{ "type": "Domain", "indicator": "request.md", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/request.md", "alexa": "http://www.alexa.com/siteinfo/request.md", "indicator": "request.md", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3900877749, "indicator": "request.md", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 31, "pulses": [ { "id": "6a0e936ce3f3ebd4b76fee29", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T23:45:08.365000", "created": "2026-05-21T05:09:00.942000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 90, "FileHash-SHA256": 1997, "IPv4": 49, "domain": 34, "hostname": 124, "URL": 429, "URI": 1, "CIDR": 16 }, "indicator_count": 2944, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e935a4a7df45548fe942d", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:21:46.242000", "created": "2026-05-21T05:08:42.394000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 216, "FileHash-SHA1": 122, "FileHash-SHA256": 2487, "IPv4": 19, "domain": 47, "hostname": 73, "URL": 205, "URI": 1, "email": 1 }, "indicator_count": 3171, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936aec67867b0f6d29f3", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:23.417000", "created": "2026-05-21T05:08:58.537000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9368acb77419bf65660d", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:16.005000", "created": "2026-05-21T05:08:56.934000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936b647274be6ed25227", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:13.100000", "created": "2026-05-21T05:08:59.081000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936cb4a9e6db51876ae2", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:12.402000", "created": "2026-05-21T05:09:00.401000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f6f81dc2388c0fa027", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.563000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f683111bbbe1c9ae35", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.775000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f6657dd0c212d8344a", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.060000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 217, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 118, "hostname": 133, "email": 2 }, "indicator_count": 2150, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f511d0121d253b753d", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:53.436000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 224, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 140, "hostname": 166, "email": 2, "CVE": 8 }, "indicator_count": 2220, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f4d72c30f9586634b9", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:52.444000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 220, "FileHash-MD5": 562, "FileHash-SHA1": 566, "FileHash-SHA256": 1011, "URL": 125, "hostname": 139, "email": 4 }, "indicator_count": 2627, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d79c38e0a059039b475ebe", "name": "CAPE Sandbox", "description": "Email today from them on my line. Very wild things happening here. trying to close my line", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T12:31:52.495000", "tags": [ "html document", "unicode text", "utf8 text", "crlf", "lf line", "site", "meta", "verizon", "wireless", "internet", "phone services", "official", "shop verizon", "lte network", "get fios", "title", "code", "error", "utc na", "utc google", "tag manager", "gtmw2vn2cq", "utc dc9849921", "utc dc685973", "utc g12r1dx1lx7", "utc aw647962234", "utc aw2761768", "utc aw685973", "verizon business", "verizon for business", "verizon business account", "verizon business phone", "verizon wireless for business", "verizon business service", "verizon business plan", "business internet services", "learn", "gartner", "contact", "find", "discover", "support", "close log", "shop", "upgrade", "small", "voice", "chat", "mitre attack", "network info", "program", "html page", "t1055 process", "overview", "processes extra", "overview zenbox", "verdict", "guest system", "phishing", "next", "ver2", "msclkidn", "utc amazon", "analytics na", "utc bing", "vids1", "vids0", "gdlname" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "https://www.verizon.com/business/", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 772, "hostname": 706, "domain": 875, "FileHash-SHA256": 2348, "FileHash-MD5": 2237, "FileHash-SHA1": 2260, "CVE": 1, "email": 9 }, "indicator_count": 9208, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4f2dd828bbf0ac5efaa23", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:44.957000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4f2db0b3448671adcce16", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:43.156000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4f2d9ce86a445b484593b", "name": "VirusTotal report\n for sample.crx", "description": "A small sample of malware has been identified by researchers at the University of Oregon in the US, and the results are published on the web, as well as on Google's Chrome extension and other sites.", "modified": "2026-05-07T12:05:50.774000", "created": "2026-04-07T12:04:41.097000", "tags": [ "file type", "json", "ascii text", "png image", "crlf line", "ascii", "rgba", "unicode text", "utf8 text", "defense evasion", "malicious" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 668, "FileHash-MD5": 668, "FileHash-SHA1": 675, "URL": 153, "domain": 230, "hostname": 177, "email": 2 }, "indicator_count": 2573, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4595cd9283fc7a5aa03ab", "name": "VirusTotal Windows Sandbox - steganography", "description": "A full analysis of data gathered from an archive of files stored on a server at the University of California, Los Angeles, and stored in a secure server, has been published online by the National Security Agency (NSA).", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:09:48.152000", "tags": [ "windows sandbox", "calls clear", "file type", "png image", "rgba", "ms windows", "mpeg adts", "monaural", "jpeg image", "jfif", "gif image", "ascii text", "burma", "persistence", "window", "malicious", "union", "next", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "php script", "ascii", "crlf line", "unix", "mitre attack", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "creates", "network info", "sigma", "defense evasion", "sample", "t1055 process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 74, "FileHash-SHA256": 2921, "URL": 195, "domain": 120, "hostname": 101, "CVE": 1 }, "indicator_count": 3483, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4595beae76fc81c99cf63", "name": "VirusTotal Windows Sandbox - steganography", "description": "A full analysis of data gathered from an archive of files stored on a server at the University of California, Los Angeles, and stored in a secure server, has been published online by the National Security Agency (NSA).", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:09:47.895000", "tags": [ "windows sandbox", "calls clear", "file type", "png image", "rgba", "ms windows", "mpeg adts", "monaural", "jpeg image", "jfif", "gif image", "ascii text", "burma", "persistence", "window", "malicious", "union", "next", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "php script", "ascii", "crlf line", "unix", "mitre attack", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "creates", "network info", "sigma", "defense evasion", "sample", "t1055 process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 74, "FileHash-SHA256": 2921, "URL": 194, "domain": 120, "hostname": 101 }, "indicator_count": 3481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4595bad55db9318902436", "name": "VirusTotal Windows Sandbox - steganography", "description": "A full analysis of data gathered from an archive of files stored on a server at the University of California, Los Angeles, and stored in a secure server, has been published online by the National Security Agency (NSA).", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:09:47.753000", "tags": [ "windows sandbox", "calls clear", "file type", "png image", "rgba", "ms windows", "mpeg adts", "monaural", "jpeg image", "jfif", "gif image", "ascii text", "burma", "persistence", "window", "malicious", "union", "next", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "php script", "ascii", "crlf line", "unix", "mitre attack", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "creates", "network info", "sigma", "defense evasion", "sample", "t1055 process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 74, "FileHash-SHA256": 2921, "URL": 194, "domain": 120, "hostname": 101 }, "indicator_count": 3481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4595b8c340900560463a8", "name": "VirusTotal Windows Sandbox - steganography", "description": "A full analysis of data gathered from an archive of files stored on a server at the University of California, Los Angeles, and stored in a secure server, has been published online by the National Security Agency (NSA).", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:09:47.893000", "tags": [ "windows sandbox", "calls clear", "file type", "png image", "rgba", "ms windows", "mpeg adts", "monaural", "jpeg image", "jfif", "gif image", "ascii text", "burma", "persistence", "window", "malicious", "union", "next", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "php script", "ascii", "crlf line", "unix", "mitre attack", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "creates", "network info", "sigma", "defense evasion", "sample", "t1055 process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 74, "FileHash-SHA256": 2921, "URL": 194, "domain": 120, "hostname": 101 }, "indicator_count": 3481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4595a99f229f5b99ce366", "name": "VirusTotal Windows Sandbox - steganography", "description": "A full analysis of data gathered from an archive of files stored on a server at the University of California, Los Angeles, and stored in a secure server, has been published online by the National Security Agency (NSA).", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:09:46.696000", "tags": [ "windows sandbox", "calls clear", "file type", "png image", "rgba", "ms windows", "mpeg adts", "monaural", "jpeg image", "jfif", "gif image", "ascii text", "burma", "persistence", "window", "malicious", "union", "next", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "php script", "ascii", "crlf line", "unix", "mitre attack", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "creates", "network info", "sigma", "defense evasion", "sample", "t1055 process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 74, "FileHash-SHA256": 2921, "URL": 194, "domain": 120, "hostname": 101 }, "indicator_count": 3481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4594ea685ae6b9912f97b", "name": "VirusTotal Windows Sandbox - steganography", "description": "A full analysis of data gathered from an archive of files stored on a server at the University of California, Los Angeles, and stored in a secure server, has been published online by the National Security Agency (NSA).", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:09:34.613000", "tags": [ "windows sandbox", "calls clear", "file type", "png image", "rgba", "ms windows", "mpeg adts", "monaural", "jpeg image", "jfif", "gif image", "ascii text", "burma", "persistence", "window", "malicious", "union", "next", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "php script", "ascii", "crlf line", "unix", "mitre attack", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "creates", "network