{ "type": "Domain", "indicator": "tokrulele.data", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/tokrulele.data", "alexa": "http://www.alexa.com/siteinfo/tokrulele.data", "indicator": "tokrulele.data", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2751050935, "indicator": "tokrulele.data", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 11, "pulses": [ { "id": "6a0e80601f3040ce2765f408", "name": "applespell VirusTotal Box of Apples Sandbox report", "description": "[full report on the Visual Studio Code.app.com malware, published on 19 January, 2024 and published online by the University of South Wales (USA) in the United States.]", "modified": "2026-05-21T04:05:48.166000", "created": "2026-05-21T03:47:44.044000", "tags": [ "applespell", "gx installer", "opera gx", "installer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "updater", "mitre attack", "file type", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive", "persistence", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 58, "IPv4": 47, "domain": 16, "hostname": 61, "URL": 105, "FileHash-MD5": 1, "Mutex": 2 }, "indicator_count": 294, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e805ea0647270dfa7bba7", "name": "applespell VirusTotal Box of Apples Sandbox report", "description": "[full report on the Visual Studio Code.app.com malware, published on 19 January, 2024 and published online by the University of South Wales (USA) in the United States.]", "modified": "2026-05-21T03:47:42.242000", "created": "2026-05-21T03:47:42.242000", "tags": [ "applespell", "gx installer", "opera gx", "installer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "updater", "mitre attack", "file type", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive", "persistence", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 58, "IPv4": 47, "domain": 14, "hostname": 33, "URL": 54, "FileHash-MD5": 1 }, "indicator_count": 211, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d38f2be92e678ccdfcf157", "name": "CAPE Sandbox", "description": "spyware", "modified": "2026-05-06T11:00:54.822000", "created": "2026-04-06T10:47:07.561000", "tags": [ "renewed", "8gbram", "windows10", "19inlcdmonitor", "desktop pc", "package", "intel core", "hard drive", "dvdrw", "wifi", "title", "blink", "date", "meta", "elite", "body" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472287&Signature=rw%2BkzkQKY5M41fqBOOPOnF5nUXqseptUkZPX0VOkL5lmxzWIcqVfQFKQGRNKIzZOE90PJOiV7ZneTdKShjcZbrGhVubS6ms3aA16QMDcjwhN1ydkTmSwfmIuEhyWnqyPR28n7DU3JQ%2FKuYgCjUFaromvhWGfhh%2B5YArNd6sFv7Yrw9YwYZ644Ob%2F3hzdlY8JqqRt592k16rV%2F50Q3%2BaL%2Bs9LjV6%2BTJMwLFmQMSBYr4s2l1", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472412&Signature=QcBCZcKyHYxWwhSWOKX7apvx3%2BT3Bjzt3y1Xx2vTLrR768KeDlg7sY1Be5YVVKRCCT3rWlV9n36IfmZpQ0siFg%2BaS8Lw3STmcyFUw%2FF28Uar%2BVuRm1sKdVq24l7lGhYyAteWJqAIe8VHgUtUXBMOAcr4lzsj7YA%2BoYqiuspu%2BRgoCYoVEA55ujOTpbSulxwZ%2FgVUmIhSzlosNjBP1lSIEUOLWG%2BUC3yYSMS%2Bg4nxp9PO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 249, "FileHash-SHA1": 46, "FileHash-SHA256": 44, "URL": 75, "hostname": 131, "domain": 12 }, "indicator_count": 557, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c353e548fe41549a2094", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.769000", "created": "2026-05-05T10:15:47.653000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 124, "hostname": 136, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c351adf63435d7a118ea", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.367000", "created": "2026-05-05T10:15:45.503000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 125, "hostname": 135, "domain": 32, "email": 1 }, "indicator_count": 1645, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c3482f0a487199f01dfe", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T12:01:34.624000", "created": "2026-05-05T10:15:36.709000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1206, "IPv4": 