{
  "type": "Domain",
  "indicator": "moniker.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/moniker.com",
    "alexa": "http://www.alexa.com/siteinfo/moniker.com",
    "indicator": "moniker.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 1179667523,
      "indicator": "moniker.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 10,
      "pulses": [
        {
          "id": "6a0e70462533707c15e72292",
          "name": "snake logger darkbot CAPE Sandbox",
          "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
          "modified": "2026-05-21T03:36:39.925000",
          "created": "2026-05-21T02:39:02.897000",
          "tags": [
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "file size",
            "file type",
            "strong",
            "crc32",
            "sha1",
            "library",
            "accept",
            "date",
            "mainexe",
            "body",
            "shutdown",
            "guard",
            "title",
            "lockfile",
            "pxff pxff",
            "qxff qxff",
            "rxff rxff",
            "vxff vxff",
            "x8bxe5",
            "sx8b",
            "px8be px8be",
            "xf7xd8 xf7xd8",
            "pxe8 pxe8",
            "wx8b",
            "done",
            "pass",
            "chat",
            "handle",
            "cloudflare",
            "whois server",
            "entity cloud14",
            "net104",
            "net1040000",
            "cloud14",
            "cloud14 address",
            "townsend street",
            "city",
            "san francisco",
            "stateprov",
            "postalcode",
            "pe file",
            "mitre attack",
            "network info",
            "sample",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "malicious",
            "darkbot",
            "next",
            "script",
            "meta",
            "virustotal",
            "style",
            "noscript",
            "vtuishell",
            "function",
            "base",
            "iframe",
            "persist",
            "full",
            "android sandbox",
            "europemadrid",
            "current object",
            "has permission",
            "accesses",
            "dropped info",
            "zenbox android",
            "guest system",
            "persistence"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
            "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
            "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
            "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1091",
              "name": "Replication Through Removable Media",
              "display_name": "T1091 - Replication Through Removable Media"
            },
            {
              "id": "T1120",
              "name": "Peripheral Device Discovery",
              "display_name": "T1120 - Peripheral Device Discovery"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1406",
              "name": "Obfuscated Files or Information",
              "display_name": "T1406 - Obfuscated Files or Information"
            },
            {
              "id": "T1409",
              "name": "Access Stored Application Data",
              "display_name": "T1409 - Access Stored Application Data"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1422",
              "name": "System Network Configuration Discovery",
              "display_name": "T1422 - System Network Configuration Discovery"
            },
            {
              "id": "T1424",
              "name": "Process Discovery",
              "display_name": "T1424 - Process Discovery"
            },
            {
              "id": "T1426",
              "name": "System Information Discovery",
              "display_name": "T1426 - System Information Discovery"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1430",
              "name": "Location Tracking",
              "display_name": "T1430 - Location Tracking"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 212,
            "FileHash-SHA1": 226,
            "FileHash-SHA256": 1512,
            "IPv4": 409,
            "URL": 880,
            "hostname": 1350,
            "domain": 378,
            "CIDR": 1,
            "email": 3,
            "Mutex": 3
          },
          "indicator_count": 4974,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "10 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a0e703e7c0457682c548691",
          "name": "snake logger darkbot CAPE Sandbox",
          "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
          "modified": "2026-05-21T02:38:54.394000",
          "created": "2026-05-21T02:38:54.394000",
          "tags": [
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "file size",
            "file type",
            "strong",
            "crc32",
            "sha1",
            "library",
            "accept",
            "date",
            "mainexe",
            "body",
            "shutdown",
            "guard",
            "title",
            "lockfile",
            "pxff pxff",
            "qxff qxff",
            "rxff rxff",
            "vxff vxff",
            "x8bxe5",
            "sx8b",
            "px8be px8be",
            "xf7xd8 xf7xd8",
            "pxe8 pxe8",
            "wx8b",
            "done",
            "pass",
            "chat",
            "handle",
            "cloudflare",
            "whois server",
            "entity cloud14",
            "net104",
            "net1040000",
            "cloud14",
            "cloud14 address",
            "townsend street",
            "city",
            "san francisco",
            "stateprov",
            "postalcode",
            "pe file",
            "mitre attack",
            "network info",
            "sample",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "malicious",
            "darkbot",
            "next",
            "script",
            "meta",
            "virustotal",
            "style",
            "noscript",
            "vtuishell",
            "function",
            "base",
            "iframe",
            "persist",
            "full",
            "android sandbox",
            "europemadrid",
            "current object",
            "has permission",
            "accesses",
            "dropped info",
            "zenbox android",
            "guest system",
