{ "type": "Domain", "indicator": "trustpilot.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/trustpilot.com", "alexa": "http://www.alexa.com/siteinfo/trustpilot.com", "indicator": "trustpilot.com", "type": "domain", "type_title": "Domain", "validation": [ { "source": "akamai", "message": "Akamai rank: #3915", "name": "Akamai Popular Domain" }, { "source": "alexa", "message": "Alexa rank: #350", "name": "Listed on Alexa" }, { "source": "majestic", "message": "Whitelisted domain trustpilot.com", "name": "Whitelisted domain" }, { "source": "whitelist", "message": "Whitelisted domain trustpilot.com", "name": "Whitelisted domain" } ], "base_indicator": { "id": 2651289939, "indicator": "trustpilot.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 22, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ede4900c0c36d508b00892", "name": "VirusTotal report for index.html tlp:green", "description": "[The following is the full text of the following:..woff2/akamai/clientlib-brand-base/resources/InstrumentSans-Variable-Latin-Italic] pdfkit[.net] = trans ip. Otx kept having server errors when trying to upload more comprehensive reports on this. Interference not by otx, suspect.", "modified": "2026-05-26T10:06:50.708000", "created": "2026-04-26T10:10:24.165000", "tags": [ "html internet", "html document", "unicode text", "utf8 text", "ascii text", "language", "https", "mitre attack", "network info", "processes extra", "transip", "performs dns", "t1055 process", "layer protocol", "overview", "overview zenbox", "title", "next", "meta", "link", "path", "doctype html", "ieedge", "bezet", "head", "body", "get url", "ip reputation", "divi child", "site kit", "google", "truetype", "woff", "user", "agent", "style", "original", "unknown", "has permission", "tls version", "file type", "loads", "urls", "persistence", "cloud", "malicious", "found", "dropped info", "zenbox android", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 554, "FileHash-MD5": 53, "FileHash-SHA1": 4, "URL": 561, "hostname": 275, "domain": 114 }, "indicator_count": 1561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ca434ee788ab3d090e6013", "name": "PDFKIT.NET - Trust Bypass Continued Concerns", "description": "A complete list of key facts and statistics:..3-magnitude-based data-sharing platform, which was first created in 2003, has been published by the University of Oxford.<-- Pretext. Msudosos: Ongoing concerns persist regarding the use of the pdfkit.net library in specific DMV versions, which may allow for trust bypass across multiple platforms. Research indicates that isolating affected areas or voiding certificates will not remediate this issue, as the corrupted trusted root persists even after firmware-level restores.", "modified": "2026-05-16T07:23:42.485000", "created": "2026-03-30T09:33:02.363000", "tags": [ "fcc", "trust bypass", "pi", "hollow-root", "pdfkit.net", "cryptographically-invalid", "Docusign as an exploit", "gov / infra / healthcare / mun", "education", "US", "globalsign2020", "noend--point.", "null" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Netherlands", "Italy", "United States of America" ], "malware_families": [ { "id": "Stefan", "display_name": "Stefan", "target": null } ], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [ "Telecommunications", "Education", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 156, "domain": 49, "email": 4, "hostname": 227, "FileHash-SHA1": 230, "FileHash-SHA256": 323, "FileHash-MD5": 321, "CVE": 6, "IPv4": 118 }, "indicator_count": 1434, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-16T07:01:32.826000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 94, "FileHash-SHA1": 70, "FileHash-SHA256": 294, "domain": 50, "hostname": 410, "URL": 281, "CIDR": 1, "email": 3, "IPv4": 2 }, "indicator_count": 1205, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bf6063da146ed025a8890f", "name": "Double Umbrella Wixc2 Followup Iocs", "description": "The full text of the report on GoDaddy.com, which was published on 1 January 2017, is published online by the Internet Service Authority (icann) and will not be displayed on its website.>>><<<< pretext i didnt write - refer to my double umbrella post for big IP data", "modified": "2026-05-16T07:01:20.093000", "created": "2026-03-22T03:22:11.640000", "tags": [ "script urls", "present jun", "present jul", "a domains", "status", "present aug", "date", "united", "present feb", "meta", "title", "encrypt" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 298, "FileHash-SHA1": 280, "FileHash-SHA256": 336, "URL": 327, "domain": 548, "email": 8, "hostname": 136 }, "indicator_count": 1933, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-08T06:44:52.553000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7 }, "indicator_count": 1704, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc0f45c9945c939e6406f2", "name": "The dates are odd lately, so Im going back in history.", "description": "[ at the key vulnerabilities in Fortinet FortiOS 6.0.7 and FortiProxy 2.2.3.4.9.. and the full list of vulnerabilities]\nCVE 2018 and its associated current malware dating mostly 2020-2024", "modified": "2026-05-07T05:26:18.669000", "created": "2026-05-07T04:04:21.095000", "tags": [ "targeted", "legal", "epss", "impact", "scan endpoints", "all msudosos", "pulse pulses", "files", "exploits", "cve overview", "media", "defense", "energy", "authentication" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 8, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "domain": 