{ "type": "Domain", "indicator": "traffic.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/traffic.com", "alexa": "http://www.alexa.com/siteinfo/traffic.com", "indicator": "traffic.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4171043838, "indicator": "traffic.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 7, "pulses": [ { "id": "69fb3d6585753bfdc08890a4", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:54:34.222000", "created": "2026-05-06T13:08:53.749000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 662, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7, "CVE": 1 }, "indicator_count": 2687, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d632800402652054b73", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:51.417000", "created": "2026-05-06T13:08:51.417000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d628de55fd4fef0e2bc", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:50.546000", "created": "2026-05-06T13:08:50.546000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d5b5642ffb183d38fa8", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:43.093000", "created": "2026-05-06T13:08:43.093000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d58494c7b444832ea5b", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:40.248000", "created": "2026-05-06T13:08:40.248000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d5596fa1ad26e3f4319", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:37.416000", "created": "2026-05-06T13:08:37.416000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6952f958f5dee394ed5ee9f1", "name": "Agent-AQB -Secretary of State Colorado", "description": "There are several compromised certificate on Secretary of State Colorado. I focused on one.\nMalicious - Writes to STDOUT", "modified": "2026-01-28T21:05:58.898000", "created": "2025-12-29T21:57:44.075000", "tags": [ "subscribe", "unsubscribe", "s paris", "englewood", "united", "state", "skip", "espaol", "summary", "filing history", "present jul", "a domains", "present jun", "present oct", "present dec", "script urls", "present aug", "moved", "link", "meta", "msie", "chrome", "passive dns", "gmt content", "ipv4", "urls", "files", "title", "ipv4 add", "america flag", "america asn", "related pulses", "united states", "cloudflare a", "div div", "span span", "domain", "cloudflare", "content type", "click", "dynamicloader", "get opera", "host", "tlsv1", "install", "external ip", "lookup", "intel", "ms windows", "ogoogle trust", "write", "malware", "ip address", "search", "present nov", "backdoor", "bq dec", "win32small dec", "next associated", "virtool", "reverse dns", "australia asn", "twitter", "status", "name servers", "expiration date", "hostname add", "unknown soa", "domain add", "form", "entries", "url analysis", "error", "body", "date", "high", "ssh scan", "tcp syn", "resolverror", "show", "outbound", "yara detections", "potential ssh", "contacted", "copy", "icmp traffic", "dns query", "therahand certificat", "sos", "secretary of state", "writes_to_stdout" ], "references": [ "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "Alerts: nolookup_communication writes_to_stdout", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "ELF:Agent-AQB\\ [Trj]", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Agent-31853", "display_name": "Win.Trojan.Agent-31853", "target": null }, { "id": "Backdoor:Win32/Small.IR", "display_name": "Backdoor:Win32/Small.IR", "target": "/malware/Backdoor:Win32/Small.IR" }, { "id": "Win.Downloader.92-4", "display_name": "Win.Downloader.92-4", "target": null }, { "id": "Win.Trojan.Fugrafa-9733007-0", "display_name": "Win.Trojan.Fugrafa-9733007-0", "target": null }, { "id": "ELF:Agent-AQB\\ [Trj]", "display_name": "ELF:Agent-AQB\\ [Trj]", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1561, "domain": 158, "hostname": 637, "FileHash-MD5": 