            "persistence"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
            "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
            "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
            "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1091",
              "name": "Replication Through Removable Media",
              "display_name": "T1091 - Replication Through Removable Media"
            },
            {
              "id": "T1120",
              "name": "Peripheral Device Discovery",
              "display_name": "T1120 - Peripheral Device Discovery"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1406",
              "name": "Obfuscated Files or Information",
              "display_name": "T1406 - Obfuscated Files or Information"
            },
            {
              "id": "T1409",
              "name": "Access Stored Application Data",
              "display_name": "T1409 - Access Stored Application Data"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1422",
              "name": "System Network Configuration Discovery",
              "display_name": "T1422 - System Network Configuration Discovery"
            },
            {
              "id": "T1424",
              "name": "Process Discovery",
              "display_name": "T1424 - Process Discovery"
            },
            {
              "id": "T1426",
              "name": "System Information Discovery",
              "display_name": "T1426 - System Information Discovery"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1430",
              "name": "Location Tracking",
              "display_name": "T1430 - Location Tracking"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 163,
            "FileHash-SHA1": 98,
            "FileHash-SHA256": 884,
            "IPv4": 48,
            "URL": 150,
            "hostname": 170,
            "domain": 96,
            "CIDR": 1,
            "email": 3
          },
          "indicator_count": 1613,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "10 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a0e703e6a884aeed75d9180",
          "name": "snake logger darkbot CAPE Sandbox",
          "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
          "modified": "2026-05-21T02:38:54.205000",
          "created": "2026-05-21T02:38:54.205000",
          "tags": [
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "file size",
            "file type",
            "strong",
            "crc32",
            "sha1",
            "library",
            "accept",
            "date",
            "mainexe",
            "body",
            "shutdown",
            "guard",
            "title",
            "lockfile",
            "pxff pxff",
            "qxff qxff",
            "rxff rxff",
            "vxff vxff",
            "x8bxe5",
            "sx8b",
            "px8be px8be",
            "xf7xd8 xf7xd8",
            "pxe8 pxe8",
            "wx8b",
            "done",
            "pass",
            "chat",
            "handle",
            "cloudflare",
            "whois server",
            "entity cloud14",
            "net104",
            "net1040000",
            "cloud14",
            "cloud14 address",
            "townsend street",
            "city",
            "san francisco",
            "stateprov",
            "postalcode",
            "pe file",
            "mitre attack",
            "network info",
            "sample",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "malicious",
            "darkbot",
            "next",
            "script",
            "meta",
            "virustotal",
            "style",
            "noscript",
            "vtuishell",
            "function",
            "base",
            "iframe",
            "persist",
            "full",
            "android sandbox",
            "europemadrid",
            "current object",
            "has permission",
            "accesses",
            "dropped info",
            "zenbox android",
            "guest system",
            "persistence"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
            "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
            "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
            "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1091",
              "name": "Replication Through Removable Media",
              "display_name": "T1091 - Replication Through Removable Media"
            },
            {
              "id": "T1120",
              "name": "Peripheral Device Discovery",
              "display_name": "T1120 - Peripheral Device Discovery"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1406",
              "name": "Obfuscated Files or Information",
              "display_name": "T1406 - Obfuscated Files or Information"
            },
            {
              "id": "T1409",
              "name": "Access Stored Application Data",
              "display_name": "T1409 - Access Stored Application Data"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1422",
              "name": "System Network Configuration Discovery",
              "display_name": "T1422 - System Network Configuration Discovery"
            },
            {
              "id": "T1424",
              "name": "Process Discovery",
              "display_name": "T1424 - Process Discovery"
            },
            {
              "id": "T1426",
              "name": "System Information Discovery",
              "display_name": "T1426 - System Information Discovery"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1430",
              "name": "Location Tracking",
              "display_name": "T1430 - Location Tracking"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 163,
            "FileHash-SHA1": 98,
            "FileHash-SHA256": 884,
            "IPv4": 48,
            "URL": 150,
            "hostname": 170,
            "domain": 96,
            "CIDR": 1,
            "email": 3
          },
          "indicator_count": 1613,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "10 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a0e7033ee9e679939ba3294",
          "name": "snake logger darkbot CAPE Sandbox",
          "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
          "modified": "2026-05-21T02:38:43.726000",
          "created": "2026-05-21T02:38:43.726000",
          "tags": [
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "file size",