info", "sigma", "defense evasion", "sample", "t1055 process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 74, "FileHash-SHA256": 2921, "URL": 194, "domain": 120, "hostname": 101 }, "indicator_count": 3481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d45947ce0025cf5afbb117", "name": "VirusTotal Windows Sandbox - steganography", "description": "A full analysis of data gathered from an archive of files stored on a server at the University of California, Los Angeles, and stored in a secure server, has been published online by the National Security Agency (NSA).", "modified": "2026-05-07T01:01:09.875000", "created": "2026-04-07T01:09:27.333000", "tags": [ "windows sandbox", "calls clear", "file type", "png image", "rgba", "ms windows", "mpeg adts", "monaural", "jpeg image", "jfif", "gif image", "ascii text", "burma", "persistence", "window", "malicious", "union", "next", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "php script", "ascii", "crlf line", "unix", "mitre attack", "wed jun", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "creates", "network info", "sigma", "defense evasion", "sample", "t1055 process" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 74, "FileHash-SHA256": 2921, "URL": 194, "domain": 120, "hostname": 101 }, "indicator_count": 3481, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d452df7c1ea9136ee627df", "name": "VirusTotal Box of Apples Sandbox report", "description": "", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:42:07.725000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1066, "FileHash-MD5": 6, "FileHash-SHA1": 11, "domain": 111, "hostname": 67, "URL": 104 }, "indicator_count": 1365, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d452d748d0f072544a4564", "name": "VirusTotal Box of Apples Sandbox report", "description": "", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:41:59.068000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1066, "FileHash-MD5": 6, "FileHash-SHA1": 11, "domain": 111, "hostname": 66, "URL": 104 }, "indicator_count": 1364, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d452d5b2ebb31d314f0325", "name": "VirusTotal Box of Apples Sandbox report", "description": "", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:41:57.173000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1066, "FileHash-MD5": 6, "FileHash-SHA1": 11, "domain": 111, "hostname": 66, "URL": 104 }, "indicator_count": 1364, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d452d1096350bb560f7fee", "name": "VirusTotal Box of Apples Sandbox report", "description": "", "modified": "2026-05-07T00:00:42.275000", "created": "2026-04-07T00:41:53.433000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1066, "FileHash-MD5": 6, "FileHash-SHA1": 11, "domain": 111, "hostname": 66, "URL": 104 }, "indicator_count": 1364, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d4442a0b5217c34bbcbd2d", "name": "VirusTotal report\n for install.sh", "description": "", "modified": "2026-05-06T23:07:30.047000", "created": "2026-04-06T23:39:22.105000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 43, "FileHash-SHA1": 45, "FileHash-SHA256": 1421, "URL": 261, "hostname": 73, "domain": 235, "email": 1 }, "indicator_count": 2079, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d44428ad43f231ff43e175", "name": "VirusTotal report\n for install.sh", "description": "", "modified": "2026-05-06T23:07:30.047000", "created": "2026-04-06T23:39:20.767000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 43, "FileHash-SHA1": 45, "FileHash-SHA256": 1421, "URL": 261, "hostname": 73, "domain": 235, "email": 1 }, "indicator_count": 2079, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cc5cc7017a82e1df3fcbcc", "name": "Thunderstore Mod", "description": "The full text of the words \"glob\" and \"blubber\" has been published by BBC Radio 4 in the UK and Ireland, as well as the BBC Sport website and app.25f1531aa2073adb690c29a6be6b96e5\n565440a20048838fc7c7bac04e68afb5e8c22033\n087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980\n0cdbf7db333899d26d0fa0c09cfb318c\n393216:qKtKBjQtJlQmiSgMnA1bMtICpQTTH6M8qw:HMRQtJKmiSe1bCkTHWqw\nT188D6330AAA1D1C22CE7590FE75161103B74BE184548DF72A1A6F387EDC576C43EAF22E\nZIP \ncompressed\nzip\nZip archive data, at least v1.0 to extract, compression method=store\nThunderstore Mod package (82.6%) ZIP compressed archive (17.3%)\nZIP\n12.03 MB (12616201 bytes)", "modified": "2026-04-30T23:10:15.978000", "created": "2026-03-31T23:46:15.865000", "tags": [ "zip archive" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 7, "FileHash-SHA256": 660, "hostname": 30, "domain": 36, "URL": 62 }, "indicator_count": 801, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "30 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69cc51f0a58991e351321a0b", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA).", "modified": "2026-04-30T23:10:15.978000", "created": "2026-03-31T23:00:00.551000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774998167&Signature=utDs3%2B4MkyePrZxIa4LDJ8Z3xTy%2FSYPrRcuBtMqBNlWIaFR%2Ftqp82I3Dx7z4PG4CFAFUeDx4NGkwUFJd6%2B0u7grbfQ2CJtW2A6CWvczNiq0IEBDF0l5BAPkzE9KXDHRrfI37zeeo7SO%2FOahMZY7sJYqP3CAd2uqFSR57CkDB6vboYMzF8YUM8NWRhKXcEu9QY%2BbbHYQ2iGgjFAIvBKznE7L5oLu6F9UXKzrJ9%2FbyE61pXQduGaVGg1AF" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 51, "FileHash-MD5": 3, "FileHash-SHA1": 6, "FileHash-SHA256": 189, "URL": 83, "hostname": 33 }, "indicator_count": 365, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "30 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6660c1268a1f430e17236b55", "name": "Python: OVSAgentServer Document (autofilled name)", "description": "Here is the full text of the Vuze-dht-info script, which is written by \"Patrik Karlsson\" and followed by the following:-1-2-3. (Autofilled). This was pulled from a Windows 11 Hidden Folder from UAlberta Sample Device.", "modified": "2024-07-24T20:04:38.074000", "created": "2024-06-05T19:48:54.286000", "tags": [ "vuze", "dht service", "force", "port", "port state", "service version", "transaction id", "connection id", "vendor id", "azureus", "methods", "function", "method", "performs", "uri path", "same", "nmap", "see https", "buffer", "http post", "xdmcp", "session id", "mitmagiccookie1", "authorization", "displayid", "x display", "su p", "service", "patrik karlsson", "x server", "code", "xopendisplay", "checks", "tcp port", "xhost", "list", "host", "null", "retrieves", "wsdiscovery", "framework", "message id", "device wprt", "patrik", "author", "example", "john foo", "athens", "attiki", "domain name", "attempts", "service reason", "support", "active", "error", "false", "t3 protocol", "extrainfo", "weblogicversion", "t3 rmi", "daniel miller", "weblogic", "note", "cvss score", "isc bind", "todo", "cvss", "cpes", "sv output", "limit cves", "dot com", "mark", "elem", "stripnull", "wind debug", "wind river", "systems vxworks", "debug service", "boot line", "wdbprocedure", "agent", "vulnerable", "metasploit", "target", "seqnum", "vtam", "logon", "tn3270", "applid", "ibmtest", "cics", "dominic white", "tn3270 screen", "folder", "soldier", "path", "screen", "server", "cluster", "name", "http port", "admin port", "voldemort", "persistence", "driver", "apple remote", "desktop", "sasl", "aten", "vnc auth", "tries", "vnc server", "libvncserver", "bypass", "tight auth", "security", "mac os", "x security", "daemon", "220 vmware", "pass", "connectionpool", "xmpp", "login", "plain", "jabber", "soap api", "server version", "build", "os type", "product line", "header", "queries", "vmware server", "esxi", "vasto", "this", "body", "problem", "xmlns", "dns name", "tigase", "registration", "tonumber", "mlink", "connects", "citadel", "inside", "administrator", "root path", "database path", "sat mar", "version", "extracts", "versant object", "databases", "urls", "sniffed", "require", "sniffs", "http traffic", "ip address", "script output", "interface", "controls", "upnp service", "thomas buchanan", "table", "thisdb", "iana", "string", "arin", "boolean true", "comp", "meta", "trim", "actions", "openssh", "postfix smtpd", "msrpc", "runs", "comm", "prot", "group", "head", "admin", "phan", "ventrilo udp", "totpck", "totlen", "win32", "ping", "raid", "formats", "idera uptime", "intel", "gets", "domain", "arch", "linux", "smp fri", "x8664 x8664", "gnulinux", "info", "tso user", "user id", "userid", "tso logon", "valid user", "data", "nse object", "fakeuser", "razor", "blade", "plague", "tlvvalue", "ubiquiti", "probev1", "bb i2", "probev2", "tom sellers", "hidden", "zzzzz", "ooooo ssss", "enter", "fortran", "user", "skipped", "zero", "cool", "final", "scriptname", "ticketbleed", "tls session", "high", "tls stack", "hello", "done", "tls npn", "connection", "tls server", "npn extension", "spdy4a4", "spdy3", "hani benhabiles", "alpnname", "tls alpn", "client hello", "alpndone end", "alpn protocol", "filenotfound", "requesterror", "filefound", "enumerates", "tftp", "cisco", "script", "unknown", "kml file", "google earth", "geolocation", "italy", "getvalue", "rtt address", "sweden", "activetelnet", "hosttest2", "negotiate", "ntlm", "ntlmssp message", "netbios", "dnsdomainname", "dnscomputername", "dnstreename", "teamspeak", "udp packet", "cowclans", "service info", "traceroute scan", "hops", "inserts", "nmap scanning", "henri doreau", "nmap xml", "attribute", "loads", "address type", "ipv4", "ipv6", "filename", "telnet server", "freebsd", "option", "determines", "exploit", "linux advisory", "telnet", "default", "nick nikolaou", "make", "status", "driver object", "verdict", "target object", "telnet host", "telnet port", "password", "usersegs", "prefijo", "tablapalabras", "direccion", "prefixaux", "userright", "ipv6bin", "filler", "first", "iface", "ipv6 address", "targetstr", "slaac", "ipv6 host", "icmpv6 router", "advertisement", "nd host", "ipv6 stateless", "david fifield", "cidr notation", "bond", "simplified", "bsd license", "srcmac", "sends", "icmpv6 packet", "weilin", "icmpv6 echo", "svn server", "username", "crammd5", "helper", "result", "ipaux", "ipv6user", "ipv6network", "grantotal", "ipv6 subnet", "ipv4sub", "sslv2", "matthew boyle", "stuxnet", "infected", "stuxnetpaths", "stuxnetuuid", "stuxnetversion", "rpcgetversion", "smb session", "stuxnet service", "stdnse", "check", "secure socket", "https layer", "sstp traffic", "current sstp", "seil", "snippet", "ipmi", "exploitable", "output file", "calderon", "openssl", "heartbleed bug", "eof receiving", "match", "fingerprintfile", "ssl certificate", "littleblackbox", "apt1", "specify", "drown", "cve20160800", "sslv2 protocol", "tls ciphertext", "cve20153197", "cve20160703", "rsa data", "rfc1918", "ssl service", "issuer", "x509v3", "reports", "x509v3 subject", "steve benson", "sslv3", "ccs injection", "timeout", "ccs packet", "ssltls mitm", "protocol", "sweet32 attack", "ciphersuite", "chunksize", "gethellotable", "broken cipher", "find", "compressor", "format", "certificate", "pem return", "public key", "pcall", "delaware", "san jose", "california", "paypal", "accepted public", "keys", "checking key", "found", "connect", "actionend end", "specifies", "devin bjelland", "sshv1", "ssh server", "ssh protocol", "brandon enright", "modp group", "dsa group", "length", "diffiehellman", "ffffffff", "fromhex", "c4c6628b", "f25f1437", "e485b576", "generator", "tls port", "tls host", "tls serverhello", "unix timestamp", "jacob appelbaum", "returns", "poodle", "tlsfallbackscsv", "cve20143566", "ssl poodle", "ssl protocol", "authentication", "authenticated", "output", "privatekeyfile", "passphrase", "command", "ssh2 server", "kris katterjohn", "key comparison", "shows ssh", "md5 fingerprint", "ascii art", "matches", "sven klemm", "piotr