121, "FileHash-SHA1": 97, "email": 8, "FileHash-SHA256": 561, "SSLCertFingerprint": 1 }, "indicator_count": 3144, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "122 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO", "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "ELF:Agent-AQB\\ [Trj]", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "Yara Detections: is__elf", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "Alerts: nolookup_communication writes_to_stdout", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Win.trojan.fugrafa-9733007-0", "Backdoor:win32/small.ir", "Elf:agent-aqb\\ [trj]", "Win.trojan.agent-31853", "Win.downloader.92-4" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 7, "pulses": [ { "id": "69fb3d6585753bfdc08890a4", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:54:34.222000", "created": "2026-05-06T13:08:53.749000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 662, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7, "CVE": 1 }, "indicator_count": 2687, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d632800402652054b73", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:51.417000", "created": "2026-05-06T13:08:51.417000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d628de55fd4fef0e2bc", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:50.546000", "created": "2026-05-06T13:08:50.546000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d5b5642ffb183d38fa8", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:43.093000", "created": "2026-05-06T13:08:43.093000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d58494c7b444832ea5b", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:40.248000", "created": "2026-05-06T13:08:40.248000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb3d5596fa1ad26e3f4319", "name": "vxCube \u2014 Report + other sandboxes- Firmware Nuetral", "description": "[sample of malicious software from the Firefox operating system has been analysed by Microsoft's security team, the Office of the President, and the Microsoft Research Research Centre (MSR) in the US.]", "modified": "2026-05-06T13:08:37.416000", "created": "2026-05-06T13:08:37.416000", "tags": [ "port", "protocol level", "application", "next connection", "previous", "address", "full path", "behavior", "programfiles", "system32", "dump", "malicious", "path", "nethandle", "net108", "net1080000", "mcics", "orgid", "mcics address", "loudoun county", "pkwy city", "postalcode", "orgtechhandle", "services", "city", "stateprov", "rabuseref", "rabusehandle", "brockdorff", "c source", "utf8 unicode", "c program", "crlf", "lf line", "united", "https", "mitre attack", "network info", "processes extra", "tls version", "overview", "overview os", "x sandbox", "verdict", "next", "parent pid", "command line", "default", "nothing", "registry keys", "openasrundll c", "shell folders", "file execution", "k netsvcs", "ascii text", "categories", "settings", "mwdb", "bazaar", "sha3384", "ssdeep", "file size", "inprocserver32", "file type", "accept", "shutdown", "stream", "template", "cname", "value a", "first counter", "bearer", "mbisslshort", "bridge", "info", "date", "agent", "root", "mutexes nothing", "files c", "read files", "read registry", "keys nothing", "ipmgmt", "orgtechref", "orgabusehandle", "orgabuseref", "win1", "acrongl integ", "adc4240758", "heuristic match", "pattern match", "x2dax2da", "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "api key", "vetting process", "please note", "please", "angsana new", "back", "style", "cohasset police", "department", "doctype html", "head", "link", "cohasset", "title", "noscript", "meta", "performs