            "file type",
            "strong",
            "crc32",
            "sha1",
            "library",
            "accept",
            "date",
            "mainexe",
            "body",
            "shutdown",
            "guard",
            "title",
            "lockfile",
            "pxff pxff",
            "qxff qxff",
            "rxff rxff",
            "vxff vxff",
            "x8bxe5",
            "sx8b",
            "px8be px8be",
            "xf7xd8 xf7xd8",
            "pxe8 pxe8",
            "wx8b",
            "done",
            "pass",
            "chat",
            "handle",
            "cloudflare",
            "whois server",
            "entity cloud14",
            "net104",
            "net1040000",
            "cloud14",
            "cloud14 address",
            "townsend street",
            "city",
            "san francisco",
            "stateprov",
            "postalcode",
            "pe file",
            "mitre attack",
            "network info",
            "sample",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "malicious",
            "darkbot",
            "next",
            "script",
            "meta",
            "virustotal",
            "style",
            "noscript",
            "vtuishell",
            "function",
            "base",
            "iframe",
            "persist",
            "full",
            "android sandbox",
            "europemadrid",
            "current object",
            "has permission",
            "accesses",
            "dropped info",
            "zenbox android",
            "guest system",
            "persistence"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
            "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
            "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
            "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1091",
              "name": "Replication Through Removable Media",
              "display_name": "T1091 - Replication Through Removable Media"
            },
            {
              "id": "T1120",
              "name": "Peripheral Device Discovery",
              "display_name": "T1120 - Peripheral Device Discovery"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1406",
              "name": "Obfuscated Files or Information",
              "display_name": "T1406 - Obfuscated Files or Information"
            },
            {
              "id": "T1409",
              "name": "Access Stored Application Data",
              "display_name": "T1409 - Access Stored Application Data"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1422",
              "name": "System Network Configuration Discovery",
              "display_name": "T1422 - System Network Configuration Discovery"
            },
            {
              "id": "T1424",
              "name": "Process Discovery",
              "display_name": "T1424 - Process Discovery"
            },
            {
              "id": "T1426",
              "name": "System Information Discovery",
              "display_name": "T1426 - System Information Discovery"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1430",
              "name": "Location Tracking",
              "display_name": "T1430 - Location Tracking"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 163,
            "FileHash-SHA1": 98,
            "FileHash-SHA256": 884,
            "IPv4": 48,
            "URL": 150,
            "hostname": 170,
            "domain": 96,
            "CIDR": 1,
            "email": 3
          },
          "indicator_count": 1613,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "10 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6a0e702f7b1b513a66e1789e",
          "name": "snake logger darkbot CAPE Sandbox",
          "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
          "modified": "2026-05-21T02:38:39.508000",
          "created": "2026-05-21T02:38:39.508000",
          "tags": [
            "mwdb",
            "bazaar",
            "sha3384",
            "ssdeep",
            "file size",
            "file type",
            "strong",
            "crc32",
            "sha1",
            "library",
            "accept",
            "date",
            "mainexe",
            "body",
            "shutdown",
            "guard",
            "title",
            "lockfile",
            "pxff pxff",
            "qxff qxff",
            "rxff rxff",
            "vxff vxff",
            "x8bxe5",
            "sx8b",
            "px8be px8be",
            "xf7xd8 xf7xd8",
            "pxe8 pxe8",
            "wx8b",
            "done",
            "pass",
            "chat",
            "handle",
            "cloudflare",
            "whois server",
            "entity cloud14",
            "net104",
            "net1040000",
            "cloud14",
            "cloud14 address",
            "townsend street",
            "city",
            "san francisco",
            "stateprov",
            "postalcode",
            "pe file",
            "mitre attack",
            "network info",
            "sample",
            "t1055 process",
            "overview",
            "processes extra",
            "overview zenbox",
            "verdict",
            "malicious",
            "darkbot",
            "next",
            "script",
            "meta",
            "virustotal",
            "style",
            "noscript",
            "vtuishell",
            "function",
            "base",
            "iframe",
            "persist",
            "full",
            "android sandbox",
            "europemadrid",
            "current object",
            "has permission",
            "accesses",
            "dropped info",
            "zenbox android",
            "guest system",
            "persistence"
          ],
          "references": [
            "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
            "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
            "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
            "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
            "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1202",
              "name": "Indirect Command Execution",
              "display_name": "T1202 - Indirect Command Execution"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1091",
              "name": "Replication Through Removable Media",