olma", "socks proxy", "socks version", "guest", "iusredusrv011", "iwamedusrv011", "support388945a0", "tomcat", "socks", "snmp v1", "jetdirect", "jd117", "cidate", "system uptime", "security update", "windows media", "player", "windows server", "apache tomcat", "domain names", "mitigation apis", "kb911564", "kb924667v2", "kb925398", "explorer", "db2copy1", "lookup service", "application", "cryptographic", "db2das", "db2das00", "apache", "dcom", "launcher", "webapps", "value", "windows shares", "system idle", "process", "users", "system", "mib oids", "huawei", "hph3c locally", "snmp", "enterprisenums", "snmpv3 server", "security model", "snmpv3 get", "enterprise", "snmp community", "nextcommunity", "argument", "add ipv6", "vikas singhal", "serveraddress", "tftp server", "copystatus", "cisco router", "snmp rw", "fail", "config", "layer", "channel", "rfc3635", "ieee", "mac address", "obsolete", "generic", "voice", "prop", "terminal", "team", "test", "request", "joao correa", "mail server", "smtp", "diman todorov", "cyrus sasl", "auth", "postfix smtp", "authvuln", "cve20111720", "digestmd5", "activesmtp", "ehlo", "per rfc", "tls connection", "continue", "smtp ntlm", "ethernet", "macosx", "marek majkowski", "tiger", "rcpt", "vrfy", "expn", "socket", "user name", "mail from", "rcpt to", "duarte silva", "windows", "ron bowes", "vista", "srvsvc function", "wireshark", "p u137", "help", "ntlm login", "arturo buanzo", "busleiman", "lf line", "extended", "turn", "dkim", "exim", "exim server", "mail", "cve20111764", "exim daemon", "dkim format", "exim smtp", "webexservice", "handle", "runcommand", "windows account", "open", "cve20104344", "cve20104345", "sendrecv", "debianexim", "exim version", "could", "remote code", "webexec", "doesnotexist", "patched", "microsoft", "case", "msrc8742", "u137", "t139", "index", "define", "smtp server", "i2 i2", "microsoft smbv1", "reserved", "eternalblue", "wannacry", "ipc tree", "windows xp", "print spooler", "vulnerability", "lanman api", "september", "printer spooler", "stuxnet worm", "shareddocs", "smb server", "xp sp2", "windows vista", "gold", "smb request", "smb packet", "bsod", "dns server", "ms07029", "rpc interface", "rpc service", "notup", "server service", "execution", "ras rpc", "ms06025", "remote access", "rras", "rras memory", "routing", "systemroot", "reggetvalue", "installdate", "csdversion", "currentversion", "identifier", "productname", "model", "smbv1", "nt lm", "smbv3", "smbv2", "groups", "builtin", "account lockout", "samr", "connect4", "enumdomains", "invite", "options", "subscribe", "sip server", "cancel", "refer", "notify", "option request", "entry", "message signing", "smb security", "lmv2", "ntlmv2", "ms08068", "cve20093103", "process id", "advisory", "smbv2 protocol", "vista gold", "high header", "loop", "address", "reply", "ttl64", "comment", "ms08067", "conficker", "printer", "text", "service rpc", "lanman", "later", "service pack", "fqdn", "standard", "computer name", "sql2008", "workgroup", "servertypes", "typenames", "mssql server", "time capsule", "backup browser", "dfs root", "master browser", "sql server", "settings", "inetpub", "size time", "normal user", "description", "close", "bind", "clean", "infected2", "scanner", "namewin32", "read", "current user", "type", "readwrite", "usercanwrite", "current", "default share", "stypeipchidden", "write", "trojan", "changeddate", "names", "sids", "servicepaused", "servicestopped", "servicerunning", "gateway service", "manager", "shadow copy", "provider", "remote desktop", "tools", "spooler", "id process", "bytessec", "operationssec", "bytes", "pid ppid", "daniel", "rids", "homegroupuser", "windows system", "aliases", "lists", "double pulsar", "smb backdoor", "pulsar smb", "backdoor", "b i2", "luke jennings", "valid", "hostinfo", "invalidpassword", "userlist", "userlistindex", "blank", "third", "windows smb", "smb2 protocol", "smb2", "startdate", "starttime", "boot time", "date", "vuln", "securitymode", "smb2smb3", "file system", "leasing", "smbv2 server", "skype", "skype version", "skype author", "probes", "extension value", "number", "register sip", "file", "sip session", "true", "ekiga", "home", "user agent", "sip from", "request source", "request sip", "shodanapi key", "shodan", "shodan api", "sn pn", "apache httpd", "proto", "product parent", "xmltotext", "sunw", "instance urn", "product version", "product urn", "product defined", "instance id", "cpus", "probe", "xport", "samba", "samba heap", "cve20121182", "pidl", "zdican1503", "msrpc call", "szl request", "sendreceive", "offset", "siemens s7", "action", "plcscan", "copyright", "module type", "idle", "user on", "from since", "commondirs", "cve20177494", "payloadx86", "payloadx64", "samba remote", "rtsp", "rtsp urls", "describe", "setup", "play", "teardown", "roca", "detects", "return", "ssltls", "nse library", "pop3", "capa command", "user capa", "respcodes uidl", "pipelining stls", "top sasl", "rpc program", "rpc port", "sendpacket", "receivepacket", "rpc number", "rpc protocol", "host table", "port table", "winpcap", "getinfo", "pro1000 mt", "desktop adapter", "hamachi virtual", "winpcap remote", "capture daemon", "password1", "rmi registry", "tcclassdesc", "flags", "field count", "tcnull", "tcblockdata", "oraclesun", "custom data", "classpath", "java management", "custom", "martin holst", "swende", "performs brute", "unix rlogin", "unix", "item", "node name", "crypto version", "skerl version", "os mon", "basho version", "lager version", "cluster info", "luke version", "sasl version", "time", "odd response", "make sure", "diff", "unix rexec", "horizontal", "hostaction", "architecture", "filter", "redis", "realvnc", "cve20062369", "adderlink ip", "send", "cvssv2", "medium", "tpdu", "cve20120002", "ms12020 remote", "risk factor", "w2016", "credssp", "ntlmssp", "w16gasrv01", "success", "security layer", "early user", "rdstls", "rdp encryption", "fips", "rdp protocol", "knownprotocols", "wolfenstein", "enemy territory", "nexuiz", "quake iii", "arena", "openarena", "basic options", "other options", "getstatus", "statusresp", "quake3 game", "toni ruottu", "delay", "tcp packet", "maximum number", "mean", "numtrips", "delta", "qnx qconn", "qconn daemon", "root", "brendan coles", "puppet ca", "puppet naive", "csrs", "dummycsr", "defaultnode", "defaultenv", "paths", "response", "puppet server", "firmware", "pptp", "rt57i author", "activepop3", "pop3 ntlm", "pop3test2", "apop", "pop server", "pop3 account", "printer job", "language", "pjlreadymessage", "aaron leininger", "prev", "rstart", "ssl support", "force protocol", "ssl encryption", "plc type", "model number", "firmware date", "pcworx message", "nse script", "pcworx", "program", "phoenix contact", "pcanywhere", "xorkey", "mtus", "ipprotoudp", "ipprototcp", "pmtu", "pathmtuprobe", "path mtu", "drop", "hash", "key1", "seed", "noise", "oracle virtual", "server agent", "python", "http get", "basehttp", "virtual server", "get request", "oracle tns", "errcodes", "decodevsnnum", "decodes", "vsnnum version", "tns header", "tns packet", "unit size", "oracle", "checkaccount", "count", "oracle user", "october", "critical patch", "maxretries", "defaultaccounts", "dhiru kholia", "authvfrdata", "account", "device type", "uptime", "nack", "kernel version", "device", "mask", "alarm", "bad login", "nson", "openlookup", "arizona", "nson int", "parsefloat", "parses", "paradise", "ofpthello", "openflow", "initial packet", "newer", "jay smith", "mak kolybabi", "size", "memory card", "response code", "omron fins", "system use", "program area", "iom size", "expansion dm", "openvas manager", "target hosts", "firewall", "hosts", "nrpeprotocols", "warning", "nrpestates", "nrpecommands", "crc32constants", "i2 i4", "queries nagios", "remote plugin", "executor", "critical", "nepclientmacid", "serverhslen", "finalhslen", "nping echo", "echo mode", "activenntp", "nntp", "nntptest2", "ohost", "rhost", "job entry", "ohostrhost", "nje server", "nje password", "nje node", "mountpath", "nfsopen", "filesystem", "blocksize", "shows nfs", "showmount", "rpc query", "rpc library", "mount", "read lookup", "getattr", "readdirplus", "lookup", "delete", "loginresponse", "nexpose nsc", "netbuster", "netbus", "extends", "sv p", "defaultfields", "ntp server", "refid", "stratum", "network time", "reference", "applications", "log traffic", "volume", "wave", "synth", "netbus backdoor", "access", "netbus server", "nessus web", "nessus", "network data", "ndmp", "nas device", "amanda", "bacula", "ca arcserve", "commvault", "simpana", "emc networker", "exec", "device0000", "os version", "novell netware", "core protocol", "server name", "tree name", "windows2003", "skullsecurity", "netbios user", "netbios mac", "vmware", "servername", "workstationname", "netbios ns", "hewlett packard", "andrey zhukov", "ussc", "exported block", "readonly", "negotiation", "displays", "network block", "device protocol", "nbd server", "maps", "wan port", "nat port", "natpmp", "successfully", "wan ip", "apple airport", "natpmp protocol", "express", "extreme", "apple time", "capsule", "ddwrt", "mysql", "mariadbmysql", "mysqlmariadb", "mariadb", "cve20122122", "select distinct", "mysql database", "select host", "autocommit", "thread id", "support41auth", "mysql error", "mysql server", "kingcope", "dumps", "john", "ripper", "appropriate db", "review", "adminaccounts", "cis mysql", "skip", "create user", "verify", "super", "shutdown", "reload", "murmur", "udp port", "murmur server", "murmur service", "nmap service", "udp probe", "tcp service", "i4 i4", "igmp traceroute", "query", "source address", "static", "multicast group", "fwdcode", "library", "configuration", "enabled", "dns suffix", "dbcount", "tablecount", "select", "microsoft sql", "activesql", "dbtest2", "disconnect", "rslimit", "host script", "port script", "sql servers", "getname", "servers", "objectid", "select name", "from", "johntheripper", "dump", "dac port", "browser service", "dedicated admin", "dac feature", "sqlserver", "sql mail", "database mail", "dmo xps", "login success", "policy agent", "dhcp client", "lrpc endpoint", "msrpc endpoint", "remote fw", "dvmrp ask", "neighbors", "dvmrp", "neighbor", "igmp", "dvmrp code", "iterate", "major", "publish", "mqtt broker", "sanity", "mqtt", "indicate", "mqtt protocol", "topic", "connack", "mongodb build", "server status", "mongodb", "database", "error message", "httpstorage", "gateway target", "modbus", "to response", "formrsid", "illegal data", "slave device", "scada modbus", "scada", "switchmode", "mobile mouse", "os x", "attempted", "rpa tech", "connected30", "api routeros", "xmlreq", "methodname", "param", "methodcall", "metasploit rpc", "xdax00x20", "ruby version", "api version", "gathers", "api guide", "host name", "reqid", "stat", "nodes", "hostname", "mnesia version", "stdlib version", "auth failure", "agentguid", "didier stevens", "msie", "start", "mcafee epolicy", "eposerver", "instroot", "sap max", "dbmserver", "tn3270e", "unit", "tn3270e server", "logical unit", "macdst", "cadmus computer", "host id", "ipv4 address", "icon image", "repeater ap", "lineage", "printervidpid", "lexmark s302", "hbn3", "lexmark", "dcnet", "dccqure", "cnusers", "ldap", "qfilter", "dcfunctid", "cnconfiguration", "dcfunc", "cnschema", "cnservers", "ocqure", "nmas get", "allow admin", "ldap username", "ldap password", "cnadmin", "cnpaka", "login correct", "openldap", "ldap base", "ad discussion", "kerberos realm", "kerberos", "krb5", "asn1encoder", "realm", "knx address", "knxdibknxmedium", "knx gateway", "knx description", "din en", "http", "niklaus schiess", "java debug", "wire protocol", "jdwp", "java", "internet", "michael schierl", "method run", "java class", "b i8", "sat aug", "daylight