-SHA256": 5078, "IPv4": 44, "URL": 2414, "domain": 1305, "hostname": 366, "CIDR": 1, "email": 2, "Mutex": 1 }, "indicator_count": 9943, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "11 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d43faf7160e03036338663", "name": "VirusTotal report\n for hr100xfiles.zip", "description": "The full text of the full set of files compiled by Microsoft, Microsoft and other companies, as well as their own, has been published on the Microsoft website, and here is the complete list:", "modified": "2026-04-06T23:20:15.603000", "created": "2026-04-06T23:20:15.603000", "tags": [ "file type", "php script", "ascii text", "ascii", "html document", "json", "unicode text", "utf8 text", "creates", "mitre attack", "window", "info", "next", "sgml document", "web open", "toggle", "xd0tb xd0tb", "xc7exfc xc7exfc", "x85xc0u x85xc0u", "x85xc0t x85xc0t", "x8bxe5", "xc7a xc7a", "xc7exf8 xc7exf8", "x85xc0 x85xc0", "xc7exf0 xc7exf0", "dynamicloader", "first", "path", "enterprise", "service", "close" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW", "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 30, "FileHash-SHA256": 1018, "domain": 6, "URL": 23, "hostname": 2 }, "indicator_count": 1112, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "55 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d43fae5b7c4b40e3c63fb2", "name": "VirusTotal report\n for hr100xfiles.zip", "description": "The full text of the full set of files compiled by Microsoft, Microsoft and other companies, as well as their own, has been published on the Microsoft website, and here is the complete list:", "modified": "2026-04-06T23:20:14.130000", "created": "2026-04-06T23:20:14.130000", "tags": [ "file type", "php script", "ascii text", "ascii", "html document", "json", "unicode text", "utf8 text", "creates", "mitre attack", "window", "info", "next", "sgml document", "web open", "toggle", "xd0tb xd0tb", "xc7exfc xc7exfc", "x85xc0u x85xc0u", "x85xc0t x85xc0t", "x8bxe5", "xc7a xc7a", "xc7exf8 xc7exf8", "x85xc0 x85xc0", "xc7exf0 xc7exf0", "dynamicloader", "first", "path", "enterprise", "service", "close" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/1d8220c8dd21980b3011d4d5f270989e8ec6976bfac43bb68e26210f0132d73a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517690&Signature=ss9QfKS7opM7i4y0qJTNns2ZH2%2FMJsUYWVIL%2FPE2inms8fNXu%2BbNyyv%2ByYvzfOQeAuk6RLNZDEOhLiGokHWpqZiclVpv8vxLtlqIEAHvgJ%2F4ZIcTgVkGXIXnNvyEEQfE96d0SzSMd2dMGq5%2FychQ%2BT26ZdyxoyTtMSTIUgK9jqBdXfmCaICEp22pfV99slaMlBzNdL7kQ%2BWELMfEtoO72EQxXJQtIZ7ezn3mBEoLa%2BnYqTHCaBbW", "https://vtbehaviour.commondatastorage.googleapis.com/6c0127433f689c0861355352460f7dc6b6ae3d86aa7db0747e60b3b9a18c4a87_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775517857&Signature=vah2Y1tu1hUAIU2Nzl5Tj42a52U%2F4iHbQMQ97tgsD9m4WS0cP%2FDouswDcCWgQBks1IZNZLNdNIN4zhFGqu5TKTGa%2BfaFH53FyJKTW8qWIWhfzHeg7juIKdf%2Bg31OT2ch6vWmA12PTN5NyGUdyDJXhtiJoJY7fDAnNQevIgYxRXZV4DroufLQPXPwAd3hsBLc4RLDkrtL%2BeuuXcWkZ95SYsHpvwpswlCvj20Pa9nMFjXYgw4%2Bt5k" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 33, "FileHash-SHA1": 30, "FileHash-SHA256": 1018, "domain": 6, "URL": 23, "hostname": 2 }, "indicator_count": 1112, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "55 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "instructions.md", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "instructions.md", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780322487.281447 }