              "display_name": "T1091 - Replication Through Removable Media"
            },
            {
              "id": "T1120",
              "name": "Peripheral Device Discovery",
              "display_name": "T1120 - Peripheral Device Discovery"
            },
            {
              "id": "T1574",
              "name": "Hijack Execution Flow",
              "display_name": "T1574 - Hijack Execution Flow"
            },
            {
              "id": "T1406",
              "name": "Obfuscated Files or Information",
              "display_name": "T1406 - Obfuscated Files or Information"
            },
            {
              "id": "T1409",
              "name": "Access Stored Application Data",
              "display_name": "T1409 - Access Stored Application Data"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1422",
              "name": "System Network Configuration Discovery",
              "display_name": "T1422 - System Network Configuration Discovery"
            },
            {
              "id": "T1424",
              "name": "Process Discovery",
              "display_name": "T1424 - Process Discovery"
            },
            {
              "id": "T1426",
              "name": "System Information Discovery",
              "display_name": "T1426 - System Information Discovery"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1430",
              "name": "Location Tracking",
              "display_name": "T1430 - Location Tracking"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 163,
            "FileHash-SHA1": 98,
            "FileHash-SHA256": 884,
            "IPv4": 48,
            "URL": 150,
            "hostname": 170,
            "domain": 96,
            "CIDR": 1,
            "email": 3
          },
          "indicator_count": 1613,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "10 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6570a0d760557004620f409f",
          "name": "Kelowna Mental Health",
          "description": "",
          "modified": "2023-12-06T16:27:03.467000",
          "created": "2023-12-06T16:27:03.467000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 715,
            "CVE": 20,
            "FileHash-MD5": 8943,
            "FileHash-SHA256": 37374,
            "FileHash-SHA1": 8939,
            "JA3": 11,
            "domain": 497,
            "URL": 408,
            "email": 38,
            "FilePath": 1
          },
          "indicator_count": 56946,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 111,
          "modified_text": "907 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65707fdbb37f753f0d0e2b33",
          "name": "www.marynanhuffman.com",
          "description": "",
          "modified": "2023-12-06T14:06:19.196000",
          "created": "2023-12-06T14:06:19.196000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 2,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "api",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "StreamMiningEx",
            "id": "262917",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 138,
            "FileHash-SHA256": 46,
            "URL": 263,
            "domain": 114,
            "FileHash-SHA1": 17,
            "email": 5
          },
          "indicator_count": 583,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 109,
          "modified_text": "907 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6524d83ab4ac3a4ecbabeea9",
          "name": "https://freedom.press/people/edward-snowden/",
          "description": "",
          "modified": "2023-11-11T05:02:06.903000",
          "created": "2023-10-10T04:51:06.533000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "ellenmmm",
            "id": "233693",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 102,
            "domain": 31,
            "hostname": 128,
            "email": 2,
            "FileHash-SHA256": 5016,
            "FileHash-MD5": 1014,
            "FileHash-SHA1": 1014,
            "JA3": 1
          },
          "indicator_count": 7308,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 82,
          "modified_text": "932 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "64e9896df7ea5c41750e6aac",
          "name": "Kelowna Mental Health",
          "description": "",
          "modified": "2023-10-14T00:01:59.166000",
          "created": "2023-08-26T05:11:09.863000",
          "tags": [],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 9,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "ellenmmm",
            "id": "233693",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 785,
            "domain": 550,
            "email": 38,
            "URL": 511,
            "CVE": 21,
            "FileHash-MD5": 15725,
            "FileHash-SHA1": 15719,
            "FileHash-SHA256": 67914,
            "JA3": 11,
            "FilePath": 1
          },
          "indicator_count": 101275,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 88,
          "modified_text": "960 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "621feccd3eb09967ae934523",
          "name": "www.marynanhuffman.com",
          "description": "",
          "modified": "2022-04-01T00:01:54.852000",
          "created": "2022-03-02T22:16:45.712000",
          "tags": [
            "key identifier",
            "x509v3 subject",
            "online",
            "llc creation",
            "date",
            "threatseeker",
            "comodo valkyrie",
            "verdict",
            "dns records",
            "record type",
            "server",
            "code",
            "registrar abuse",
            "available from",
            "fort lauderdale",
            "moniker privacy",
            "city",
            "contact email",
            "contact phone",
            "moniker online",
            "passive dns",
            "siblings",
            "whois lookups",
            "registrant",
            "historical ssl",
            "graph summary"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 5,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Kailula4",
            "id": "131997",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "hostname": 138,
            "URL": 263,
            "domain": 114,
            "FileHash-SHA256": 46,
            "FileHash-SHA1": 17,
            "email": 5
          },
          "indicator_count": 583,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 405,