185, "FileHash-MD5": 109, "FileHash-SHA1": 231, "URL": 300, "hostname": 276, "domain": 219, "email": 29, "CIDR": 6 }, "indicator_count": 2561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c34e91ef1282eaf26b24", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T11:55:52.834000", "created": "2026-05-05T10:15:42.571000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 200, "URL": 124, "hostname": 135, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ada9e03dfe3f81c5cd894c", "name": "VirusTotal Box of Apples Sandbox report", "description": "I cannot stress enough the degree of interpretation this requires and *if malicious* could damage. Please use dilligance in vetting.", "modified": "2026-04-07T16:31:49.011000", "created": "2026-03-08T16:54:56.051000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 6, "FileHash-SHA256": 2, "domain": 5, "hostname": 10, "FileHash-MD5": 2, "URL": 1 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ad63990d39ad55787e7549", "name": "VirusTotal Box of Apples Sandbox report", "description": "000c0ee4e098425aa2c62a0c71237fc161c1232ca3f2be927ee0f89fb53ef9d0", "modified": "2026-04-07T11:15:13.695000", "created": "2026-03-08T11:55:05.609000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 3, "domain": 5, "hostname": 10, "FileHash-MD5": 1, "CVE": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ad55604c1da37368f9f749", "name": "VirusTotal Box of Apples Sandbox report", "description": "", "modified": "2026-04-07T10:26:55.912000", "created": "2026-03-08T10:54:24.768000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 3, "FileHash-SHA256": 1, "domain": 5, "hostname": 10 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ad55618e0b78629fe0d239", "name": "VirusTotal Box of Apples Sandbox report", "description": "", "modified": "2026-04-07T10:26:55.912000", "created": "2026-03-08T10:54:25.420000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 3, "FileHash-SHA256": 1, "domain": 5, "hostname": 10 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472287&Signature=rw%2BkzkQKY5M41fqBOOPOnF5nUXqseptUkZPX0VOkL5lmxzWIcqVfQFKQGRNKIzZOE90PJOiV7ZneTdKShjcZbrGhVubS6ms3aA16QMDcjwhN1ydkTmSwfmIuEhyWnqyPR28n7DU3JQ%2FKuYgCjUFaromvhWGfhh%2B5YArNd6sFv7Yrw9YwYZ644Ob%2F3hzdlY8JqqRt592k16rV%2F50Q3%2BaL%2Bs9LjV6%2BTJMwLFmQMSBYr4s2l1", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472412&Signature=QcBCZcKyHYxWwhSWOKX7apvx3%2BT3Bjzt3y1Xx2vTLrR768KeDlg7sY1Be5YVVKRCCT3rWlV9n36IfmZpQ0siFg%2BaS8Lw3STmcyFUw%2FF28Uar%2BVuRm1sKdVq24l7lGhYyAteWJqAIe8VHgUtUXBMOAcr4lzsj7YA%2BoYqiuspu%2BRgoCYoVEA55ujOTpbSulxwZ%2FgVUmIhSzlosNjBP1lSIEUOLWG%2BUC3yYSMS%2Bg4nxp9PO", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 11, "pulses": [ { "id": "6a0e80601f3040ce2765f408", "name": "applespell VirusTotal Box of Apples Sandbox report", "description": "[full report on the Visual Studio Code.app.com malware, published on 19 January, 2024 and published online by the University of South Wales (USA) in the United States.]", "modified": "2026-05-21T04:05:48.166000", "created": "2026-05-21T03:47:44.044000", "tags": [ "applespell", "gx installer", "opera gx", "installer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "updater", "mitre attack", "file type", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive", "persistence", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 58, "IPv4": 47, "domain": 16, "hostname": 61, "URL": 105, "FileHash-MD5": 1, "Mutex": 2 }, "indicator_count": 294, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a0e805ea0647270dfa7bba7", "name": "applespell VirusTotal Box of Apples Sandbox report", "description": "[full report on the Visual Studio Code.app.com malware, published on 19 