10, "URL": 64, "hostname": 23 }, "indicator_count": 126, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-05-07T02:57:38.229000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "IPv4": 186, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11083, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-05-05T05:04:02.911000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "IPv4": 162, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10828, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f53a2d55fd1ee070d57d25", "name": "Coordinated Vulnerability Disclosure \u2014 trustpilot.com", "description": "Per https://saviourr.org/uam-1.json \u2014 verify at https://saviourr.org/.well-known/security.txt", "modified": "2026-05-01T23:41:33.930000", "created": "2026-05-01T23:41:33.930000", "tags": [ "cvd", "iso-29147", "rfc-9116" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "MST478293", "id": "402211", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1 }, "indicator_count": 1, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bf65566ad1032d77814945", "name": "Double Umbrella Wixc2 Followup Iocs [cloned pulse by msudosos]", "description": "", "modified": "2026-04-21T03:04:40.439000", "created": "2026-03-22T03:43:18.431000", "tags": [ "script urls", "present jun", "present jul", "a domains", "status", "present aug", "date", "united", "present feb", "meta", "title", "encrypt" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "69bf6063da146ed025a8890f", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 148, "FileHash-SHA1": 130, "FileHash-SHA256": 186, "URL": 324, "domain": 545, "email": 8, "hostname": 136 }, "indicator_count": 1477, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "40 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "695089cbedad5c86f39b1363", "name": "Tracking Domains 03.03.26 (Updated Test)", "description": "Privacy Badger - Update on 01.09.26\nTracking domains on a hybrid (mobile laptop) clone of an AHS/Covenant Health, UAlberta (University of Alberta), and Government of Alberta Laptop.\nHealthcare: No Cybersecurity, EDU: No Cybersecurity / Remote only, GoA = Informed & don't quite know what to do or to whom this should be brought up with.", "modified": "2026-04-05T06:35:43.679000", "created": "2025-12-28T01:37:15.993000", "tags": [ "privacy badger", "sites general", "settings widget", "domains manage", "data privacy", "badger", "hide" ], "references": [ "https://hybrid-analysis.com/sample/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86", "https://yaraify.abuse.ch/scan/results/32bfc760-1757-11f1-b47f-42010aa4000b", "https://polyswarm.network/scan/results/file/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86", "https://app.threat.zone/submission/c8b0b1e4-0c9b-4210-b5ce-1dc2303445df/overview", "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs", "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/summary", "https://www.virustotal.com/graph/embed/g6d4bce6162064ac09cd20411c1947e69d7d5a1d475f0447da023ac933d338fce?theme=dark", "https://viz.greynoise.io/ip/analysis/6356f330-63a7-4ce3-91fa-7ab355a1dc1a" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America", "Netherlands" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Healthcare", "Government", "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 50404, "hostname": 10879, "URL": 715, "FileHash-MD5": 1 }, "indicator_count": 61999, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "56 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69a552fd9d101a62085afa08", "name": "48f3d614d7a5bb1d98de0387af6f48fb8d08f892982821bbe9fd7dc867185454", "description": "More to come. #acoupleofbadapples", "modified": "2026-04-01T09:17:38.908000", "created": "2026-03-02T09:06:05.279000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 39, "FileHash-SHA1": 45, "FileHash-SHA256": 202, "CIDR": 2, "URL": 24, "domain": 121, "hostname": 23, "email": 6 }, "indicator_count": 462, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "60 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64ed117e2308a042e50e1e9e", "name": "Investigation of Distribution Vectors and Threat Network Infrastructure", "description": "Targets: Individual(s), University of Alberta Infrastructure, Covenant Health (Alberta Health Services), TELUS Communications (Network & Mobile infrastructure), Government of Alberta, Government of Canada. International entities spanning primarily government, healthcare, and educational institutions.", "modified": "2025-11-23T23:20:07.571000", "created": "2023-08-28T21:28:30.294000", "tags": [ "Domains", "ip addresses", "URLs", "Files", "Alberta Health Services", "BEC", "Education", "University of Alberta", "Government of Alberta", "Covenant Health Alberta", "Telus Communications", "Canadian Universities", "Malicious Certificates", "Digital Identity Theft / Credential Theft" ], "references": [ "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376", "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b", "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783", "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e", "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328", "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305", "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98", "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary", "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac", "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a", "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d", "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327", "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042", "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984", "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5", "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53", "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7", "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8", "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500", "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary", "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9", "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs", "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark", "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602", "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph", "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs", "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b", "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7", "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c", "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188", "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f", "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark", "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light", "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark", "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs", "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076", "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs", "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c", "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs", "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark", "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f", "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs", "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark", "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark", "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark", "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark", "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark", "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886", "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs", "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs", "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]" ], "public": 1, "adversary": "Unknown APT Group(s) / Threat Actor (s)", "targeted_countries": [ "Canada", "United States of America", "Philippines", "Panama", "Netherlands", "Anguilla", "Saint Vincent and the Grenadines", "Aruba", "Mexico", "Guatemala", "Costa Rica", "Tanzania, United Republic of" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Healthcare", "Government" ], "TLP": "white", "cloned_from": null, "export_count": 111, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 236, "FileHash-SHA1": 139, "FileHash-SHA256": 1421, "URL": 9580, "CIDR": 30, "domain": 10205, "email": 12, "hostname": 517612, "IPv4": 11, "CVE": 62 }, "indicator_count": 539308, "is_author": false, "is_subscribing": null, "subscriber_count": 146, "modified_text": "188 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "691b61e16cea7624a6606a69", "name": "For Later", "description": "***", "modified": "2025-11-17T18:46:19.094000", "created": "2025-11-17T17:56:49.875000", "tags": [ "wormhole", "want", "sign", "submit send", "copy", "share show", "report delete", "faq roadmap", "security legal", "twitter discord", "protected" ], "references": [ "https://wormhole.app/Pp5DdP#3EpzsqLhw5lJdQ0Xe_mRQA", "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 72127, "hostname": 16700, "URL": 50 }, "indicator_count": 88877, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "194 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66b0fa3624bf0384e427f2e7", "name": "Tracking Domains 4.2 - 08.19.24", "description": "Tracking Domains detected by Privacy Badger Ext. on Microsoft Edge Browser (W11 Device) using Telus ISP (ASN852)\n*Not-Enriched (08.05.24): ~50,000 suggests IOCs by AlienVault\nFrom VT: 2 IPs hosted by 45090 (Shenzhen Tencent Computer Systems Company Limited) & 4611 (CNNIC member) seem to be the problem here 118[.]89.204.198, 118[.]89.0.0/16 & 202[.]123.107.15, 202[.]123.107.0/24 (Respectively)", "modified": "2024-09-04T15:01:01.432000", "created": "2024-08-05T16:13:42.563000", "tags": [], "references": [ "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/iocs", "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/summary", "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/graph", "https://www.virustotal.com/graph/embed/ge839428bb3e24a98aae8cbcc242ae4d8febdc0c46e49411ebb09d155e22b4bbc?theme=dark", "https://viz.greynoise.io/query/AS4611", "https://urlscan.io/asn/AS4611", "https://urlscan.io/search/#asn:%22AS4611%22", "https://urlscan.io/asn/AS45090", "https://urlscan.io/search/#asn%3A%22AS45090%22", "https://viz.greynoise.io/query/AS45090", "https://urlscan.io/result/aeb42615-79b7-465d-924e-c9bdde3eefd1/#transactions", "https://urlscan.io/result/d4bf08e4-88dc-4bf8-be34-6b352576882e/#behaviour", "Filescan[.]io report: bc47c757-0a4d-4659-98d4-5d0c86406462 (08.23.24)", "https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-be" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology" ], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 6180, "FileHash-MD5": 1, "domain": 24921, "URL": 10854 }, "indicator_count": 41956, "is_author": false, "is_subscribing": null, "subscriber_count": 