          "modified_text": "1521 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ",
        "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
        "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
        "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 10,
  "pulses": [
    {
      "id": "6a0e70462533707c15e72292",
      "name": "snake logger darkbot CAPE Sandbox",
      "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
      "modified": "2026-05-21T03:36:39.925000",
      "created": "2026-05-21T02:39:02.897000",
      "tags": [
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "file size",
        "file type",
        "strong",
        "crc32",
        "sha1",
        "library",
        "accept",
        "date",
        "mainexe",
        "body",
        "shutdown",
        "guard",
        "title",
        "lockfile",
        "pxff pxff",
        "qxff qxff",
        "rxff rxff",
        "vxff vxff",
        "x8bxe5",
        "sx8b",
        "px8be px8be",
        "xf7xd8 xf7xd8",
        "pxe8 pxe8",
        "wx8b",
        "done",
        "pass",
        "chat",
        "handle",
        "cloudflare",
        "whois server",
        "entity cloud14",
        "net104",
        "net1040000",
        "cloud14",
        "cloud14 address",
        "townsend street",
        "city",
        "san francisco",
        "stateprov",
        "postalcode",
        "pe file",
        "mitre attack",
        "network info",
        "sample",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "malicious",
        "darkbot",
        "next",
        "script",
        "meta",
        "virustotal",
        "style",
        "noscript",
        "vtuishell",
        "function",
        "base",
        "iframe",
        "persist",
        "full",
        "android sandbox",
        "europemadrid",
        "current object",
        "has permission",
        "accesses",
        "dropped info",
        "zenbox android",
        "guest system",
        "persistence"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
        "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
        "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
        "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1091",
          "name": "Replication Through Removable Media",
          "display_name": "T1091 - Replication Through Removable Media"
        },
        {
          "id": "T1120",
          "name": "Peripheral Device Discovery",
          "display_name": "T1120 - Peripheral Device Discovery"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1406",
          "name": "Obfuscated Files or Information",
          "display_name": "T1406 - Obfuscated Files or Information"
        },
        {
          "id": "T1409",
          "name": "Access Stored Application Data",
          "display_name": "T1409 - Access Stored Application Data"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1422",
          "name": "System Network Configuration Discovery",
          "display_name": "T1422 - System Network Configuration Discovery"
        },
        {
          "id": "T1424",
          "name": "Process Discovery",
          "display_name": "T1424 - Process Discovery"
        },
        {
          "id": "T1426",
          "name": "System Information Discovery",
          "display_name": "T1426 - System Information Discovery"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1430",
          "name": "Location Tracking",
          "display_name": "T1430 - Location Tracking"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 212,
        "FileHash-SHA1": 226,
        "FileHash-SHA256": 1512,
        "IPv4": 409,
        "URL": 880,
        "hostname": 1350,
        "domain": 378,
        "CIDR": 1,
        "email": 3,
        "Mutex": 3
      },
      "indicator_count": 4974,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "10 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a0e703e7c0457682c548691",
      "name": "snake logger darkbot CAPE Sandbox",
      "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
      "modified": "2026-05-21T02:38:54.394000",
      "created": "2026-05-21T02:38:54.394000",
      "tags": [
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "file size",
        "file type",
        "strong",
        "crc32",
        "sha1",
        "library",
        "accept",
        "date",
        "mainexe",
        "body",
        "shutdown",
        "guard",
        "title",
        "lockfile",
        "pxff pxff",
        "qxff qxff",
        "rxff rxff",
        "vxff vxff",
        "x8bxe5",
        "sx8b",
        "px8be px8be",
        "xf7xd8 xf7xd8",
        "pxe8 pxe8",
        "wx8b",
        "done",
        "pass",
        "chat",
        "handle",
        "cloudflare",
        "whois server",
        "entity cloud14",
        "net104",
        "net1040000",
        "cloud14",
        "cloud14 address",
        "townsend street",
        "city",
        "san francisco",
        "stateprov",
        "postalcode",
        "pe file",
        "mitre attack",
        "network info",
        "sample",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "malicious",
        "darkbot",
        "next",
        "script",
        "meta",
        "virustotal",
        "style",
        "noscript",
        "vtuishell",
        "function",
        "base",
        "iframe",
        "persist",
        "full",
        "android sandbox",
        "europemadrid",
        "current object",
        "has permission",
        "accesses",
        "dropped info",
        "zenbox android",
        "guest system",
        "persistence"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
        "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
        "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
        "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1091",
          "name": "Replication Through Removable Media",
          "display_name": "T1091 - Replication Through Removable Media"
        },
        {
          "id": "T1120",
          "name": "Peripheral Device Discovery",
          "display_name": "T1120 - Peripheral Device Discovery"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1406",
          "name": "Obfuscated Files or Information",
          "display_name": "T1406 - Obfuscated Files or Information"
        },
        {
          "id": "T1409",
          "name": "Access Stored Application Data",
