{ "type": "Domain", "indicator": "nadalconsultancy.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/nadalconsultancy.com", "alexa": "http://www.alexa.com/siteinfo/nadalconsultancy.com", "indicator": "nadalconsultancy.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4348773621, "indicator": "nadalconsultancy.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "6a0eac9ae62f3f9f50ca0d18", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T07:00:40.184000", "created": "2026-05-21T06:56:26.458000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 101, "FileHash-SHA1": 99, "FileHash-SHA256": 799, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1356, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0eac9bd286b53466d6e28f", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T06:56:27.437000", "created": "2026-05-21T06:56:27.437000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 38, "FileHash-SHA1": 37, "FileHash-SHA256": 741, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1173, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb598920fbedf3e41342", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:43:56.692000", "created": "2026-05-12T08:56:57.100000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 376, "FileHash-SHA1": 144, "FileHash-SHA256": 285, "IPv4": 67, "URL": 154, "domain": 297, "hostname": 152, "email": 4, "YARA": 11 }, "indicator_count": 1490, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb577acf40ff18578c13", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:00:02.785000", "created": "2026-05-12T08:56:55.407000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 368, "FileHash-SHA1": 142, "FileHash-SHA256": 281, "IPv4": 61, "URL": 104, "domain": 295, "hostname": 132, "email": 2 }, "indicator_count": 1385, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb5bb415c3d8211f2a69", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:00:01.413000", "created": "2026-05-12T08:56:59.194000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 368, "FileHash-SHA1": 142, "FileHash-SHA256": 281, "IPv4": 59, "URL": 102, "domain": 71, "hostname": 117 }, "indicator_count": 1140, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb5aebd8b5cd4e1a10b8", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:00:00.080000", "created": "2026-05-12T08:56:58.095000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 368, "FileHash-SHA1": 142, "FileHash-SHA256": 281, "IPv4": 59, "URL": 102, "domain": 71, "hostname": 118 }, "indicator_count": 1141, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd8916c718cee78b1d08d1", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T10:32:41.135000", "created": "2026-05-08T06:56:22.767000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 304, "FileHash-SHA1": 239, "FileHash-SHA256": 499, "IPv4": 95, "hostname": 326, "URL": 275, "domain": 84, "email": 3 }, "indicator_count": 1825, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd89a0d875f839031c7257", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:58:40.278000", "created": "2026-05-08T06:58:40.278000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd8918bf6e94d6a4740f1c", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:56:24.079000", "created": "2026-05-08T06:56:24.079000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "6a0eac9ae62f3f9f50ca0d18", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T07:00:40.184000", "created": "2026-05-21T06:56:26.458000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 101, "FileHash-SHA1": 99, "FileHash-SHA256": 799, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1356, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0eac9bd286b53466d6e28f", "name": "test/recall VirusTotal report for App_20250512084741811.apk", "description": "May 12,2025", "modified": "2026-05-21T06:56:27.437000", "created": "2026-05-21T06:56:27.437000", "tags": [ "file type", "ascii" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "IPv4": 4, "FileHash-MD5": 38, "FileHash-SHA1": 37, "FileHash-SHA256": 741, "domain": 187, "URL": 142, "hostname": 24 }, "indicator_count": 1173, "is_author": false, "is_subscribing": null, "subscriber_count": 65, "modified_text": "9 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb598920fbedf3e41342", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:43:56.692000", "created": "2026-05-12T08:56:57.100000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 376, "FileHash-SHA1": 144, "FileHash-SHA256": 285, "IPv4": 67, "URL": 154, "domain": 297, "hostname": 152, "email": 4, "YARA": 11 }, "indicator_count": 1490, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb577acf40ff18578c13", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:00:02.785000", "created": "2026-05-12T08:56:55.407000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 368, "FileHash-SHA1": 142, "FileHash-SHA256": 281, "IPv4": 61, "URL": 104, "domain": 295, "hostname": 132, "email": 2 }, "indicator_count": 1385, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb5bb415c3d8211f2a69", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:00:01.413000", "created": "2026-05-12T08:56:59.194000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 368, "FileHash-SHA1": 142, "FileHash-SHA256": 281, "IPv4": 59, "URL": 102, "domain": 71, "hostname": 117 }, "indicator_count": 1140, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a02eb5aebd8b5cd4e1a10b8", "name": "CAPE Sandbox - Dropped Files are Unacceptable", "description": "these files were \"dropped\" to me pcchecking-main/Ultra scan script", "modified": "2026-05-12T10:00:00.080000", "created": "2026-05-12T08:56:58.095000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 368, "FileHash-SHA1": 142, "FileHash-SHA256": 281, "IPv4": 59, "URL": 102, "domain": 71, "hostname": 118 }, "indicator_count": 1141, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd8916c718cee78b1d08d1", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T10:32:41.135000", "created": "2026-05-08T06:56:22.767000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 304, "FileHash-SHA1": 239, "FileHash-SHA256": 499, "IPv4": 95, "hostname": 326, "URL": 275, "domain": 84, "email": 3 }, "indicator_count": 1825, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd89a0d875f839031c7257", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:58:40.278000", "created": "2026-05-08T06:58:40.278000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fd8918bf6e94d6a4740f1c", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:56:24.079000", "created": "2026-05-08T06:56:24.079000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "nadalconsultancy.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "nadalconsultancy.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780197661.0977721 }