dns", "urls", "downloads", "found", "http", "phishing" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/3a84ea97f8bfafb4a3ad6afa252315fa2c3529a732cad9070f045696dea0095e_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070092&Signature=yQBUKJDn%2FE85%2Bvl5P67ywdjBoRJ9GZj%2F%2BePT2hJjEffamM3aO%2BQVSWq3TEsVfnNMCrMPcAsJaRu64RPZJxztS%2BgQtOpCjQFUv%2FtAUou8ougQPOunxMuuX1m3PjxBDqourRIeENFZO77MUSjWuVCFEtG882utsoMv2%2FovTPqG8LU0NxjlfwMovVpkkg94Dl1tZ6O0VYlnipdZBtM6Web8IAlNUAyR4CvJrv%2BM1IR67fi", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070807&Signature=3Dm7s%2FWRPcwn5VP1fZqDViARRLpzpU7PhwwfHx%2BqMe02mkhGSmislwkS8ckH3N1K1YNVxQfqnYu89FHUKpUwC%2BOyk62pASZINgeaGaCbiysNZvDGs%2F2bN6sqg3bmKDPeVDLF34BlRrnunSY9pW0x1yITnVIRn%2FuSz9QZWFDonZBEPgt35JYofh7f9yIlA748rsPLmeMPA3RByc2n0aof5W3ghVdeTr90wlQAPidcpmEWNRXCEYPH", "https://vtbehaviour.commondatastorage.googleapis.com/076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778070947&Signature=Pkvb9Ml3f67kATtPQnKDPoRC9hQFahD3ukXAX89sLQoBuLuyPnKpZAOIOnSPYjdPv4WWamTA32WSWfVjVswMo%2FxhdtvqyQ3BysNGqKOT35gQ1YGZkZE2%2Bx6lA0XHfdv7ZLkCTVyTUd5O2WzXo1zqFBiyh3PORdPcyikZvKrywiURORR5HeHZ1KRu5Mc%2Fy5u%2FVhA4hHTzRLJiNgzC0LCacu5aimzZ%2F5uWpy6xypNiXN5HwM4hrXNW", "https://vtbehaviour.commondatastorage.googleapis.com/da7e7a13944b0bf0f34215c4dd57810f470a43940141f9799841bce91c42b40e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071428&Signature=jg4VsRqc9AHseQKbSiN9X3N19v33%2B77cUjnoREoq3%2FAmob%2FK3l8KEZhhL1wGCFaOtjmj50aTom8QTJxDGPm9rawrO8J1V%2B8zF%2FRlfppMMiuQBSmfbpNhkJREFuRAjCvwHAxsrsixKwbxYtOMD%2FU5QrBSrkg%2B8xV3PpeZdM0J5dM8Ay%2Be1ZBCPy36ntYzbevszIsncCdUaH0Xy9WnsHV7Ps09g%2F1Z7z9rGZWdCZrPqZi3", "https://vtbehaviour.commondatastorage.googleapis.com/d3913c5d8f77fff5191b43bd32dbd8178958891bd1d90efe7a7d969ef4ab602d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778071932&Signature=j2umSLl4iyhp%2FxLzsH2vZYAyU%2Fx8ki4zCfuDcXx4UgkjsO5DPIByYk043fTjoRkyd542Vqqz%2F22PYnjwhhjRJ7lXaJCPCcmtSfsWP1zGllMKIgDV57e%2FmtN%2FAzQ%2BNlqIVxXmL9peGu%2B75w6x0YaGUTBYw17iOlL87DRfZhl8Li6xlA7cX4eSHodT%2BO2B7k3D6bzQend61z62Mq76xqXV5zkXIyZCOU9a4KnKZ53nXkwnqm", "https://vtbehaviour.commondatastorage.googleapis.com/3d1c4ea329813f1aec4d7de630dc13acb95bd7b767338efe5b533fca04ff48d8_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072001&Signature=gIJuOyCvRHsKP79iVyX27BLkKoVj4d7bKoB84FCSGxlJ9zsLuc7J3OmaluxaiqoJu4T2o7aeANdkYMz6d8wD3%2BFD0dQQU5%2FOhhMAbYBXp73p39CyDndq1e9LD3eNxfnr0uIrt3RccUEfgo2LF8ktZh%2BPm82SICNgJeTwVv3L2YifDZTr0lPeII2WWqpPYd4Y7qWgyUEjXmipc0SPAWZhVHXPY0DJmHbFkv%2F%2FeObiESxFAH%2BCZn", "https://vtbehaviour.commondatastorage.googleapis.com/1e5907b4cc44209637af8273555449b066fe9ce01179cd74c792e4a355a7aa4a_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072217&Signature=gM91SnakBbk714%2BMza0mWtlxTRy66cB0QyotuErcCDzM8yQYmu6%2Bcy7Z1y970ywZpR05P6F4GhC8w%2Fhcd9kx0fAodkFhb3wHR6C%2F2yqPY1UMuIAOAjc6gmmrRk7%2F4M7m4MVTtnOGppQBfs9YQbqQ0ngyL5CES9vxGqIcyOOgLBRwVYQJ9PRdr5QHxDsJ8oQnGTKtuy4SKZnWfNJC7dAJhebDBsgHJRkYO9oUnFoY5uBh%2FFcveZ", "https://hybrid-analysis.com/sample/96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "https://hybrid-analysis.com/file-collection/674d072894a867c6c2076c5d", "https://hybrid-analysis.com/file-collection/655e17cc95592e2d640f556e", "https://vtbehaviour.commondatastorage.googleapis.com/e1280a3b44c48db6234162ad01131ca61f7e8733d78e2e192a53c34a460c6614_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072860&Signature=7lMnvE%2BOZ3HyFUJ9u4mf%2BszccaSI9tFlLU%2FfFNImL7UJfki9ecs6q%2B1ctALN1bsjGkAAmR9EemyHqlljLWn0e%2BoroBznqlwJhGInZW%2FonsioPQgc1Py97%2BpBefHrTJQoW%2FKPNt%2FOfifRY5PeC%2BIrYsr3NTQFk0GbjkyYzcYUA1VVNk6Tl7INGc5cfzN0o8cHk0Vu6pfai%2FBIw7tHSKEtOwq%2BiUFz6sY9KjZ%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072961&Signature=Q1ToAg2fEJbCycZPLTn9XcCcTr7hbVsPvcEd3FyzA%2Fy30S%2F3Fjcr97ZWpo7uFwPWCJ%2B%2FXnWhv108WKa4cKTtueHRihldYXzmlbuKcEHzLgws%2FhCjFy3I8vkwV5Kism8%2FmeFsjp4y9wjLnXq51zsKHczGeUoYWTb7iko%2FVsiD6A%2B5n3ypJ5NcOp6xfCO0P7ty6%2FSLA5htYnTAkWzzC%2FI%2B0hD5Bp2BpWg1BIB7xyVB", "https://vtbehaviour.commondatastorage.googleapis.com/1e50a19bf657ed59e87edf7163629a66006d6c04159f839d0333fea0f208bac2_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778072988&Signature=1hSTk5zfAHok3rOeIvCrcVDNrMwVfu7yBxcOq5aYmB3x%2BN3QpW%2BDwvNCBsO4Jf8zXhfzvs%2BYQ8xMFx4Fh%2Bpq1Fijdl5Yewxpj61VU5lf2R3Tb9n3hOu6QgbLTSllehitudG4Z8qG33j6gu0t2wdMCNtMu46i%2B9Onj8DH5ZU5PgueMIAXDPYPD6u5GS4OjmmjihyNDlkuv2HdmzrGlVMWKpTOa7tUNtpbJkhQ8IivcOfOe3nNtEx94wExAEVO" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 