          "display_name": "T1409 - Access Stored Application Data"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1422",
          "name": "System Network Configuration Discovery",
          "display_name": "T1422 - System Network Configuration Discovery"
        },
        {
          "id": "T1424",
          "name": "Process Discovery",
          "display_name": "T1424 - Process Discovery"
        },
        {
          "id": "T1426",
          "name": "System Information Discovery",
          "display_name": "T1426 - System Information Discovery"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1430",
          "name": "Location Tracking",
          "display_name": "T1430 - Location Tracking"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 163,
        "FileHash-SHA1": 98,
        "FileHash-SHA256": 884,
        "IPv4": 48,
        "URL": 150,
        "hostname": 170,
        "domain": 96,
        "CIDR": 1,
        "email": 3
      },
      "indicator_count": 1613,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "10 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a0e703e6a884aeed75d9180",
      "name": "snake logger darkbot CAPE Sandbox",
      "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
      "modified": "2026-05-21T02:38:54.205000",
      "created": "2026-05-21T02:38:54.205000",
      "tags": [
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "file size",
        "file type",
        "strong",
        "crc32",
        "sha1",
        "library",
        "accept",
        "date",
        "mainexe",
        "body",
        "shutdown",
        "guard",
        "title",
        "lockfile",
        "pxff pxff",
        "qxff qxff",
        "rxff rxff",
        "vxff vxff",
        "x8bxe5",
        "sx8b",
        "px8be px8be",
        "xf7xd8 xf7xd8",
        "pxe8 pxe8",
        "wx8b",
        "done",
        "pass",
        "chat",
        "handle",
        "cloudflare",
        "whois server",
        "entity cloud14",
        "net104",
        "net1040000",
        "cloud14",
        "cloud14 address",
        "townsend street",
        "city",
        "san francisco",
        "stateprov",
        "postalcode",
        "pe file",
        "mitre attack",
        "network info",
        "sample",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "malicious",
        "darkbot",
        "next",
        "script",
        "meta",
        "virustotal",
        "style",
        "noscript",
        "vtuishell",
        "function",
        "base",
        "iframe",
        "persist",
        "full",
        "android sandbox",
        "europemadrid",
        "current object",
        "has permission",
        "accesses",
        "dropped info",
        "zenbox android",
        "guest system",
        "persistence"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
        "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
        "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
        "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1091",
          "name": "Replication Through Removable Media",
          "display_name": "T1091 - Replication Through Removable Media"
        },
        {
          "id": "T1120",
          "name": "Peripheral Device Discovery",
          "display_name": "T1120 - Peripheral Device Discovery"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1406",
          "name": "Obfuscated Files or Information",
          "display_name": "T1406 - Obfuscated Files or Information"
        },
        {
          "id": "T1409",
          "name": "Access Stored Application Data",
          "display_name": "T1409 - Access Stored Application Data"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1422",
          "name": "System Network Configuration Discovery",
          "display_name": "T1422 - System Network Configuration Discovery"
        },
        {
          "id": "T1424",
          "name": "Process Discovery",
          "display_name": "T1424 - Process Discovery"
        },
        {
          "id": "T1426",
          "name": "System Information Discovery",
          "display_name": "T1426 - System Information Discovery"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1430",
          "name": "Location Tracking",
          "display_name": "T1430 - Location Tracking"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 163,
        "FileHash-SHA1": 98,
        "FileHash-SHA256": 884,
        "IPv4": 48,
        "URL": 150,
        "hostname": 170,
        "domain": 96,
        "CIDR": 1,
        "email": 3
      },
      "indicator_count": 1613,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "10 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a0e7033ee9e679939ba3294",
      "name": "snake logger darkbot CAPE Sandbox",
      "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
      "modified": "2026-05-21T02:38:43.726000",
      "created": "2026-05-21T02:38:43.726000",
      "tags": [
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "file size",
        "file type",
        "strong",
        "crc32",
        "sha1",
        "library",
        "accept",
        "date",
        "mainexe",
        "body",
        "shutdown",
        "guard",
        "title",
        "lockfile",
        "pxff pxff",
        "qxff qxff",
        "rxff rxff",
        "vxff vxff",
        "x8bxe5",
        "sx8b",
        "px8be px8be",
        "xf7xd8 xf7xd8",
        "pxe8 pxe8",
        "wx8b",
        "done",
        "pass",
        "chat",
        "handle",
        "cloudflare",
        "whois server",
        "entity cloud14",
        "net104",
        "net1040000",
        "cloud14",
        "cloud14 address",
        "townsend street",
        "city",
        "san francisco",
        "stateprov",
        "postalcode",
        "pe file",
        "mitre attack",
        "network info",
        "sample",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "malicious",
        "darkbot",
        "next",
        "script",
        "meta",
        "virustotal",
        "style",
        "noscript",
        "vtuishell",
        "function",
        "base",
        "iframe",
        "persist",
        "full",
        "android sandbox",
        "europemadrid",
        "current object",
        "has permission",
        "accesses",
        "dropped info",
        "zenbox android",
        "guest system",
        "persistence"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