time", "portal", "name service", "isns", "auth reason", "collects", "receive", "irc server", "d p6667", "e binsh", "vv localhost", "authenticate", "cap req", "internet relay", "chat", "imap", "imap4rev1", "imap4 literal", "blocked", "nick", "none", "motd", "nquitn", "stats", "lusers", "pingpong", "nmap brutern", "rxbot", "agobot", "slackbot", "mytob", "rbot", "sdbot", "ircbot", "vanbot", "gtbot", "spybot", "storm", "knx search", "device mac", "knxhpaiport", "knxdibdevmac", "discovers", "ipv6 suffix", "cpu usage", "cisco ios", "november", "netscreen", "qtypenodename", "qtypenoop", "qtype", "stringify", "ipv6 node", "qtypestrings", "stevecasner", "ff02000000", "20060921", "19941101", "kanglee", "20070202", "ff0x000000", "discovery", "ssdp", "passauth", "userauth", "conninfo", "channel auth", "claudiu perta", "rakp cipher", "ipmi interface", "cipher zero", "state service", "ipmi rpc", "aggressive mode", "vpngroup", "main mode", "ikeresponse", "ike service", "main", "hybrid", "testfr", "startdt", "asdu address", "getasdu", "cicna1", "iec104", "startdt act", "meeina1", "cicna1broadcast", "ip id", "ip ids", "numprobes", "shortport", "sslcert", "https", "iphttps", "city", "islands", "republic", "united", "startpos", "philadelphia", "recordbuf", "char", "jackson", "download", "dayton", "hill", "terre", "austin", "rouge", "green", "phoenix", "rapid", "diego", "vegas", "albania", "armenia", "belarus", "cuba", "indonesia", "lucia", "mexico", "panama", "paraguay", "slovakia", "chad", "uruguay", "april", "placemark", "point", "nmap registry", "required", "google maps", "api key", "google map", "premium", "google static", "maps api", "png8", "bing maps", "bing map", "road", "rest api", "rest", "jpeg", "fremont", "apikey", "a sting", "new jersey", "icmp echo", "lan host", "icmp", "nmap host", "information", "results", "dbinfo", "ibm informix", "dynamic server", "select first", "dbhostname", "full", "driver class", "client name", "impress version", "remote server", "impress remote", "remote pin", "firefox os", "clientname", "bruteforce", "activeimap", "ntlm challenge", "starttls", "socket receive", "imap ntlm", "istag", "resptbl", "icap service", "icap", "echo", "echo demo", "urlcheck demo", "udp iax2", "revision", "control frame", "poke request", "voip", "ferdy riphagen", "asterisk iax2", "xssedsite", "xssedsearch", "xssedfound", "xssedfixed", "xssedmirror", "xssedurl", "vlc streamer", "developer", "user guides", "increase", "base path", "ange gutek", "peter hill", "search", "wordpressapiurl", "wp root", "wordpress", "defaultwpuri", "initial check", "default uri", "default uservar", "default passvar", "webdav", "propfind", "copy", "move", "post", "proppatch", "trace", "server header", "modsecurity", "webknight", "binarysec", "cloudflare", "bigip", "xml gateway", "airlock", "profense", "netscaler", "idsipswaf", "web application", "attackvectorsn1", "wafidsips", "barracuda", "phpids", "latest", "paul amar", "rob nicholls", "rompager", "andrew orr", "bid71744 cve", "wordpress rest", "injection", "sql injection", "joomla", "regexpsuccess", "sql statement", "mysql user", "python script", "intel active", "params", "cve20175689", "bid98269", "nonce", "apache struts", "cve20175638", "http method", "url path", "ms15034", "http protocol", "system account", "groovy", "elasticsearch", "rce exploit", "java version", "json", "cve20151427", "wordpress cm", "php code", "cm download", "manager plugin", "cve20148877", "php system", "drupal core", "drupal", "auth sql", "title", "formid", "cisco asa", "sip denial", "sip inspection", "cisco adaptive", "software", "bug id", "cscuh44052", "ssl vpn", "clientless ssl", "vpn session", "asdm privilege", "asdm access", "cscuj33496", "minor", "zimbra", "ajxmsg", "zmsg", "zmmsg", "ajxkeys", "zmkeys", "zdmsg", "december", "file inclusion", "concept", "url redirection", "web server", "referer header", "cve20136786", "xss injection", "rails", "ruby", "cve20130156", "cdata", "yaml", "parameter", "denial", "cve20121823", "web development", "html", "phpcgi", "reverse proxy", "apache http", "contextis", "lan ip", "security bypass", "bid49957", "proxy", "apache web", "head request", "pt80443", "bid49303", "coldfusion8", "hmac", "salt", "http server", "sha1 hmac", "traversal", "bid42342", "coldfusion", "cve20100738", "jboss target", "path2", "array", "object", "services", "blazeds", "livecycle data", "adobe xml", "external entity", "livecycle", "webmin", "usermin", "cve20063392", "webmin file", "disclosure", "cve20093733", "vmware path", "vmware esx", "tony flick", "shmoocon", "sha1", "sha256", "eicar test", "resource", "virustotal", "eicartestfile", "readfile", "searches", "http response", "identify", "characters", "spiders", "xfoo", "evoxabout", "trane tracer", "trane", "tracer sc", "hwver12ab", "airhandler", "xxxxx", "normalizepath", "depth", "http1", "http trace", "uri author", "tplink wireless", "wr740n", "wr740nd", "wr2543nd", "confirmed", "wr842nd", "wa901nd", "wr941n", "wr941nd", "scanme", "displaytitle", "wikipedia", "repository uuid", "repository root", "node kind", "elements", "url relative", "author count", "unfiltered", "crawls", "posts", "field", "phase", "crawler", "html escaping", "posted data", "form", "html title", "twitter", "xfwd", "otherwise", "mfctearsample", "phpcrawl", "httplibs", "nmap scripting", "engine", "snoopy", "zendhttpclient", "change", "status code", "eddie bell", "timewith", "bestopt", "slowloris dos", "slowloris", "halfhttp", "dos attack", "timewithout", "threadcount", "timelimit", "dosed", "monitor", "threads", "sendinterval", "servernotice", "stopall", "reason", "ubuntu", "request type", "cookie", "referer", "shellshock", "http shellshock", "http header", "sending", "setcookie", "deny", "hsts", "cachecontrol", "pragma", "xss filter", "will", "uris", "sandbox", "sap netweaver", "sap instance", "km unit", "disabled", "robtex", "robtex service", "add list", "discount", "nwshp news", "relpage", "univ cobrand", "url default", "august", "informs", "qweb server", "ssl port", "photo station", "device model", "firmware build", "force ssl", "v2 web", "network video", "music", "uploads", "http put", "http proxy", "shared", "phpself", "reflected cross", "site scripting", "phpselfprobe", "local file", "inclusion", "exploitquery", "defaultfile", "defaultdir", "remote file", "basepath", "passwd", "etcpasswd", "query string", "printing", "multi", "http redirect", "valid http", "pattern", "joao", "activeweb", "telme", "http ntlm", "android", "khtml", "gecko", "http verb", "vulnerable uri", "allow", "safemethods", "public", "public header", "unsafemethods", "balancer", "jvmroute", "lbgroup", "sticky", "jsessionid", "remove", "stisvc", "looks", "denis", "majordomo2", "cve20110049", "michael brooks", "web page", "pierre lalet", "litespeed web", "cve20102333", "http request", "joomla web", "internal ip", "leaked", "host header", "microsoft iis", "jsonp", "jsonp endpoint", "policy", "vinamra bhatia", "gosingle", "root folder", "iis document", "research paper", "apple id", "apple mobileme", "find my", "iphone", "macbook air", "wifi", "mobileme web", "mac mini", "hp ilo", "productid", "uuid", "xmldata", "xml file", "builtinpatterns", "validate", "azaz09", "email", "group1", "google", "safe browsing", "sign", "git revision", "project author", "span", "git repository", "trunclength", "jboss", "statusok", "rails web", "jboss java", "location", "look", "insert", "michael kohl", "citizen428", "frontpage", "frontpage login", "path prefix", "atm anything", "uservar", "passvar", "stop", "mime", "content", "uploadrequest", "exploits", "mime type", "destination", "separator", "trying path", "maxpagecount", "feeds", "feedsrefs", "please", "atom", "reads", "wd2500js60mhb1", "md5 hash", "element", "socialtext", "http default", "nasl script", "ftp server", "ftp login", "gutek", "tagtable", "gpstagtable", "gpstaglatitude", "tagmake", "tagmodel", "tagdatetime", "taggpsinfo", "gpstaglongitude", "flash", "speed", "error code", "checkdir", "general", "views", "pppoe", "echolife hg530", "huawei hg5xx", "boolean", "hg530x", "direct path", "modules", "themes", "token", "id file", "input", "jim brass", "warrick brown", "martin", "jsfuncpatterns", "jscallspatterns", "xss occur", "javascript", "please note", "dlink", "dir120", "di624s", "di524up", "di604s", "di604up", "di604", "tmg5240", "ascii", "genericlines", "landeskrc", "tlssessionreq", "getrequest", "httpoptions", "lpdstring", "weird", "consumingdetect", "html content", "rapiddetect", "html code", "callback", "django", "missing", "nagios", "cactiez", "logincombos", "httplike", "csrf", "form id", "form action", "cross site", "adobe flash", "adobe reader", "silverlight", "crossdomain", "forgery", "granto", "origin", "sharing", "cors", "get post", "options author", "patch", "examines", "specific url", "specific cookie", "grepphp", "mediawiki", "generic backup", "patterns", "line number", "maximum value", "cf version", "fri mar", "xmltags", "anyconnect", "cisco ssl", "ddos", "pngiconquery", "gificonquery", "stylesheetquery", "vendorsquery", "cakephp version", "cakephp visit", "hostip", "alpha", "bigipserver", "f5 bigip", "seth jackson", "spam", "virus firewall", "barracuda spam", "api password", "mta sasl", "gateway", "dns cache", "shadow", "apache axis2", "axis2services", "defaultpath", "axis2 service", "awstats totals", "defaultcmd", "defaulturi", "sort", "common", "awstats total", "avaya ip", "office", "office user", "listing", "office voip", "basic", "digest", "router", "unauthorized", "debug", "http debug", "debug request", "response body", "apache server", "apache version", "common default", "google adsense", "amazon", "site", "grabs", "adsense", "magicuri", "gethostname", "finds", "sheila berta", "hostmapserver", "vendor", "gatewaywithwifi", "ingraham", "linksys", "linksys e1200", "e1200", "hbase", "hbase version", "hbase compiled", "quorum", "apache hbase", "hadoop database", "wed may", "hadoop", "http status", "logs", "apache hadoop", "hadoop version", "checkpoint size", "checkpoint", "capacity", "non dfs", "datanodes", "live", "dead", "wed sep", "cest", "line", "state", "datanode http", "log directory", "watch", "gps time", "gpsd network", "sat apr", "gopher", "taxf", "tax forms", "load", "network", "transmitted", "mount point", "fs type", "gkrellm service", "size available", "goodbye", "corba naming", "ganglia", "ganglia version", "owner", "proftpd", "proftpd server", "cve20104221", "telnet iac", "telnetiac", "telnetkill", "cmdshellid", "shell command", "cve20112523", "syst", "mode", "no data", "syst error", "logged", "stream", "cmdshell", "send command", "opie", "cve20101938", "ftpd", "arciemowicz", "adam", "zabrocki", "sergey khegay", "ieuser", "freelancer", "rp server", "freelancer game", "niagara fox", "java hotspot", "server vm", "americachicago", "tridium", "systems", "billy rios", "flume", "environment", "se runtime", "target port", "helperport", "ethernet type", "eric leblond", "ip packet", "probetimeout", "icmp time", "icmp payload", "recvtimeout", "ip ttl", "firewalk", "combo", "cups service", "hp laserjet", "print", "documentation", "cups", "cemt", "access denied", "authorized", "cemt inquire", "dfltuser", "db2conn", "gutek ange", "welcome", "linux version", "fcrdns mismatch", "no ptr", "reverse dns", "ptr record", "address book", "safari", "event protocol", "buddy", "erlang port", "mapper daemon", "x00x01n", "gmbh", "corporation", "limited", "company", "automation", "encoder", "inst", "tips", "tech", "life", "pump", "peap", "eapttls", "eaptls", "eapmschapv2", "identity", "ttls", "mschap", "nbstat", "sshhostkey", "ssh host", "p445443", "win2ksrv001", "server platform", "instance name", "apache derby", "drda protocol", "drda excsat", "sample", "ibm db2", "informix", "get