204, "IPv4": 246, "URL": 661, "hostname": 421, "FileHash-SHA256": 532, "domain": 137, "FileHash-MD5": 473, "CIDR": 4, "email": 7 }, "indicator_count": 2685, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6952f958f5dee394ed5ee9f1", "name": "Agent-AQB -Secretary of State Colorado", "description": "There are several compromised certificate on Secretary of State Colorado. I focused on one.\nMalicious - Writes to STDOUT", "modified": "2026-01-28T21:05:58.898000", "created": "2025-12-29T21:57:44.075000", "tags": [ "subscribe", "unsubscribe", "s paris", "englewood", "united", "state", "skip", "espaol", "summary", "filing history", "present jul", "a domains", "present jun", "present oct", "present dec", "script urls", "present aug", "moved", "link", "meta", "msie", "chrome", "passive dns", "gmt content", "ipv4", "urls", "files", "title", "ipv4 add", "america flag", "america asn", "related pulses", "united states", "cloudflare a", "div div", "span span", "domain", "cloudflare", "content type", "click", "dynamicloader", "get opera", "host", "tlsv1", "install", "external ip", "lookup", "intel", "ms windows", "ogoogle trust", "write", "malware", "ip address", "search", "present nov", "backdoor", "bq dec", "win32small dec", "next associated", "virtool", "reverse dns", "australia asn", "twitter", "status", "name servers", "expiration date", "hostname add", "unknown soa", "domain add", "form", "entries", "url analysis", "error", "body", "date", "high", "ssh scan", "tcp syn", "resolverror", "show", "outbound", "yara detections", "potential ssh", "contacted", "copy", "icmp traffic", "dns query", "therahand certificat", "sos", "secretary of state", "writes_to_stdout" ], "references": [ "https://www.coloradosos.gov/biz/BusinessEntityDetail.do?quitButtonDestination=BusinessEntityResults&nameTyp=ENT&masterFileId=20221473927&entityId2=20221473927&fileId=20251525819&srchTyp=ENTITY", "ELF:Agent-AQB\\ [Trj] IDS Detections: Potential SSH Scan Potential SSH Scan OUTBOUND", "Yara Detections: is__elf", "Alerts: dead_host known_hosts_conn network_icmp tcp_syn_scan osquery_detection", "Alerts: nolookup_communication writes_to_stdout", "IP\u2019s Contacted 2530 IP\u2019s Contacted 1.0.0.1 1.0.0.10 1.0.0.100 1.0.0.101 1.0.0.102 | Domains Contacted: 9654s.com", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a", "ELF:Agent-AQB\\ [Trj]", "https://otx.alienvault.com/indicator/file/aeb3d5ec1d144a7b2d51bdb603c052fd52700defb1b039491c4df3f32ece517a" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Agent-31853", "display_name": "Win.Trojan.Agent-31853", "target": null }, { "id": "Backdoor:Win32/Small.IR", "display_name": "Backdoor:Win32/Small.IR", "target": "/malware/Backdoor:Win32/Small.IR" }, { "id": "Win.Downloader.92-4", "display_name": "Win.Downloader.92-4", "target": null }, { "id": "Win.Trojan.Fugrafa-9733007-0", "display_name": "Win.Trojan.Fugrafa-9733007-0", "target": null }, { "id": "ELF:Agent-AQB\\ [Trj]", "display_name": "ELF:Agent-AQB\\ [Trj]", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1561, "domain": 158, "hostname": 637, "FileHash-MD5": 121, "FileHash-SHA1": 97, "email": 8, "FileHash-SHA256": 561, "SSLCertFingerprint": 1 }, "indicator_count": 3144, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "122 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "traffic.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "traffic.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780241665.833622 }