        "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
        "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
        "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1091",
          "name": "Replication Through Removable Media",
          "display_name": "T1091 - Replication Through Removable Media"
        },
        {
          "id": "T1120",
          "name": "Peripheral Device Discovery",
          "display_name": "T1120 - Peripheral Device Discovery"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1406",
          "name": "Obfuscated Files or Information",
          "display_name": "T1406 - Obfuscated Files or Information"
        },
        {
          "id": "T1409",
          "name": "Access Stored Application Data",
          "display_name": "T1409 - Access Stored Application Data"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1422",
          "name": "System Network Configuration Discovery",
          "display_name": "T1422 - System Network Configuration Discovery"
        },
        {
          "id": "T1424",
          "name": "Process Discovery",
          "display_name": "T1424 - Process Discovery"
        },
        {
          "id": "T1426",
          "name": "System Information Discovery",
          "display_name": "T1426 - System Information Discovery"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1430",
          "name": "Location Tracking",
          "display_name": "T1430 - Location Tracking"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 163,
        "FileHash-SHA1": 98,
        "FileHash-SHA256": 884,
        "IPv4": 48,
        "URL": 150,
        "hostname": 170,
        "domain": 96,
        "CIDR": 1,
        "email": 3
      },
      "indicator_count": 1613,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "10 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6a0e702f7b1b513a66e1789e",
      "name": "snake logger darkbot CAPE Sandbox",
      "description": "The full text of the full report on the events of 9 March 2017:..-. and the details will appear on BBC Radio 5 live on Wednesday, 7 March at 19:00 BST",
      "modified": "2026-05-21T02:38:39.508000",
      "created": "2026-05-21T02:38:39.508000",
      "tags": [
        "mwdb",
        "bazaar",
        "sha3384",
        "ssdeep",
        "file size",
        "file type",
        "strong",
        "crc32",
        "sha1",
        "library",
        "accept",
        "date",
        "mainexe",
        "body",
        "shutdown",
        "guard",
        "title",
        "lockfile",
        "pxff pxff",
        "qxff qxff",
        "rxff rxff",
        "vxff vxff",
        "x8bxe5",
        "sx8b",
        "px8be px8be",
        "xf7xd8 xf7xd8",
        "pxe8 pxe8",
        "wx8b",
        "done",
        "pass",
        "chat",
        "handle",
        "cloudflare",
        "whois server",
        "entity cloud14",
        "net104",
        "net1040000",
        "cloud14",
        "cloud14 address",
        "townsend street",
        "city",
        "san francisco",
        "stateprov",
        "postalcode",
        "pe file",
        "mitre attack",
        "network info",
        "sample",
        "t1055 process",
        "overview",
        "processes extra",
        "overview zenbox",
        "verdict",
        "malicious",
        "darkbot",
        "next",
        "script",
        "meta",
        "virustotal",
        "style",
        "noscript",
        "vtuishell",
        "function",
        "base",
        "iframe",
        "persist",
        "full",
        "android sandbox",
        "europemadrid",
        "current object",
        "has permission",
        "accesses",
        "dropped info",
        "zenbox android",
        "guest system",
        "persistence"
      ],
      "references": [
        "https://vtbehaviour.commondatastorage.googleapis.com/f0a6b89ec7eee83274cd484cea526b970a3ef28038799b0a5774bb33c5793b55_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329568&Signature=IkbWoghENMgO0Vi0G33kEnSpOwdmP8yBe7C%2BtzhHBskojswgkdMlYDj0DOnptywc64KNSUgeupN5mWkS0LXuybETgPHYd4HYPG8ktV7dUbnVRIG%2BcsTjFEK1dZI5NvQDbZYsD3OWFsK6gil71bHUphUIWfLjNXuajVj%2BR11zcJWhS%2FtDQzx2O%2BIBuHP86PbUTEMDoHHFkHoZHwhwcDL8G9RoicUPSVKewZ3RhcaX2Xpc%2F3cyKq",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779329682&Signature=HQsQ6JIJ6eEe2cR78wlv7R7l5ka1KLsn%2FolYSQzBCEPpjgQAJOi%2FDuHtwY5l6CHb4sK8tHHAq1ifF44vJOlpMihyRW33STqD01QJ2jNm%2Bkdc6Ph8UQ6BnEciHeADfB3v5dXyl%2FYkkQ%2FJqV3mZMbc9tBQmza3HsXWtSYxdVWBsqaXdnyVKaxexVF16f9AuDf9GSj96MEPsmoQB35tjbXvupGv%2BXioRvdJxk37gOH81p32wQ%2Bvv",
        "https://vtbehaviour.commondatastorage.googleapis.com/bf6a466412d657c940e417486231c7d0443fddc1bd687ae011c3ec2809bd56dc_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330293&Signature=Z%2Fd5falNeJ5Sr83mYEi%2BXDKCueLy3vcdeeLt%2F%2FNNTmDXr%2B8VOhZSaUnqgn7tIHVA8sq4kfxOzP8atA2c%2BkDkbSMTYMi3E2RaudxzZ0cIQcin0cwG%2Bc6Ah2LkmwlvMSiFV2BX4rHMhMenVEE8PHVtnpQUrwYJEdD3V1NkUTJShKSuzJjMJIjIpdICKBBn5ZDfJfnqlDpVn9uo4Tcb0QMyPPPEv5j0de44oISnibMExEhbIgFshum5V7Jc",
        "https://vtbehaviour.commondatastorage.googleapis.com/ccd573523bfa74f41c41e6a020c5b760d52460e0a77129b7c6673d4f4ac0bfd5_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330635&Signature=re%2FuG4fUxL0rE3q7lOequC7gJICljDctOzy7nBhrje3uBPHhClYMNGKxYWnAC4e%2BRhBHKSaS3ZthKB8ivGxIdfUS8ktxU5Yl1qI11t37%2BFm057DGulZHdhT0By8vjA7mju1EkgRYFXcdpUcsdk7bQ6yqQd0qFGyGNC30ZRU5EFTgBjbysmi6Hj2D9odG2fpcFfzOTUThiGWhII78HarsZBdhHlA5AClXfDw92AC07XjP50bnJV7dT2na",
        "https://vtbehaviour.commondatastorage.googleapis.com/0366e99c4dd0b3f3ba1f0ee53be280ace9aa36629ecdda4227fbe0dcd69adf24_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779330865&Signature=lTq%2B4domCQZf0DZuQ3%2F9AT3rOnxLdz3OKyhp1PGSrjZFKLq%2F5r4d%2FTImb9SgUHTfTbNrFv7uPQTjrB7TpEsAb%2F0gIQcLxpJlOftQ5ifzx5Dh%2BSc2lHI55YuUZeDxmqAbHZqIYy2loL6d%2BcooLmEI%2B4k7LyHGHyw3DZZDYobzE1zNKqjZjFADoJpK%2F1Z95DjMX1%2BVtf6sn4oCPXQ1%2FfMPTrD2YillSIeb88t",
        "https://vtbehaviour.commondatastorage.googleapis.com/00066842ce6c13b3db2a0b8843830ef5d82c5c86ca8da83c59e90e93b7dc5c8a_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779331227&Signature=MCrqghYx6iIxE%2B5YcfGg76mxr1FAs%2BmV1x6LMN8xzbe3DWO3sIhTzJErmNAjCDdrSDtD%2FTJrs8xdyOmhEBYRnfM%2BoDkCgfL54Khogx3XitiZHEZOoJ%2BG6ndTrPeQySymflSLswl1sKNnO8uMTOkxNFDPVHpuA%2BHvhZ4svmsijbULQ00M51GilsEzK7yXE9M%2Fh%2FTHn4hR0W23S%2BBS7lted0EedxLSgIVapglnQQpGMQ"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1202",