January, 2024 and published online by the University of South Wales (USA) in the United States.]", "modified": "2026-05-21T03:47:42.242000", "created": "2026-05-21T03:47:42.242000", "tags": [ "applespell", "gx installer", "opera gx", "installer", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "screnshots", "updater", "mitre attack", "file type", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "zip archive", "persistence", "malicious", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/00000be919bbf39d160bc68a67b09b51ad7f246c662c990841908f20fcf12715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335150&Signature=uDtc71sxnnFjUynOWL3%2BEfCWBdV5z5ySup%2Bc1zR2wZ6As7QGYwmEfhjw5Q7oU8ejTyM2hzc8A%2BNiG%2FLVKKlNfMvIhjiD1eeMdbMD9ZlBtmDb%2BWt2QmG%2B5nva1h0WfWoacQwywV6%2FluInYutfcA56BrWxyle6SDogMg0FYhPC0N313lpykH5TB%2FnQKDWeG9dnagRdUJZLwEgU4i9fniVZcnrzGT8Lh9", "https://vtbehaviour.commondatastorage.googleapis.com/000033bb30ef26261f53f933a0f21cf4eed370bd987e081e0679898b3a6bddda_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779335270&Signature=HD1tv4%2BfbWxkeiy0n49jYf0bWSIQZGoTXEbGtzILXBy9ABXvdNKR8TYp3JjubOUUsjKIza8dV0WnN53Ye2ZuwtdkwPuYQ5cdWV3hQ4DDGC02om6I44vDnC7twPKfenv1Foxe2Xq11CjgLk6Mdg49WD6DWXvzpdgafbdvdrjLLk%2FEc6IlEf%2F5hUBfcXH6I%2FwxHQownjqPhfo5D%2BN2k6kKw6WKCoupY8pC3Riz%2F%2F5ZUDVqHvjc" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 58, "IPv4": 47, "domain": 14, "hostname": 33, "URL": 54, "FileHash-MD5": 1 }, "indicator_count": 211, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d38f2be92e678ccdfcf157", "name": "CAPE Sandbox", "description": "spyware", "modified": "2026-05-06T11:00:54.822000", "created": "2026-04-06T10:47:07.561000", "tags": [ "renewed", "8gbram", "windows10", "19inlcdmonitor", "desktop pc", "package", "intel core", "hard drive", "dvdrw", "wifi", "title", "blink", "date", "meta", "elite", "body" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472287&Signature=rw%2BkzkQKY5M41fqBOOPOnF5nUXqseptUkZPX0VOkL5lmxzWIcqVfQFKQGRNKIzZOE90PJOiV7ZneTdKShjcZbrGhVubS6ms3aA16QMDcjwhN1ydkTmSwfmIuEhyWnqyPR28n7DU3JQ%2FKuYgCjUFaromvhWGfhh%2B5YArNd6sFv7Yrw9YwYZ644Ob%2F3hzdlY8JqqRt592k16rV%2F50Q3%2BaL%2Bs9LjV6%2BTJMwLFmQMSBYr4s2l1", "https://vtbehaviour.commondatastorage.googleapis.com/2533042959ad1fe050d14ab7536126910a2d240992bff397640382472b6a7c69_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775472412&Signature=QcBCZcKyHYxWwhSWOKX7apvx3%2BT3Bjzt3y1Xx2vTLrR768KeDlg7sY1Be5YVVKRCCT3rWlV9n36IfmZpQ0siFg%2BaS8Lw3STmcyFUw%2FF28Uar%2BVuRm1sKdVq24l7lGhYyAteWJqAIe8VHgUtUXBMOAcr4lzsj7YA%2BoYqiuspu%2BRgoCYoVEA55ujOTpbSulxwZ%2FgVUmIhSzlosNjBP1lSIEUOLWG%2BUC3yYSMS%2Bg4nxp9PO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1221", "name": "Template Injection", "display_name": "T1221 - Template Injection" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 249, "FileHash-SHA1": 46, "FileHash-SHA256": 44, "URL": 75, "hostname": 131, "domain": 12 }, "indicator_count": 557, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c353e548fe41549a2094", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.769000", "created": "2026-05-05T10:15:47.653000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 124, "hostname": 136, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c351adf63435d7a118ea", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-06T06:10:54.367000", "created": "2026-05-05T10:15:45.503000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 199, "URL": 125, "hostname": 135, "domain": 32, "email": 1 }, "indicator_count": 1645, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c3482f0a487199f01dfe", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T12:01:34.624000", "created": "2026-05-05T10:15:36.709000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 7, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1206, "IPv4": 185, "FileHash-MD5": 109, "FileHash-SHA1": 231, "URL": 300, "hostname": 276, "domain": 219, "email": 29, "CIDR": 6 }, "indicator_count": 2561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9c34e91ef1282eaf26b24", "name": "CAPE Sandbox - reseachers urgent cert revoke in here", "description": "Im focusing on critical only for revoke rn-\ncerts:2020-06-05 07:38:41 UTC\nIdentifier\ngit-remote-http\nAuthority\nApple Root CA\nDate Signed\nJun 5, 2020 at 7:38:41 AM\nTeam Identifier\nQ6M7LEEA66\n2 acrobat-\nSpcSpOpusInfo, 3.