dpap", "ibm lotus", "domino", "mjacksson", "lotus domino", "peak", "console", "release", "windows32", "socketpool", "docker", "docker service", "gitcommit", "parsedomain", "cname", "scripttype", "parsetxt", "bulletproof", "sbl123456", "cn online", "ip range", "zeus botnet", "ztdns", "name ip", "dns update", "kerberos kdc", "change service", "catalog", "argfilter", "kerberos passwd", "ldap servers", "canon", "mg5200 series", "canon mg5200", "ivec", "bjnp protocol", "ftp version", "tcp portarg", "portarg", "dns service", "version196609", "version196616", "ossi0x1f6", "felix groebert", "txid", "duane wessels", "authority rrs", "answer rrs", "answer record", "get txt", "txtlen", "dns recursion", "ogjdvm author", "spoofed reply", "cve20081447", "nsid", "ch txt", "dns nameserver", "ssu p", "dnschars", "nsec", "dnscharsinv", "label", "nsec record", "removesuffix", "result name", "bumpdomain", "nsec response", "easy", "nsec3", "dnssec nsec3", "nsec3 walking", "dnsnsecenum", "getprefixmask", "dns lookup", "ipv6 network", "ipv6 prefix", "noerror", "nxdomain result", "peter", "bool", "slowdown", "launches", "david", "victoria", "halifax", "casper", "barry", "soa expire", "soa refresh", "soa retry", "soa mname", "soa record", "dns check", "refresh", "domains", "timedmultiplier", "timednumsamples", "stddev", "alexadomains", "aaaa", "dns bruteforce", "added target", "resolve", "commfile", "argcategory", "dns antispam", "spam received", "daemon command", "allows", "dict protocol", "show server", "index data", "client", "dicom service", "aet check", "dicom", "acceptreject", "dicom server", "titles", "hence", "dhcpinform", "dhcp request", "dhcp server", "dhcpack", "subnet mask", "dhcp option", "strfixedstart", "listfixedstart", "login error", "dictfixedstart", "db2 server", "transaction", "database server", "nodetype1", "db2commtcpip", "db2inst1", "control center", "db2 packet", "wed mar", "getsessionid", "daapitemlimit", "fever ray", "getdatabaseid", "limit", "daap server", "cvs pserver", "repo", "series", "ubu1110", "raw printer", "stopped", "cups printing", "cupspdf printer", "couchdb", "mochiweb", "admin party", "discard", "couchdb http", "testsuitedb", "testsuitedba", "moneyz", "block", "coap endpoint", "reporting", "payload", "coap", "u5683 su", "analyzes", "clamav", "scan", "scan command", "clamav remote", "citrixsrv01", "citrix xml", "citrix", "ica browser", "citrixsrv02", "anonymous", "notepad", "appdata", "settingkey", "xml service", "must change", "nextuser", "citrix pn", "cics user", "cics login", "cesl", "signon", "on to", "cics id", "valid cics", "cesf", "cesn", "cata", "numtrials", "cccam service", "trial", "cccam dvr", "cassandra", "cluster name", "cassinc", "test cluster", "account success", "manager control", "willing", "device pub", "computer", "wpad", "dhcp", "web proxy", "dhcp discovery", "dns discovery", "wpad host", "wpad file", "machex", "sent wol", "wol packet", "wakes", "mac return", "servicerequest", "model name", "bubbatwo dlna", "justin maggard", "model descr", "debian", "activation code", "tellsticknet", "acca12345678", "inet", "ping request", "sybase anywhere", "netmask", "romm", "firmm", "serial", "macserial", "romversion", "firmwareversion", "sonicwall", "ripng", "ripng response", "ripng request", "ripv2", "ripv2 request", "tags", "pppoe discovery", "pppoed", "ipv4 format", "ip header", "bbi2", "pim hello", "i2i2", "helloraw", "multicast", "pim multicast", "pcduo gateway", "pcduo remote", "srvname", "ospfv2 database", "print ospfv2", "ospfv2 hello", "ospfv2 ls", "area id", "destination mac", "captured ospfv2", "callit", "nbname", "broadcastaddr", "mssqldiscover", "yesno", "decoders", "uport", "hsrp", "dropbox", "server id", "slave port", "jenkins", "argaddress", "jenkinspkt", "jenkins auto", "apache jserv", "protocol server", "pathhelloworld", "hid discoveryd", "eigrp", "internal route", "external route", "max amount", "internal", "dropboxport", "key2", "listens", "nmap target", "dhcpoffer", "clientid", "ip pool", "ipid", "dhcpv6 request", "solicit", "message type", "advertise", "ba9876", "domain search", "db2getaddr", "ubu804db2e", "edusrv011", "devtype", "null udp", "cve20111002", "avahi null", "wait time", "header instance", "bbi2bbi4", "config info", "etherbroadcast", "pataoe", "brantley coile", "total", "nse argument", "dht protocol", "torrentfile", "dht discovery", "serviceproxy", "obtains", "bitcoin server", "prior", "node id", "lastblock", "bitcoin", "bacnet", "sdn bhd", "bacnet packet", "titan", "landis", "carrier", "simplex", "notifier", "walker", "aust", "savant", "monitoring", "energy", "starman", "covenant", "king", "etap", "echelon", "arcom", "vanti", "backorifice", "container", "bocrypt", "boversion", "bohostname", "system info", "magicstring", "ping reply", "pong", "pingpacket", "team cymru", "peer", "amqp", "erlangotp", "rabbitmq", "plain amqplain", "dragomir", "allseeing eye", "team death", "novodondo", "blue", "herox", "different ajp", "jsp test", "options request", "ajp service", "public folder", "shows afp", "utf8 server", "uams", "server flags", "flags hex", "password saving", "copy file", "machine type", "afpversion", "afpx03", "apple mac", "dir method", "maxfiles", "cve20100533", "directory", "afp server", "permission uid", "gid size", "time filename", "parameter error", "netatalk", "apple filing", "formatipv4", "isatap", "server ipv4", "client ipv4", "admin email", "parse daemon", "license", "acarsd" ], "references": [ "scripts", "vuze-dht-info.nse", "xmlrpc-methods.nse", "xdmcp-discover.nse", "x11-access.nse", "wsdd-discover.nse", "whois-domain.nse", "weblogic-t3-info.nse", "vulners.nse", "wdb-version.nse", "vtam-enum.nse", "voldemort-info.nse", "vnc-brute.nse", "vnc-title.nse", "vnc-info.nse", "vmauthd-brute.nse", "xmpp-brute.nse", "vmware-version.nse", "xmpp-info.nse", "versant-info.nse", "url-snarf.nse", "upnp-info.nse", "whois-ip.nse", "unusual-port.nse", "unittest.nse", "ventrilo-info.nse", "uptime-agent-info.nse", "tso-enum.nse", "ubiquiti-discovery.nse", "tn3270-screen.nse", "tso-brute.nse", "tls-ticketbleed.nse", "tls-nextprotoneg.nse", "tls-alpn.nse", "tftp-enum.nse", "traceroute-geolocation.nse", "telnet-ntlm-info.nse", "teamspeak2-version.nse", "targets-traceroute.nse", "targets-xml.nse", "telnet-encryption.nse", "targets-sniffer.nse", "telnet-brute.nse", "targets-ipv6-wordlist.nse", "targets-ipv6-multicast-mld.nse", "targets-ipv6-multicast-slaac.nse", "targets-asn.nse", "targets-ipv6-multicast-invalid-dst.nse", "targets-ipv6-multicast-echo.nse", "svn-brute.nse", "stun-version.nse", "targets-ipv6-map4to6.nse", "sslv2.nse", "stuxnet-detect.nse", "sstp-discover.nse", "supermicro-ipmi-conf.nse", "ssl-heartbleed.nse", "stun-info.nse", "ssl-known-key.nse", "sslv2-drown.nse", "ssl-cert-intaddr.nse", "ssl-ccs-injection.nse", "ssl-enum-ciphers.nse", "ssl-cert.nse", "ssh-publickey-acceptance.nse", "sshv1.nse", "ssl-dh-params.nse", "ssl-date.nse", "ssh-auth-methods.nse", "ssl-poodle.nse", "ssh-run.nse", "ssh2-enum-algos.nse", "ssh-hostkey.nse", "socks-auth-info.nse", "snmp-win32-users.nse", "socks-brute.nse", "snmp-sysdescr.nse", "snmp-win32-software.nse", "snmp-win32-services.nse", "snmp-win32-shares.nse", "ssh-brute.nse", "snmp-processes.nse", "snmp-hh3c-logins.nse", "snmp-info.nse", "snmp-brute.nse", "snmp-ios-config.nse", "snmp-interfaces.nse", "socks-open-proxy.nse", "snmp-netstat.nse", "smtp-strangeport.nse", "smtp-vuln-cve2011-1720.nse", "smtp-ntlm-info.nse", "sniffer-detect.nse", "smtp-enum-users.nse", "smb-server-stats.nse", "smtp-commands.nse", "smtp-vuln-cve2011-1764.nse", "smtp-brute.nse", "smb-webexec-exploit.nse", "smtp-vuln-cve2010-4344.nse", "smb-vuln-webexec.nse", "smb-vuln-regsvc-dos.nse", "smtp-open-relay.nse", "smb-vuln-ms17-010.nse", "smb-vuln-ms10-061.nse", "smb-vuln-ms10-054.nse", "smb-vuln-ms07-029.nse", "smb-vuln-ms06-025.nse", "smb-system-info.nse", "smb-protocols.nse", "smb-flood.nse", "smb-enum-domains.nse", "sip-methods.nse", "script.db", "smb-security-mode.nse", "smb-vuln-cve2009-3103.nse", "smb-psexec.nse", "smb-vuln-ms08-067.nse", "smb-print-text.nse", "smb-os-discovery.nse", "smb-mbenum.nse", "smb-ls.nse", "smb-enum-users.nse", "smb-vuln-conficker.nse", "smb-enum-shares.nse", "smb-enum-sessions.nse", "smb-enum-services.nse", "smb-enum-processes.nse", "smb-enum-groups.nse", "rsync-list-modules.nse", "smb-double-pulsar-backdoor.nse", "smb-brute.nse", "smb2-vuln-uptime.nse", "smb2-time.nse", "smb2-security-mode.nse", "smb2-capabilities.nse", "skypev2-version.nse", "sip-enum-users.nse", "sip-call-spoof.nse", "sip-brute.nse", "shodan-api.nse", "servicetags.nse", "samba-vuln-cve-2012-1182.nse", "s7-info.nse", "rusers.nse", "smb-vuln-cve-2017-7494.nse", "rtsp-url-brute.nse", "rtsp-methods.nse", "rsync-brute.nse", "rsa-vuln-roca.nse", "pop3-capabilities.nse", "rpcinfo.nse", "rpc-grind.nse", "rpcap-info.nse", "rpcap-brute.nse", "rmi-vuln-classloader.nse", "rmi-dumpregistry.nse", "rlogin-brute.nse", "riak-http-info.nse", "rfc868-time.nse", "rexec-brute.nse", "reverse-index.nse", "redis-info.nse", "redis-brute.nse", "realvnc-auth-bypass.nse", "rdp-vuln-ms12-020.nse", "rdp-ntlm-info.nse", "rdp-enum-encryption.nse", "quake3-master-getservers.nse", "quake3-info.nse", "qscan.nse", "qconn-exec.nse", "puppet-naivesigning.nse", "pptp-version.nse", "pop3-ntlm-info.nse", "pop3-brute.nse", "pjl-ready-message.nse", "port-states.nse", "pgsql-brute.nse", "pcworx-info.nse", "pcanywhere-brute.nse", "path-mtu.nse", "p2p-conficker.nse", "ovs-agent-version.nse", "oracle-tns-version.nse", "oracle-sid-brute.nse", "oracle-enum-users.nse", "oracle-brute-stealth.nse", "oracle-brute.nse", "openwebnet-discovery.nse", "openvas-otp-brute.nse", "openlookup-info.nse", "openflow-info.nse", "omron-info.nse", "omp2-enum-targets.nse", "omp2-brute.nse", "nrpe-enum.nse", "nping-brute.nse", "nntp-ntlm-info.nse", "nje-pass-brute.nse", "nje-node-brute.nse", "nfs-statfs.nse", "nfs-showmount.nse", "nfs-ls.nse", "nexpose-brute.nse", "netbus-version.nse", "ntp-info.nse", "netbus-info.nse", "netbus-brute.nse", "netbus-auth-bypass.nse", "nessus-xmlrpc-brute.nse", "nessus-brute.nse", "ndmp-version.nse", "ndmp-fs-info.nse", "ncp-serverinfo.nse", "ncp-enum-users.nse", "nbstat.nse", "nbns-interfaces.nse", "nbd-info.nse", "nat-pmp-mapport.nse", "nat-pmp-info.nse", "mysql-vuln-cve2012-2122.nse", "mysql-variables.nse", "mysql-users.nse", "mysql-query.nse", "mysql-info.nse", "mysql-enum.nse", "mysql-empty-password.nse", "mysql-dump-hashes.nse", "mysql-databases.nse", "mysql-brute.nse", "mysql-audit.nse", "murmur-version.nse", "mtrace.nse", "ms-sql-xp-cmdshell.nse", "ms-sql-tables.nse", "ms-sql-query.nse", "ms-sql-ntlm-info.nse", "ms-sql-hasdbaccess.nse", "ms-sql-empty-password.nse", "ms-sql-dump-hashes.nse", "ms-sql-dac.nse", "ms-sql-config.nse", "ms-sql-brute.nse", "msrpc-enum.nse", "mrinfo.nse", "mqtt-subscribe.nse", "ms-sql-info.nse", "mongodb-info.nse", "mongodb-databases.nse", "mongodb-brute.nse", "modbus-discover.nse", "mmouse-exec.nse", "mmouse-brute.nse", "mikrotik-routeros-brute.nse", "metasploit-xmlrpc-brute.nse", "metasploit-msgrpc-brute.nse", "metasploit-info.nse", "memcached-info.nse", "membase-http-info.nse", "membase-brute.nse", "mcafee-epo-agent.nse", "maxdb-info.nse", "lu-enum.nse", "lltd-discovery.nse", "lexmark-config.nse", "ldap-search.nse", "ldap-rootdse.nse", "ldap-novell-getpass.nse", "ldap-brute.nse", "krb5-enum-users.nse", "knx-gateway-info.nse", "jdwp-version.nse", "jdwp-inject.nse", "jdwp-info.nse", "jdwp-exec.nse", "isns-info.nse", "iscsi-info.nse", "iscsi-brute.nse", "irc-unrealircd-backdoor.nse", "irc-sasl-brute.nse", "imap-capabilities.nse", "irc-info.nse", "irc-brute.nse", "irc-botnet-channels.nse", "knx-gateway-discover.nse", "ipv6-ra-flood.nse", "ipv6-node-info.nse", "ipv6-