          "name": "Indirect Command Execution",
          "display_name": "T1202 - Indirect Command Execution"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1091",
          "name": "Replication Through Removable Media",
          "display_name": "T1091 - Replication Through Removable Media"
        },
        {
          "id": "T1120",
          "name": "Peripheral Device Discovery",
          "display_name": "T1120 - Peripheral Device Discovery"
        },
        {
          "id": "T1574",
          "name": "Hijack Execution Flow",
          "display_name": "T1574 - Hijack Execution Flow"
        },
        {
          "id": "T1406",
          "name": "Obfuscated Files or Information",
          "display_name": "T1406 - Obfuscated Files or Information"
        },
        {
          "id": "T1409",
          "name": "Access Stored Application Data",
          "display_name": "T1409 - Access Stored Application Data"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1422",
          "name": "System Network Configuration Discovery",
          "display_name": "T1422 - System Network Configuration Discovery"
        },
        {
          "id": "T1424",
          "name": "Process Discovery",
          "display_name": "T1424 - Process Discovery"
        },
        {
          "id": "T1426",
          "name": "System Information Discovery",
          "display_name": "T1426 - System Information Discovery"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1430",
          "name": "Location Tracking",
          "display_name": "T1430 - Location Tracking"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 163,
        "FileHash-SHA1": 98,
        "FileHash-SHA256": 884,
        "IPv4": 48,
        "URL": 150,
        "hostname": 170,
        "domain": 96,
        "CIDR": 1,
        "email": 3
      },
      "indicator_count": 1613,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "10 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6570a0d760557004620f409f",
      "name": "Kelowna Mental Health",
      "description": "",
      "modified": "2023-12-06T16:27:03.467000",
      "created": "2023-12-06T16:27:03.467000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 9,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 715,
        "CVE": 20,
        "FileHash-MD5": 8943,
        "FileHash-SHA256": 37374,
        "FileHash-SHA1": 8939,
        "JA3": 11,
        "domain": 497,
        "URL": 408,
        "email": 38,
        "FilePath": 1
      },
      "indicator_count": 56946,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 111,
      "modified_text": "907 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65707fdbb37f753f0d0e2b33",
      "name": "www.marynanhuffman.com",
      "description": "",
      "modified": "2023-12-06T14:06:19.196000",
      "created": "2023-12-06T14:06:19.196000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 2,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "api",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "StreamMiningEx",
        "id": "262917",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 138,
        "FileHash-SHA256": 46,
        "URL": 263,
        "domain": 114,
        "FileHash-SHA1": 17,
        "email": 5
      },
      "indicator_count": 583,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 109,
      "modified_text": "907 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6524d83ab4ac3a4ecbabeea9",
      "name": "https://freedom.press/people/edward-snowden/",
      "description": "",
      "modified": "2023-11-11T05:02:06.903000",
      "created": "2023-10-10T04:51:06.533000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 9,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "ellenmmm",
        "id": "233693",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 102,
        "domain": 31,
        "hostname": 128,
        "email": 2,
        "FileHash-SHA256": 5016,
        "FileHash-MD5": 1014,
        "FileHash-SHA1": 1014,
        "JA3": 1
      },
      "indicator_count": 7308,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 82,
      "modified_text": "932 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "64e9896df7ea5c41750e6aac",
      "name": "Kelowna Mental Health",
      "description": "",
      "modified": "2023-10-14T00:01:59.166000",
      "created": "2023-08-26T05:11:09.863000",
      "tags": [],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 9,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "ellenmmm",
        "id": "233693",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 785,
        "domain": 550,
        "email": 38,
        "URL": 511,
        "CVE": 21,
        "FileHash-MD5": 15725,
        "FileHash-SHA1": 15719,
        "FileHash-SHA256": 67914,
        "JA3": 11,
        "FilePath": 1
      },
      "indicator_count": 101275,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 88,
      "modified_text": "960 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "621feccd3eb09967ae934523",
      "name": "www.marynanhuffman.com",
      "description": "",
      "modified": "2022-04-01T00:01:54.852000",
      "created": "2022-03-02T22:16:45.712000",
      "tags": [
        "key identifier",
        "x509v3 subject",
        "online",
        "llc creation",
        "date",
        "threatseeker",
        "comodo valkyrie",
        "verdict",
        "dns records",
        "record type",
        "server",
        "code",
        "registrar abuse",
        "available from",
        "fort lauderdale",
        "moniker privacy",
        "city",
        "contact email",
        "contact phone",
        "moniker online",
        "passive dns",
        "siblings",
        "whois lookups",
        "registrant",
        "historical ssl",
        "graph summary"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 5,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Kailula4",
        "id": "131997",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "hostname": 138,
        "URL": 263,
        "domain": 114,
        "FileHash-SHA256": 46,
        "FileHash-SHA1": 17,
        "email": 5
      },
      "indicator_count": 583,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 405,
      "modified_text": "1521 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "moniker.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "moniker.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780245593.5834055
}