\nApple Inc.\nValid From\n05:09 PM 04/12/2018\nValid To\n05:09 PM 04/13/2023\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n0087E9AC8B1AF18819849544AC8FDADF2797831B\nSerial Number\n47 58 DF B2 D2 E4 1F 8D machos\n4Name\nDigiarty Software, Inc.\nStatus\nValid\nIssuer\nApple Inc.\nValid From\n10:15 AM 05/12/2020\nValid To\n10:15 AM 05/13/2025\nAlgorithm\nsha256WithRSAEncryption\nThumbprint\n91EECE441DC0DA64380FF25A146691437592507A\nSerial Number\n29 91 F2 F5 56 1F CD CF \n5Name\nApple Inc.\nStatus\nNotTrusted\nIssuer\nApple Inc.\nValid From\n10:34 PM 04/12/2013\nValid To\n10:34 PM 04/12/2021\nAlgorithm\nsha1WithRSAEncryption\nThumbprint\n013E2787748A74103D62D2CDBF77A1345517C482\nSerial Number\n2A DA 71 BA A7 BD 17 9F (still working)\n6 i will add rest in comments this ones critical", "modified": "2026-05-05T11:55:52.834000", "created": "2026-05-05T10:15:42.571000", "tags": [ "redacted for", "server", "privacy tech", "privacy admin", "date", "domain status", "country", "organization", "postal code", "stateprovince", "code", "registrar abuse", "trust", "issuer sectigo", "rsa code", "signing ca", "valid from", "valid", "valid usage", "code signing", "algorithm", "serial number", "memory pattern", "ip traffic", "domains", "urls http", "tls sni", "thumbprint", "valid issuer", "apple inc", "df b2", "d2 e4", "adobe inc", "issuer digicert", "ev code", "sha2", "name digiarty", "software", "status valid", "issuer apple", "f2 f5", "ba a7", "colorsync", "avfoundation", "cfnetwork file", "webkit" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 897, "IPv4": 156, "FileHash-MD5": 100, "FileHash-SHA1": 200, "URL": 124, "hostname": 135, "domain": 31, "email": 1 }, "indicator_count": 1644, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ada9e03dfe3f81c5cd894c", "name": "VirusTotal Box of Apples Sandbox report", "description": "I cannot stress enough the degree of interpretation this requires and *if malicious* could damage. Please use dilligance in vetting.", "modified": "2026-04-07T16:31:49.011000", "created": "2026-03-08T16:54:56.051000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 6, "FileHash-SHA256": 2, "domain": 5, "hostname": 10, "FileHash-MD5": 2, "URL": 1 }, "indicator_count": 26, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ad63990d39ad55787e7549", "name": "VirusTotal Box of Apples Sandbox report", "description": "000c0ee4e098425aa2c62a0c71237fc161c1232ca3f2be927ee0f89fb53ef9d0", "modified": "2026-04-07T11:15:13.695000", "created": "2026-03-08T11:55:05.609000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 4, "FileHash-SHA256": 3, "domain": 5, "hostname": 10, "FileHash-MD5": 1, "CVE": 1 }, "indicator_count": 24, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ad55604c1da37368f9f749", "name": "VirusTotal Box of Apples Sandbox report", "description": "", "modified": "2026-04-07T10:26:55.912000", "created": "2026-03-08T10:54:24.768000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 3, "FileHash-SHA256": 1, "domain": 5, "hostname": 10 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "54 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "tokrulele.data", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "tokrulele.data", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780265005.4126925 }