multicast-mld-list.nse", "ipmi-version.nse", "ipmi-cipher-zero.nse", "ipmi-brute.nse", "ike-version.nse", "iec-identify.nse", "ipidseq.nse", "ip-https-discover.nse", "ip-geolocation-maxmind.nse", "ip-geolocation-map-kml.nse", "ip-geolocation-map-google.nse", "ip-geolocation-map-bing.nse", "ip-geolocation-ipinfodb.nse", "ip-geolocation-geoplugin.nse", "ip-forwarding.nse", "informix-tables.nse", "informix-query.nse", "informix-brute.nse", "impress-remote-discover.nse", "imap-ntlm-info.nse", "imap-brute.nse", "icap-info.nse", "iax2-version.nse", "iax2-brute.nse", "http-xssed.nse", "http-vlcstreamer-ls.nse", "http-wordpress-users.nse", "http-wordpress-enum.nse", "http-wordpress-brute.nse", "http-webdav-scan.nse", "http-waf-fingerprint.nse", "http-waf-detect.nse", "http-vuln-wnr1000-creds.nse", "http-vuln-misfortune-cookie.nse", "http-vuln-cve2017-1001000.nse", "http-vuln-cve2017-8917.nse", "http-vuln-cve2017-5689.nse", "http-vuln-cve2017-5638.nse", "http-vuln-cve2015-1635.nse", "http-vuln-cve2015-1427.nse", "http-vuln-cve2014-8877.nse", "http-vuln-cve2014-3704.nse", "http-vuln-cve2014-2129.nse", "http-vuln-cve2014-2128.nse", "http-vuln-cve2014-2127.nse", "http-vuln-cve2014-2126.nse", "http-vuln-cve2013-7091.nse", "http-vuln-cve2013-6786.nse", "http-vuln-cve2013-0156.nse", "http-vuln-cve2012-1823.nse", "http-vuln-cve2011-3368.nse", "http-vuln-cve2011-3192.nse", "http-vuln-cve2010-2861.nse", "http-vuln-cve2010-0738.nse", "http-vuln-cve2009-3960.nse", "http-vuln-cve2006-3392.nse", "http-vmware-path-vuln.nse", "http-virustotal.nse", "http-vhosts.nse", "http-userdir-enum.nse", "http-unsafe-output-escaping.nse", "http-trane-info.nse", "http-sitemap-generator.nse", "http-trace.nse", "http-tplink-dir-traversal.nse", "http-title.nse", "http-svn-info.nse", "http-svn-enum.nse", "http-stored-xss.nse", "http-traceroute.nse", "https-redirect.nse", "http-useragent-tester.nse", "http-sql-injection.nse", "http-slowloris-check.nse", "http-slowloris.nse", "http-headers.nse", "http-shellshock.nse", "http-server-header.nse", "http-security-headers.nse", "http-sap-netweaver-leak.nse", "http-robtex-shared-ns.nse", "http-robots.txt.nse", "http-rfi-spider.nse", "http-referer-checker.nse", "http-qnap-nas-info.nse", "http-put.nse", "http-proxy-brute.nse", "http-robtex-reverse-ip.nse", "http-phpself-xss.nse", "http-phpmyadmin-dir-traversal.nse", "http-passwd.nse", "http-open-redirect.nse", "http-open-proxy.nse", "http-ntlm-info.nse", "http-mobileversion-checker.nse", "http-method-tamper.nse", "http-methods.nse", "http-mcmp.nse", "http-malware-host.nse", "http-majordomo2-dir-traversal.nse", "http-ls.nse", "http-litespeed-sourcecode-download.nse", "http-joomla-brute.nse", "http-internal-ip-disclosure.nse", "http-jsonp-detection.nse", "http-iis-webdav-vuln.nse", "http-iis-short-name-brute.nse", "http-icloud-sendmsg.nse", "http-icloud-findmyiphone.nse", "http-hp-ilo-info.nse", "http-grep.nse", "http-google-malware.nse", "http-gitweb-projects-enum.nse", "http-git.nse", "http-generator.nse", "http-frontpage-login.nse", "http-form-fuzzer.nse", "http-form-brute.nse", "http-fileupload-exploiter.nse", "http-fetch.nse", "http-feed.nse", "hddtemp-info.nse", "http-favicon.nse", "ftp-anon.nse", "http-exif-spider.nse", "http-errors.nse", "http-enum.nse", "http-drupal-enum-users.nse", "http-huawei-hg5xx-vuln.nse", "http-drupal-enum.nse", "http-domino-enum-passwords.nse", "http-dombased-xss.nse", "http-dlink-backdoor.nse", "fingerprint-strings.nse", "http-devframework.nse", "http-default-accounts.nse", "http-date.nse", "http-csrf.nse", "http-cross-domain-policy.nse", "http-cors.nse", "http-cookie-flags.nse", "http-config-backup.nse", "http-comments-displayer.nse", "http-coldfusion-subzero.nse", "http-cisco-anyconnect.nse", "http-chrono.nse", "http-cakephp-version.nse", "http-brute.nse", "http-bigip-cookie.nse", "http-barracuda-dir-traversal.nse", "http-backup-finder.nse", "http-axis2-dir-traversal.nse", "http-awstatstotals-exec.nse", "http-avaya-ipoffice-users.nse", "http-auth-finder.nse", "http-auth.nse", "http-aspnet-debug.nse", "http-apache-server-status.nse", "http-apache-negotiation.nse", "http-affiliate-id.nse", "http-adobe-coldfusion-apsa1301.nse", "hostmap-robtex.nse", "hostmap-crtsh.nse", "hostmap-bfk.nse", "hnap-info.nse", "hbase-region-info.nse", "hbase-master-info.nse", "hadoop-tasktracker-info.nse", "hadoop-secondary-namenode-info.nse", "hadoop-namenode-info.nse", "hadoop-jobtracker-info.nse", "hadoop-datanode-info.nse", "gpsd-info.nse", "gopher-ls.nse", "gkrellm-info.nse", "giop-info.nse", "ganglia-info.nse", "ftp-vuln-cve2010-4221.nse", "ftp-vsftpd-backdoor.nse", "ftp-syst.nse", "ftp-proftpd-backdoor.nse", "ftp-libopie.nse", "ftp-brute.nse", "ftp-bounce.nse", "freelancer-info.nse", "fox-info.nse", "flume-master-info.nse", "firewall-bypass.nse", "firewalk.nse", "cups-queue-info.nse", "cics-info.nse", "finger.nse", "fcrdns.nse", "eppc-enum-processes.nse", "epmd-info.nse", "enip-info.nse", "eap-info.nse", "duplicates.nse", "drda-info.nse", "drda-brute.nse", "dpap-brute.nse", "domino-enum-users.nse", "domcon-cmd.nse", "domcon-brute.nse", "docker-version.nse", "dns-zone-transfer.nse", "dns-zeustracker.nse", "dns-update.nse", "dns-srv-enum.nse", "bjnp-discover.nse", "banner.nse", "dns-service-discovery.nse", "dns-recursion.nse", "dns-random-txid.nse", "auth-spoof.nse", "dns-random-srcport.nse", "dns-nsid.nse", "dns-nsec-enum.nse", "dns-nsec3-enum.nse", "dns-ip6-arpa-scan.nse", "dns-fuzz.nse", "dns-client-subnet-scan.nse", "dns-check-zone.nse", "dns-cache-snoop.nse", "dns-brute.nse", "dns-blacklist.nse", "distcc-cve2004-2687.nse", "dict-info.nse", "dicom-ping.nse", "dicom-brute.nse", "dhcp-discover.nse", "deluge-rpc-brute.nse", "db2-das-info.nse", "daytime.nse", "daap-get-library.nse", "cvs-brute-repository.nse", "cvs-brute.nse", "cups-info.nse", "creds-summary.nse", "couchdb-stats.nse", "couchdb-databases.nse", "coap-resources.nse", "clock-skew.nse", "clamav-exec.nse", "citrix-enum-servers-xml.nse", "citrix-enum-servers.nse", "citrix-enum-apps-xml.nse", "citrix-enum-apps.nse", "citrix-brute-xml.nse", "cics-user-enum.nse", "cics-user-brute.nse", "cics-enum.nse", "cccam-version.nse", "cassandra-info.nse", "cassandra-brute.nse", "broadcast-xdmcp-discover.nse", "broadcast-wsdd-discover.nse", "broadcast-wpad-discover.nse", "broadcast-wake-on-lan.nse", "broadcast-versant-locate.nse", "broadcast-upnp-info.nse", "broadcast-tellstick-discover.nse", "broadcast-sybase-asa-discover.nse", "broadcast-sonicwall-discover.nse", "broadcast-ripng-discover.nse", "broadcast-rip-discover.nse", "broadcast-pppoe-discover.nse", "broadcast-ping.nse", "broadcast-pim-discovery.nse", "broadcast-pc-duo.nse", "broadcast-pc-anywhere.nse", "broadcast-ospf2-discover.nse", "broadcast-novell-locate.nse", "broadcast-networker-discover.nse", "broadcast-netbios-master-browser.nse", "broadcast-ms-sql-discover.nse", "broadcast-listener.nse", "broadcast-jenkins-discover.nse", "ajp-headers.nse", "broadcast-hid-discoveryd.nse", "broadcast-eigrp-discovery.nse", "broadcast-dropbox-listener.nse", "broadcast-dns-service-discovery.nse", "broadcast-dhcp-discover.nse", "broadcast-dhcp6-discover.nse", "broadcast-db2-discover.nse", "broadcast-bjnp-discover.nse", "broadcast-avahi-dos.nse", "broadcast-ataoe-discover.nse", "bittorrent-discovery.nse", "bitcoinrpc-info.nse", "bitcoin-info.nse", "bitcoin-getaddr.nse", "bacnet-info.nse", "backorifice-info.nse", "backorifice-brute.nse", "auth-owners.nse", "asn-query.nse", "amqp-info.nse", "allseeingeye-info.nse", "ajp-request.nse", "ajp-methods.nse", "ajp-brute.nse", "ajp-auth.nse", "afp-showmount.nse", "afp-serverinfo.nse", "afp-path-vuln.nse", "afp-ls.nse", "afp-brute.nse", "address-info.nse", "acarsd-info.nse", "https://seclists.org/nmap-dev/2011/q4/420", "https://viz.greynoise.io/analysis/001f6d4e-555b-49d3-a714-e71deea739d0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1110", "name": "Brute Force", "display_name": "T1110 - Brute Force" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1049", "name": "System Network Connections Discovery", "display_name": "T1049 - System Network Connections Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 107, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 288, "FileHash-MD5": 52, "URL": 218, "hostname": 180, "email": 33, "CIDR": 14, "CVE": 76, "FileHash-SHA1": 48, "FileHash-SHA256": 841 }, "indicator_count": 1750, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "675 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "smb-os-discovery.nse", "ssh-hostkey.nse", "smb-enum-services.nse", "telnet-brute.nse", "enip-info.nse", "broadcast-ospf2-discover.nse", "clock-skew.nse", "sip-enum-users.nse", "ndmp-fs-info.nse", "svn-brute.nse", "http-stored-xss.nse", "vmauthd-brute.nse", "http-vuln-cve2017-8917.nse", "dns-random-srcport.nse", "cccam-version.nse", "http-proxy-brute.nse", "rtsp-url-brute.nse", "ip-geolocation-ipinfodb.nse", "https://seclists.org/nmap-dev/2011/q4/420", "membase-brute.nse", "hddtemp-info.nse", "ubiquiti-discovery.nse", "hadoop-secondary-namenode-info.nse", "cvs-brute-repository.nse", "http-wordpress-users.nse", "maxdb-info.nse", "http-csrf.nse", "dicom-ping.nse", "broadcast-dns-service-discovery.nse", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524306&Signature=cXthPzwlRZxsgwUQSNKMDsPG6OynZQby1pdDJzqxAgQCcbcq37BfhqePhPxs9aKAB2o1j55rzzqlUEwiBke5LjKvRpZTJih560GCz5YWc9qeHPBBv%2FVcUEL%2FhoqasTTjfAJjT1l%2BzRVeQ%2B%2F8cuEf9QIfBl%2BvXhzSB%2B9p0JtpepQKunyqYNbRyzJ5S23SKkW3sqxPkbN0ywosD9wAT%2FqPRrowVS1rou", "omp2-enum-targets.nse", "krb5-enum-users.nse", "mikrotik-routeros-brute.nse", "bacnet-info.nse", "ms-sql-xp-cmdshell.nse", "http-form-fuzzer.nse", "vuze-dht-info.nse", "socks-brute.nse", "broadcast-wake-on-lan.nse", "lu-enum.nse", "uptime-agent-info.nse", "smtp-enum-users.nse", "realvnc-auth-bypass.nse", "ssh-auth-methods.nse", "http-drupal-enum-users.nse", "bitcoinrpc-info.nse", "http-vuln-cve2015-1427.nse", "sslv2-drown.nse", "afp-path-vuln.nse", "smb-enum-sessions.nse", "fcrdns.nse", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524270&Signature=Yn%2ByoAMXhl%2Fwe0poWrffqiJpt3ipHbmhmOj3wrO%2Bv0aI4XM%2BGTb3WYnUbwO%2BB4%2FvHy5B2E%2FI7lF5iq%2BFIW9tRm2ZBhCZY8p9zroZfwv1uFCqifhQLOzXFHGMp%2FptY89k%2B3c4Yi%2BoV6DCdRmHM9fAY5Y%2F%2FSzimGN6G2gOBFIFrOiAaMr1OO4tCC2KBL0a7pAYEx7pUEonfvjmdj2S7X8ZF2s4yhp30aASJGdx", "dpap-brute.nse", "smb-vuln-ms10-061.nse", "http-vuln-cve2014-8877.nse", "pcanywhere-brute.nse", "targets-sniffer.nse", "bitcoin-info.nse", "ms-sql-info.nse", "http-security-headers.nse", "http-slowloris.nse", "drda-info.nse", "http-sitemap-generator.nse", "ms-sql-config.nse", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "http-frontpage-login.nse", "db2-das-info.nse", "oracle-brute.nse", "http-traceroute.nse", "sniffer-detect.nse", "tso-brute.nse", "http-jsonp-detection.nse", "imap-brute.nse", "script.db", "lltd-discovery.nse", "http-svn-enum.nse", "ssl-ccs-injection.nse", "shodan-api.nse", "sslv2.nse", "ntp-info.nse", "nat-pmp-info.nse", "clamav-exec.nse", "nbns-interfaces.nse", "dns-update.nse", "broadcast-novell-locate.nse", "stun-version.nse", "http-iis-short-name-brute.nse", "giop-info.nse", "openlookup-info.nse", "http-huawei-hg5xx-vuln.nse", "ip-forwarding.nse", "smb2-capabilities.nse", "broadcast-pc-anywhere.nse", "smtp-strangeport.nse", "pgsql-brute.nse", "auth-owners.nse", "mqtt-subscribe.nse", "http-vuln-cve2017-5638.nse", "http-webdav-scan.nse", "broadcast-sybase-asa-discover.nse", "pop3-ntlm-info.nse", "rsync-brute.nse", "eap-info.nse", "bittorrent-discovery.nse", "impress-remote-discover.nse", "http-ls.nse", "targets-asn.nse", "hostmap-bfk.nse", "cvs-brute.nse", "broadcast-wpad-discover.nse", "ipidseq.nse", "hostmap-crtsh.nse", "rmi-dumpregistry.nse", "rmi-vuln-classloader.nse", "broadcast-pc-duo.nse", "nexpose-brute.nse", "ipmi-version.nse", "rtsp-methods.nse", "mmouse-exec.nse", "distcc-cve2004-2687.nse", "creds-summary.nse", "nntp-ntlm-info.nse", "imap-capabilities.nse", "ms-sql-hasdbaccess.nse", "http-internal-ip-disclosure.nse", "stuxnet-detect.nse", "rexec-brute.nse", "daap-get-library.nse", "cics-user-enum.nse", "hadoop-tasktracker-info.nse", "targets-ipv6-multicast-invalid-dst.nse", "nrpe-enum.nse", "vnc-brute.nse", "smtp-vuln-cve2011-1720.nse", "oracle-enum-users.nse", "citrix-brute-xml.nse", "ajp-auth.nse", "smb-security-mode.nse", "freelancer-info.nse", "http-cisco-anyconnect.nse", "ms-sql-empty-password.nse", "smb2-security-mode.nse", "irc-brute.nse", "http-adobe-coldfusion-apsa1301.nse", "dns-fuzz.nse", "icap-info.nse", "http-phpmyadmin-dir-traversal.nse", "https-redirect.nse", "riak-http-info.nse", "http-iis-webdav-vuln.nse", "couchdb-stats.nse", "smtp-vuln-cve2010-4344.nse", "socks-open-proxy.nse", "nbstat.nse", "broadcast-ms-sql-discover.nse", "smb-vuln-regsvc-dos.nse", "http-robtex-reverse-ip.nse", "http-git.nse", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "ftp-bounce.nse", "whois-ip.nse", "http-vhosts.nse", "rusers.nse", "smb-enum-groups.nse", "mysql-users.nse", "vmware-version.nse", "mmouse-brute.nse", "nje-pass-brute.nse", "citrix-enum-apps.nse", "tls-alpn.nse", "reverse-index.nse", "nfs-ls.nse", "http-hp-ilo-info.nse", "rpcap-brute.nse", "redis-brute.nse", "quake3-master-getservers.nse", "smb-system-info.nse", "oracle-sid-brute.nse", "http-waf-detect.nse", "http-icloud-findmyiphone.nse", "ip-geolocation-maxmind.nse", "http-favicon.nse", "dns-recursion.nse", "nping-brute.nse", "http-shellshock.nse", "firewalk.nse", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "hadoop-jobtracker-info.nse", "x11-access.nse", "omron-info.nse", "ipv6-node-info.nse", "http-qnap-nas-info.nse", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "ftp-anon.nse", "http-trane-info.nse", "eppc-enum-processes.nse", "nessus-xmlrpc-brute.nse", "socks-auth-info.nse", "amqp-info.nse", "http-referer-checker.nse", "dicom-brute.nse", "http-comments-displayer.nse", "dns-random-txid.nse", "http-slowloris-check.nse", "drda-brute.nse", "ldap-search.nse", "ldap-brute.nse", "knx-gateway-info.nse", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "http-passwd.nse", "broadcast-pppoe-discover.nse", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub", "path-mtu.nse", "http-put.nse", "snmp-interfaces.nse", "https://vtbehaviour.commondatastorage.googleapis.com/1cf762ebb36225bf2de49fd9baa4a724fb6fc6552982f7cde3eb8750a1396dec_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524101&Signature=YafvX%2FKbHVKXFED6nVuUgoWZdNWqqwItgxDl5Bp9Zdo%2Ff%2FTWC5kJWRGA47ZowHZh4EHc%2FFCAhOR4hifZEhlDC9cbmSs%2FMY5ulZLp78eChDgCY4CIs2SwjotobahaTms3z7t7TRUdIHKGnwY%2BBKFBQDjnoeTV7AOaSpqizw51XA60Hu%2BUYVLPbGrLff%2B64VYK3uuHUNH1TrAYfUa%2BkJqwlpueD%2Bcp4iqLPBZC%2Fje1DnEVe8e%", "http-methods.nse", "http-affiliate-id.nse", "broadcast-db2-discover.nse", "http-waf-fingerprint.nse", "http-litespeed-sourcecode-download.nse", "domcon-brute.nse", "http-auth.nse", "bitcoin-getaddr.nse", "rfc868-time.nse", "ip-https-discover.nse", "sip-call-spoof.nse", "http-vuln-cve2006-3392.nse", "smb-vuln-ms08-067.nse", "netbus-auth-bypass.nse", "dns-nsec-enum.nse", "broadcast-eigrp-discovery.nse", "smb2-vuln-uptime.nse", "vnc-title.nse", "targets-traceroute.nse", "http-open-proxy.nse", "http-bigip-cookie.nse", "snmp-netstat.nse", "rdp-ntlm-info.nse", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "mysql-info.nse", "http-default-accounts.nse", "informix-brute.nse", "smb-flood.nse", "broadcast-netbios-master-browser.nse", "smtp-ntlm-info.nse", "openflow-info.nse", "http-title.nse", "duplicates.nse", "broadcast-versant-locate.nse", "ajp-request.nse", "smtp-vuln-cve2011-1764.nse", "irc-botnet-channels.nse", "http-vlcstreamer-ls.nse", "firewall-bypass.nse", "oracle-tns-version.nse", "dns-nsid.nse", "afp-showmount.nse", "port-states.nse", "http-exif-spider.nse", "broadcast-pim-discovery.nse", "http-mcmp.nse", "smb-enum-domains.nse", "afp-brute.nse", "gopher-ls.nse", "broadcast-sonicwall-discover.nse", "http-auth-finder.nse", "traceroute-geolocation.nse", "snmp-brute.nse", "voldemort-info.nse", "nat-pmp-mapport.nse", "http-ntlm-info.nse", "iscsi-info.nse", "ssl-dh-params.nse", "http-method-tamper.nse", "ipmi-brute.nse", "ssh2-enum-algos.nse", "ajp-brute.nse", "http-brute.nse", "http-vuln-cve2011-3368.nse", "citrix-enum-apps-xml.nse", "ftp-vsftpd-backdoor.nse", "ms-sql-tables.nse", "http-axis2-dir-traversal.nse", "smtp-commands.nse", "hadoop-namenode-info.nse", "http-form-brute.nse", "broadcast-dropbox-listener.nse", "smb-brute.nse", "oracle-brute-stealth.nse", "rpc-grind.nse", "ftp-proftpd-backdoor.nse", "dns-service-discovery.nse", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524206&Signature=gWMfmLkoqQlDMb2RkNFcKrRqEBTNwkGuJnOc9uYaCYYGUohkAqUCNV2fjuOBD99RjZOm8wqWNn%2FXYjXHsOu2xg1EehIoxPcojD6qR1oGvRdqYtGScazp5qTmu2Mt95kBncGOrN3FpTiqA2TEqGmHrtBquZHDt7huxi3puJ3z0X1nqPFbmirt%2FRkfDFS9TEQp6piBIbuuoVClP9myw%2FdSfLOMovw4i0CKwtUFikUQ", "http-server-header.nse", "snmp-win32-shares.nse", "smb-mbenum.nse", "hadoop-datanode-info.nse", "http-dlink-backdoor.nse", "broadcast-ping.nse", "mongodb-brute.nse", "http-robots.txt.nse", "telnet-encryption.nse", "snmp-info.nse", "domino-enum-users.nse", "qconn-exec.nse", "deluge-rpc-brute.nse", "snmp-processes.nse", "msrpc-enum.nse", "https://vtbehaviour.commondatastorage.googleapis.com/85b51c6796de06101424d187c6bca9f90da990eabe4045a0006bc7c1bf8dc4b3_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524231&Signature=Wv5G2ljAtLZs5UD7wbg53RFvucHo7IiRhkyNVLmeK6NA42BzJseS4otL9OJksO0gkN3drBP2pHrsvpqZqi7sTKiOXrVsQiR9kD1qF4wp7uKJfdbPjqUwlanEbw5yw5kd0CSm9P6dQm1uok3EVaAdczKUEAbW2aMMiUzm4WkW2MEFZaL0f2guNhLxgcALLfBbr%2BaPq6FvfadgfDFj1rHHbiG7L4%2FWVnyJeK%2BpMRcTKcx%2FvKJPKycGQtIQzPlg7a", "smb-vuln-ms10-054.nse", "ssl-poodle.nse", "http-awstatstotals-exec.nse", "broadcast-wsdd-discover.nse", "flume-master-info.nse", "http-cross-domain-policy.nse", "broadcast-ripng-discover.nse", "ssl-known-key.nse", "mongodb-databases.nse", "ldap-novell-getpass.nse", "xmpp-info.nse", "http-apache-negotiation.nse", "http-vuln-cve2015-1635.nse", "stun-info.nse", "dns-blacklist.nse", "broadcast-tellstick-discover.nse", "dns-srv-enum.nse", "pptp-version.nse", "http-vuln-cve2017-5689.nse", "rdp-enum-encryption.nse", "mysql-brute.nse", "membase-http-info.nse", "smb-ls.nse", "citrix-enum-servers.nse", "isns-info.nse", "modbus-discover.nse", "ncp-enum-users.nse", "hbase-region-info.nse", "openwebnet-discovery.nse", "ms-sql-ntlm-info.nse", "allseeingeye-info.nse", "https://viz.greynoise.io/analysis/001f6d4e-555b-49d3-a714-e71deea739d0", "broadcast-rip-discover.nse", "ncp-serverinfo.nse", "targets-ipv6-wordlist.nse", "gkrellm-info.nse", "ip-geolocation-map-bing.nse", "smb-vuln-webexec.nse", "http-vuln-cve2011-3192.nse", "citrix-enum-servers-xml.nse", "smb-enum-shares.nse", "snmp-sysdescr.nse", "tls-ticketbleed.nse", "iec-identify.nse", "http-vuln-cve2013-7091.nse", "tso-enum.nse", "ssh-brute.nse", "netbus-info.nse", "ventrilo-info.nse", "snmp-win32-software.nse", "nessus-brute.nse", "jdwp-exec.nse", "hbase-master-info.nse", "targets-ipv6-map4to6.nse", "mongodb-info.nse", "qscan.nse", "http-drupal-enum.nse", "smb2-time.nse", "mysql-query.nse", "http-coldfusion-subzero.nse", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1774998167&Signature=utDs3%2B4MkyePrZxIa4LDJ8Z3xTy%2FSYPrRcuBtMqBNlWIaFR%2Ftqp82I3Dx7z4PG4CFAFUeDx4NGkwUFJd6%2B0u7grbfQ2CJtW2A6CWvczNiq0IEBDF0l5BAPkzE9KXDHRrfI37zeeo7SO%2FOahMZY7sJYqP3CAd2uqFSR57CkDB6vboYMzF8YUM8NWRhKXcEu9QY%2BbbHYQ2iGgjFAIvBKznE7L5oLu6F9UXKzrJ9%2FbyE61pXQduGaVGg1AF", "mysql-dump-hashes.nse", "tls-nextprotoneg.nse", "http-google-malware.nse", "tn3270-screen.nse", "hnap-info.nse", "ip-geolocation-map-kml.nse", "http-vuln-cve2014-2128.nse", "broadcast-dhcp6-discover.nse", "weblogic-t3-info.nse", "ssl-date.nse", "pjl-ready-message.nse", "http-wordpress-enum.nse", "http-enum.nse", "rsa-vuln-roca.nse", "ftp-libopie.nse", "ssl-cert-intaddr.nse", "cassandra-info.nse", "broadcast-upnp-info.nse", "informix-tables.nse", "tftp-enum.nse", "vnc-info.nse", "http-vuln-cve2014-2129.nse", "backorifice-info.nse", "smb-vuln-ms06-025.nse", "http-tplink-dir-traversal.nse", "http-vuln-cve2017-1001000.nse", "openvas-otp-brute.nse", "http-svn-info.nse", "http-rfi-spider.nse", "http-cors.nse", "smb-enum-users.nse", "http-vuln-misfortune-cookie.nse", "targets-ipv6-multicast-echo.nse", "http-open-redirect.nse", "ip-geolocation-geoplugin.nse", "vulners.nse", "http-robtex-shared-ns.nse", "mysql-databases.nse", "metasploit-info.nse", "ms-sql-query.nse", "ftp-brute.nse", "banner.nse", "fingerprint-strings.nse", "http-virustotal.nse", "http-avaya-ipoffice-users.nse", "http-devframework.nse", "http-trace.nse", "omp2-brute.nse", "sip-methods.nse", "p2p-conficker.nse", "broadcast-listener.nse", "broadcast-dhcp-discover.nse", "quake3-info.nse", "s7-info.nse", "murmur-version.nse", "http-config-backup.nse", "ike-version.nse", "xmpp-brute.nse", "ftp-vuln-cve2010-4221.nse", "mrinfo.nse", "http-useragent-tester.nse", "cups-info.nse", "http-generator.nse", "auth-spoof.nse", "ms-sql-brute.nse", "dns-cache-snoop.nse", "https://www.verizon.com/business/", "ipv6-ra-flood.nse", "broadcast-networker-discover.nse", "broadcast-ataoe-discover.nse", "ganglia-info.nse", "pop3-brute.nse", "ssh-run.nse", "snmp-ios-config.nse", "sip-brute.nse", "mysql-audit.nse", "http-sql-injection.nse", "hostmap-robtex.nse", "nbd-info.nse", "xdmcp-discover.nse", "puppet-naivesigning.nse", "smtp-open-relay.nse", "smb-protocols.nse", "rdp-vuln-ms12-020.nse", "http-fetch.nse", "pcworx-info.nse", "address-info.nse", "http-headers.nse", "teamspeak2-version.nse", "skypev2-version.nse", "ipv6-multicast-mld-list.nse", "http-vuln-cve2010-0738.nse", "ajp-methods.nse", "ssl-enum-ciphers.nse", "cups-queue-info.nse", "dns-client-subnet-scan.nse", "snmp-hh3c-logins.nse", "nfs-showmount.nse", "ftp-syst.nse", "iax2-brute.nse", "docker-version.nse", "http-gitweb-projects-enum.nse", "whois-domain.nse", "http-phpself-xss.nse", "http-icloud-sendmsg.nse", "http-date.nse", "smb-double-pulsar-backdoor.nse", "ms-sql-dump-hashes.nse", "http-vuln-cve2014-2127.nse", "cics-user-brute.nse", "jdwp-version.nse", "dns-nsec3-enum.nse", "http-vmware-path-vuln.nse", "http-vuln-cve2013-6786.nse", "targets-xml.nse", "iax2-version.nse", "http-feed.nse", "mysql-vuln-cve2012-2122.nse", "http-unsafe-output-escaping.nse", "coap-resources.nse", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737710&Signature=fbsokraSd7lsYmUfaTEl8Phs2K3hp7AtVmQU9axeEBcYmYbrrYrrfpP5lPEQaE%2Fh3%2BEP9Rn8mD8D1haqQVXCN0VVlxJ4sddjWmyC5USsgBsvUb0%2F72h1WHDS2KXHlteZWE%2Bauckabain9D5kX501AnqFY38s77OIqO6SMOkQ%2BvXiDSSRK%2FZhbfradBnei3ZLHsXGxkoshTyvB0%2BC%2F8SiUzdVsqSjik0Bn2r%2BIlLpDQK90GlZTD0N", "informix-query.nse", "http-vuln-wnr1000-creds.nse", "smb-vuln-ms17-010.nse", "ms-sql-dac.nse", "http-wordpress-brute.nse", "gpsd-info.nse", "sshv1.nse", "samba-vuln-cve-2012-1182.nse", "domcon-cmd.nse", "upnp-info.nse", "rpcinfo.nse", "irc-sasl-brute.nse", "ip-geolocation-map-google.nse", "http-cakephp-version.nse", "pop3-capabilities.nse", "smb-server-stats.nse", "metasploit-msgrpc-brute.nse", "rsync-list-modules.nse", "http-malware-host.nse", "dns-brute.nse", "cassandra-brute.nse", "http-vuln-cve2013-0156.nse", "http-vuln-cve2014-3704.nse", "http-errors.nse", "backorifice-brute.nse", "url-snarf.nse", "netbus-version.nse", "ssh-publickey-acceptance.nse", "smb-vuln-conficker.nse", "vtam-enum.nse", "acarsd-info.nse", "ndmp-version.nse", "mcafee-epo-agent.nse", "http-sap-netweaver-leak.nse", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "cics-info.nse", "http-cookie-flags.nse", "iscsi-brute.nse", "redis-info.nse", "http-vuln-cve2012-1823.nse", "http-majordomo2-dir-traversal.nse", "broadcast-avahi-dos.nse", "jdwp-inject.nse", "fox-info.nse", "broadcast-hid-discoveryd.nse", "mysql-enum.nse", "smb-psexec.nse", "telnet-ntlm-info.nse", "http-domino-enum-passwords.nse", "versant-info.nse", "smb-enum-processes.nse", "memcached-info.nse", "supermicro-ipmi-conf.nse", "wdb-version.nse", "scripts", "finger.nse", "mysql-empty-password.nse", "irc-unrealircd-backdoor.nse", "cics-enum.nse", "snmp-win32-services.nse", "knx-gateway-discover.nse", "targets-ipv6-multicast-slaac.nse", "https://vtbehaviour.commondatastorage.googleapis.com/edb4c21d60daa44b3429e7ba9bfa342759ebef23c136c934f74aef145453ce19_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775737365&Signature=S%2B7RcHYjab1hbKlKwFfvUbDirFPJS1A2TJQ3bVIObMcON4PD9pRDvhMtYMCnEBrYsICi0UJCFW5eUDolL5Jlbngsc587kF36vvuhlkPprbkSOY1jOyDTpe3Qsb6jRFz3xwOfZc9S5QervoLnRKb%2FyGSyZE6ZK6TxzBrOPczPtZ7sLf9NfD6E%2B2gMRXaRjEqVwVITLG7YqCiiNuohFOuNlK3uNHFpIk53viKvBSAIqLtSklH9bHW4q1DX", "unusual-port.nse", "ssl-cert.nse", "http-grep.nse", "http-vuln-cve2010-2861.nse", "ovs-agent-version.nse", "ssl-heartbleed.nse", "smb-vuln-ms07-029.nse", "http-userdir-enum.nse", "http-joomla-brute.nse", "http-fileupload-exploiter.nse", "daytime.nse", "rpcap-info.nse", "ajp-headers.nse", "http-xssed.nse", "xmlrpc-methods.nse", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F", "dict-info.nse", "dns-check-zone.nse", "wsdd-discover.nse", "bjnp-discover.nse", "asn-query.nse", "http-barracuda-dir-traversal.nse", "smb-vuln-cve-2017-7494.nse", "ipmi-cipher-zero.nse", "dns-zone-transfer.nse", "http-backup-finder.nse", "http-vuln-cve2014-2126.nse", "jdwp-info.nse", "mtrace.nse", "dns-zeustracker.nse", "targets-ipv6-multicast-mld.nse", "servicetags.nse", "http-chrono.nse", "http-mobileversion-checker.nse", "lexmark-config.nse", "broadcast-xdmcp-discover.nse", "metasploit-xmlrpc-brute.nse", "smb-vuln-cve2009-3103.nse", "afp-serverinfo.nse", "epmd-info.nse", "https://vtbehaviour.commondatastorage.googleapis.com/de5a9417dec59d03c07c57078270197621ac62397b5a691f07af522441f7e58a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524330&Signature=ZJzvK6ex%2B4WDprMFZXUHM%2BlO6Ocvx3kqb%2FSV%2Br7oW4AldeE%2FSYCUkm1fOjShI0dT2puSwxTD0dbfVH%2FxiHe5YY9c68q0bgC%2FdWgIIlm5IPfDNaglObv3%2BFsaR%2Bbt%2F2za%2FHaRujccLsITjfKH55VkVPdFNOTWeypsbVndDtzOkIkK3VmWNZQGEQnJ1HqMlPPfWvp5r58eVXUhAT%2BbwZ9Sg9LXqdGPZsBgt5hdKVT%2Bev4h", "nfs-statfs.nse", "rlogin-brute.nse", "ldap-rootdse.nse", "dns-ip6-arpa-scan.nse", "mysql-variables.nse", "irc-info.nse", "https://vtbehaviour.commondatastorage.googleapis.com/fdaa5bef329a103c6a38f971023a23214954b2038f74091fcb85a6c5b3ee6793_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775524056&Signature=IRSYa160YBvfdiw9tFfaCqtY9z8rs45D1Ve6%2BpTMouiseLJI%2F4JyM0rAk55VfNmIzUGfryzxeHvYct6ob6QriZBkNDXCbk6M3QVOAqXQrpNBhFRpRMzqvG4bGBzfXaGO3JH%2FTaYejWQRB7Mjas3ENDiTanlcgTbBa9F0dlIn9glEYIvRq5IaDr1xMbyygt4IT0oJ2B27OxFY8TcpM4T3emxrp17iYN%2FF3Imo6bFRTYVHFbPF", "afp-ls.nse", "unittest.nse", "imap-ntlm-info.nse", "broadcast-jenkins-discover.nse", "nje-node-brute.nse", "couchdb-databases.nse", "smb-print-text.nse", "http-apache-server-status.nse", "http-dombased-xss.nse", "smb-webexec-exploit.nse", "http-vuln-cve2009-3960.nse", "broadcast-bjnp-discover.nse", "smtp-brute.nse", "dhcp-discover.nse", "sstp-discover.nse", "netbus-brute.nse", "snmp-win32-users.nse", "http-aspnet-debug.nse" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 31, "pulses": [ { "id": "6a0e936ce3f3ebd4b76fee29", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T23:45:08.365000", "created": "2026-05-21T05:09:00.942000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 90, "FileHash-SHA256": 1997, "IPv4": 49, "domain": 34, "hostname": 124, "URL": 429, "URI": 1, "CIDR": 16 }, "indicator_count": 2944, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "9 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e935a4a7df45548fe942d", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:21:46.242000", "created": "2026-05-21T05:08:42.394000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 216, "FileHash-SHA1": 122, "FileHash-SHA256": 2487, "IPv4": 19, "domain": 47, "hostname": 73, "URL": 205, "URI": 1, "email": 1 }, "indicator_count": 3171, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936aec67867b0f6d29f3", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:23.417000", "created": "2026-05-21T05:08:58.537000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e9368acb77419bf65660d", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:16.005000", "created": "2026-05-21T05:08:56.934000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936b647274be6ed25227", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:13.100000", "created": "2026-05-21T05:08:59.081000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e936cb4a9e6db51876ae2", "name": "MAV-en * VirusTotal report for setup-maven-master.zip", "description": "[The full text of the statement on the subject of human rights, as compiled by BBC Radio 4's Panorama, will be published on Wednesday, 27 March.. and will appear on BBC iPlayer]usernotificationsd, \"freeze_skip_reason:\" : \"none\",\n \"pid\" : 851,\n \"cpuTime\" : 0.52999799999999997,\n \"name\" : \"HeuristicInterpreter\",\n country_code\":\"US\",\"agent\":\"parsecd\\/1 (iPhone17,4; iPhone OS 26.3.1 23D8133) parsecd\\/", "modified": "2026-05-21T05:13:12.402000", "created": "2026-05-21T05:09:00.401000", "tags": [ "file type", "ascii", "ascii text", "java source", "json", "unicode text", "utf8 text", "c source", "sgml document", "creates", "persistence", "malicious", "next", "windows sandbox", "calls clear", "png image", "svg scalable", "vector graphics", "rgba", "crlf line", "ms windows", "title", "installer", "template", "pcx ver", "code helper", "helper", "plugin", "renderer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "mitre attack", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339747&Signature=R%2FOTx2wxfF3MkMsUAEbX76dOSFXtiY%2BBtXR6Kl7PxVGTXaylNjmhXaxofJAQ0RP2z7ICeXit4nmXky1HIQZnPX74ZyD16ICTt3%2BAXA6yZSU%2Fw%2Fks9M2Ju1xi3m8IMloiUH7Z9Le5L5Mlfrw5QO4ZO%2FgDHG3ATHUk0qk%2BFUT2gsjT8jS6aztZHjZo4xVQLlmmwWY2%2F8%2FKZejJlFptwLfMZEA%2BDW1ZbssKpkNsXZGu69SkdNPO9c", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339770&Signature=tPgwja3MWoODqbVlxhsock2mBa1WfALhB00A%2FSu4klEizmiV6VxM5y6vH%2FGm%2FFf67mLtz5mR6Mt17RKGQUPK11iYmQax86WhcCuxTpR0mDpo12tG4HAI5ht8qM4xgOQcjspEhBgsXPDvw2Np7e9trD0l8MytxvCqOuA7DVNdiUL2xvLNXAG1yCptFpvqyZo7kokLxp4RwsvDJuOrH8%2FGrNAOjdaHFQ8FWGhgkhyO6Q767Szi", "https://vtbehaviour.commondatastorage.googleapis.com/366e8b8ac409bec588ae02fbd3fb9678f1feb43c5fec92670577bbe2c01c2b2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339792&Signature=O6r4LzVdjNFj7wZVT%2B0a4%2BGemB4yEqip9waMS7NlonESXy80tfqV33UBqEEp8i%2B2qOg6S%2Ba4cSwzi3nXOtjSaUaFAI43DmvSsxq5Y5WsA8cMb4Ul6FhGON6Cr0JT1xoEMtACmSdxG8Vo%2Be4PVcu93v6CBeWMZnFb8exU8ku4GUDY8ZEFW%2FJqeu266wn59KD9gFKRwlqx3NuRzMLdwqMA7f9o6QLPcM8WWnB%2BkvJVFk3BnxJAfBn7T2JO", "https://vtbehaviour.commondatastorage.googleapis.com/f839e941d0d2b6d9c5d6fd9b8b9ea9d34629182973bb9cc8af28e1e3ccdbbdd4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339838&Signature=GgSFM3a3czj9g63hY67%2B%2FAyC%2FcGgMmTIqhErAonJ7vV9C8snHKwK0GtHZ6drm%2Fd%2BKaMonYJwSmh1LrRzYF9toBJc5rBwpR%2BPlsrS9EArViMI%2Bd%2Fb8ZZBHgqFsmCiiSWfzz4kIQRPM0RB4osCHqQxKmGW2i1uyWrytYjA4V%2FZREm1%2Bm2EEWx38PebvBFrM9pMznjF6rghFHp8ls6tzuolbXD4WUfR0OSoXjcAaAgihobJ%2FmOd", "https://vtbehaviour.commondatastorage.googleapis.com/e2f820daf9f578d5f3219ae8b3c6391017badf913a68c4aaac4e52c5155c566f_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339867&Signature=l%2F%2BDGW7ZLqIfVvi1NOyg4%2FCgXPJBdSweWglJKW7iMb5GfnK0pX4yYYVL3OKkqrzAbMUcR2fqLUXHJfnMwSKBhQxjGR8LGF1nh7TeXxVGIQVh8kAyEZBCuXNHsZfzxR0zVbZfKAIEvC9D8S2%2FwBmpI6xztHiC7vmaJ5OhJD%2BoPDojRqXH2bmBpCz1XTZd7JphPNXRIbefZL4mR%2FrRe7o8WO2JHylOy9rIodNKKPEv5W9Q54%2BaA%2FG926", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779339948&Signature=JA8BamPMfn7P8xM9CTv8ndNuaNtng0n%2Btofwj05768pJwsCB6Mgd6GU18%2BpNjCvwwZg%2F%2Bw0a2xOYIsvuqdDQAFzoO3jl3EUYKu7dPoOelD2NPrIcyCAHc8qKhqpPdjZKpo%2B8AJCxvO13OXHoSh94%2B%2Bht9h6mIJs8y7YO2CUo%2FqlV8M0fa5Px90aErgl%2BarD7%2ByQWlt0QD2caFKl%2BHViTViTx", "https://vtbehaviour.commondatastorage.googleapis.com/44ea6ddc04caa89b23fb4acec5625975088c6079d823abfd8c77c95d4edc321b_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779340034&Signature=tbq82yoC%2BAKXaH%2F2XjmRWiAbt911K91ltP8zHTYrstzi0i1UKrzJxM48ky9ypV%2B%2FvrYdgBnaOfI9MzgZH0C%2FOFJUaVJ3WB87ULkjglD%2F6GeEDDcPtDX%2BY6aw2%2Bb8WaJU2xLc%2F9JbwoTbPP0n83pJv1qe0KLqckLIjEN4iREH1zU%2FldO5TBRicvB%2BxjeAxpPFZnjNZmyFl%2FNHbavuuvRc%2FMNR0DbjnriB2Mub" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 204, "FileHash-SHA1": 88, "FileHash-SHA256": 1993, "IPv4": 19, "domain": 34, "hostname": 60, "URL": 203, "URI": 1 }, "indicator_count": 2602, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f6f81dc2388c0fa027", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.563000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f683111bbbe1c9ae35", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.775000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 218, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 119, "hostname": 133, "email": 4 }, "indicator_count": 2154, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f6657dd0c212d8344a", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:54.060000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 217, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 118, "hostname": 133, "email": 2 }, "indicator_count": 2150, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d7a3f511d0121d253b753d", "name": "VirusTotal report\n for flow-browser-main.zip", "description": "A sample of flow-browser-main, an unauthorised version of the web browser, has been detected by researchers at the University of California, Los Angeles, and the National Security Agency (NSA). myvzw.com after an email on ending a #", "modified": "2026-05-09T12:10:59.635000", "created": "2026-04-09T13:04:53.436000", "tags": [ "file type", "png image", "ascii", "ascii text", "java source", "json", "rgba", "creates", "crlf line", "mac os", "date", "malicious", "next", "button", "span", "edit3icon", "rotateccwicon", "xicon", "htmldivelement", "react", "saveicon", "null", "shortcutitem", "click", "zip archive", "png multimedia", "graphics" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739500&Signature=r1pLCgJf%2FQK8TvenCwXy9bnghFzjJ5QssdQSLP37SLv6EkA3WXuFUIvKrsXKokco7bMfQUy%2FArk8F6aP%2Bhaj16Jv7P%2FGB%2Blf7mPvs47VjwfBJRCP8AZLlWvO45%2BjC68v798csdJFPTP31O4yDOE3pXZ3EThm4nSrIwLPhTSPfi3cPlEh2wLSzcySW7BYLw%2BqCoawFCxeLUz7hIV0vC89Mlwi3DeS%2BEnWFF%2FsvT9lVJjdbLoJLEeO", "https://vtbehaviour.commondatastorage.googleapis.com/087797e64cf016f13eac46473b4150d49c7eba564c894300f69bc643b059c980_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775739700&Signature=bOTo%2FxCpGDGOsIKJDZjBBhLZRg8UiOGi%2FvVr47Xpmh7tOh9dez7911bi%2F9SUdu4ATLhzRVog%2BdVP%2BUPwTuEfIdEcPuGRGVc1KOSP3fTQrKhRjF3x2dqykxVCH%2B1iqBmCgod%2B1uAdlraxqSOeOgst1l%2Bk250uXff4axktE%2BfGjeNDeGJao%2FfOMktqIL7zU8%2BIQYTObwelnnYx45FBSiXI1bWM4vhdgIX4cs2cT%2F" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 224, "FileHash-MD5": 558, "FileHash-SHA1": 564, "FileHash-SHA256": 558, "URL": 140, "hostname": 166, "email": 2, "CVE": 8 }, "indicator_count": 2220, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "21 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "request.md", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "request.md", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780215366.5248783 }