140, "modified_text": "634 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66269b1f33258a8e26033b17", "name": "Tracking Domains - Part 4.1", "description": "More Tracking Domains", "modified": "2024-08-30T13:02:28.335000", "created": "2024-04-22T17:15:11.398000", "tags": [ "Tracking Domains" ], "references": [ "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs", "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark", "https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 94496, "FileHash-MD5": 63, "domain": 112327, "URL": 166918, "FileHash-SHA1": 33, "FileHash-SHA256": 103, "CIDR": 216 }, "indicator_count": 374156, "is_author": false, "is_subscribing": null, "subscriber_count": 142, "modified_text": "639 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66269b204ecfba63974dc1d8", "name": "Tracking Domains - Part 4", "description": "More Tracking Domains", "modified": "2024-05-22T17:04:45.215000", "created": "2024-04-22T17:15:12.353000", "tags": [ "Tracking Domains" ], "references": [ "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs", "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 792, "FileHash-MD5": 1, "domain": 5803, "URL": 2 }, "indicator_count": 6598, "is_author": false, "is_subscribing": null, "subscriber_count": 136, "modified_text": "739 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f152513c2dcc0f4e3406e", "name": "Threat Network Root & Distribution Vectors Probe", "description": "", "modified": "2023-10-30T02:29:57.489000", "created": "2023-10-30T02:29:57.489000", "tags": [ "Domains", "ip addresses", "URLs", "Files", "Alberta Health Services", "BEC", "Education", "University of Alberta", "Government of Alberta", "Covenant Health Alberta", "Telus Communications", "Canadian Universities", "Malicious Certificates", "Digital Identity Theft / Credential Theft" ], "references": [ "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376", "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b", "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783", "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e", "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328", "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305", "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98", "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary" ], "public": 1, "adversary": "Unknown APT Group(s) / Threat Actor (s)", "targeted_countries": [ "Canada", "United States of America", "Philippines", "Panama", "Netherlands", "Anguilla", "Saint Vincent and the Grenadines", "Aruba", "Mexico", "Guatemala", "Costa Rica", "Tanzania, United Republic of" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Healthcare", "Government" ], "TLP": "white", "cloned_from": "65133d6945641812c2ccc6ee", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 230, "FileHash-SHA1": 139, "FileHash-SHA256": 1197, "URL": 9276, "CIDR": 16, "domain": 7895, "email": 2, "hostname": 1965 }, "indicator_count": 20720, "is_author": false, "is_subscribing": null, "subscriber_count": 226, "modified_text": "944 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1524792f3064843d826f", "name": "Threat Network Root & Distribution Vectors Probe", "description": "", "modified": "2023-10-30T02:29:56.006000", "created": "2023-10-30T02:29:56.006000", "tags": [ "Domains", "ip addresses", "URLs", "Files", "Alberta Health Services", "BEC", "Education", "University of Alberta", "Government of Alberta", "Covenant Health Alberta", "Telus Communications", "Canadian Universities", "Malicious Certificates", "Digital Identity Theft / Credential Theft" ], "references": [ "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376", "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b", "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783", "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e", "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328", "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305", "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98", "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary" ], "public": 1, "adversary": "Unknown APT Group(s) / Threat Actor (s)", "targeted_countries": [ "Canada", "United States of America", "Philippines", "Panama", "Netherlands", "Anguilla", "Saint Vincent and the Grenadines", "Aruba", "Mexico", "Guatemala", "Costa Rica", "Tanzania, United Republic of" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Healthcare", "Government" ], "TLP": "white", "cloned_from": "65133d6945641812c2ccc6ee", "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 230, "FileHash-SHA1": 139, "FileHash-SHA256": 1197, "URL": 9276, "CIDR": 16, "domain": 7895, "email": 2, "hostname": 1965 }, "indicator_count": 20720, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "944 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65133d6945641812c2ccc6ee", "name": "Threat Network Root & Distribution Vectors Probe", "description": "", "modified": "2023-09-27T21:01:26.901000", "created": "2023-09-26T20:22:01.290000", "tags": [ "Domains", "ip addresses", "URLs", "Files", "Alberta Health Services", "BEC", "Education", "University of Alberta", "Government of Alberta", "Covenant Health Alberta", "Telus Communications", "Canadian Universities", "Malicious Certificates", "Digital Identity Theft / Credential Theft" ], "references": [ "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376", "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b", "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783", "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e", "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328", "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305", "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98", "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary" ], "public": 1, "adversary": "Unknown APT Group(s) / Threat Actor (s)", "targeted_countries": [ "Canada", "United States of America", "Philippines", "Panama", "Netherlands", "Anguilla", "Saint Vincent and the Grenadines", "Aruba", "Mexico", "Guatemala", "Costa Rica", "Tanzania, United Republic of" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Healthcare", "Government" ], "TLP": "white", "cloned_from": "650fda65975555b2dabc023e", "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 230, "FileHash-SHA1": 139, "FileHash-SHA256": 1197, "URL": 9276, "CIDR": 16, "domain": 7895, "email": 2, "hostname": 1965 }, "indicator_count": 20720, "is_author": false, "is_subscribing": null, "subscriber_count": 234, "modified_text": "976 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650fda65975555b2dabc023e", "name": "Threat Network Root & Distribution Vectors Probe ( disabe_duck curated pulse) ", "description": "", "modified": "2023-09-27T21:01:26.901000", "created": "2023-09-24T06:42:45.462000", "tags": [ "Domains", "ip addresses", "URLs", "Files", "Alberta Health Services", "BEC", "Education", "University of Alberta", "Government of Alberta", "Covenant Health Alberta", "Telus Communications", "Canadian Universities", "Malicious Certificates", "Digital Identity Theft / Credential Theft" ], "references": [ "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376", "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b", "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783", "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e", "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328", "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305", "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98", "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary" ], "public": 1, "adversary": "Unknown APT Group(s) / Threat Actor (s)", "targeted_countries": [ "Canada", "United States of America", "Philippines", "Panama", "Netherlands", "Anguilla", "Saint Vincent and the Grenadines", "Aruba", "Mexico", "Guatemala", "Costa Rica", "Tanzania, United Republic of" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Healthcare", "Government" ], "TLP": "white", "cloned_from": "64ed117e2308a042e50e1e9e", "export_count": 31, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 230, "FileHash-SHA1": 139, "FileHash-SHA256": 1197, "URL": 9276, "CIDR": 16, "domain": 7895, "email": 2, "hostname": 1965 }, "indicator_count": 20720, "is_author": false, "is_subscribing": null, "subscriber_count": 225, "modified_text": "976 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/graph/g38632f8b939b443ab3b69f6a3171d02ffd2696a0f3714325a84b9a5f227a7d1c", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2", "https://www.virustotal.com/graph/embed/g6d4bce6162064ac09cd20411c1947e69d7d5a1d475f0447da023ac933d338fce?theme=dark", "https://www.virustotal.com/gui/collection/2c8e8189f77f80c97f4192dff56750f9603651db2cc6cca045f53e274f4b090e", "https://www.virustotal.com/graph/embed/g3b316b58b8c54064b322b2e186d62950d7632add2f3f408f8d8a1706563fd3c0?theme=dark", "https://www.virustotal.com/gui/collection/bb0c0633dbe98b659fb06e07acd6e1f51ca43d3a1b4be09b4e9bfe8b3fde0cdb", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://polyswarm.network/scan/results/file/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86", "https://www.virustotal.com/gui/collection/3bf1c0922ee6f4d041effbf9f72a21a1e9f4b38d0593cfbeaca24851cf712eac", "https://www.virustotal.com/gui/collection/daab0521ae533cbdfeec047e51a9499aedfd27c8cc05c644950126c1947131f9", "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/summary", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://www.virustotal.com/graph/embed/g0844b0f8d48c4bfab3ae40a376456055e267e54952fe40e0a79f63cc17550863?theme=dark", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://urlscan.io/asn/AS45090", "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/summary", "https://www.virustotal.com/gui/collection/0c9360cb9f8601bd6cdf912eb414d67902487f0c4eec96e952377e300ff4e983/iocs", "https://hybrid-analysis.com/sample/6a8efb46a1811fab955b629b37b5c483a812cc66519436acd726ff2a854f7a86", "https://wormhole.app/Pp5DdP#3EpzsqLhw5lJdQ0Xe_mRQA", "https://urlscan.io/search/#asn:%22AS4611%22", "https://www.virustotal.com/gui/collection/1497c56a475d73236c67292964eabd7f8961f88c57fa5a2e3f30720dc29a51e7", "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602", "https://app.threat.zone/submission/c8b0b1e4-0c9b-4210-b5ce-1dc2303445df/overview", "https://urlscan.io/search/#asn%3A%22AS45090%22", "https://www.virustotal.com/gui/collection/d142f78015e1c929cedae31dba7e5b735b6dedfc31e4759d8ec5f02c16328b98", "https://www.virustotal.com/gui/collection/aabd4abecf7099202ccbfbc1cec130ea266329ade38b040169399c6abf97a188", "https://www.virustotal.com/gui/collection/b8a6d1fcd73207ba46eae6806b946c4b539f301e718f3fba21fa4e797d4b5783", "https://viz.greynoise.io/ip/analysis/6356f330-63a7-4ce3-91fa-7ab355a1dc1a", "https://www.virustotal.com/gui/collection/86f3d77a28744357c14d92dba7ac6302d57700308c64b641513119d8fcad411f/iocs", "https://www.virustotal.com/gui/collection/fd8ebe64d72b2ad9e90773791522c3ec5863868dc3b9c58a929c6b4e01bb3042", "https://viz.greynoise.io/analysis/02a64dd4-d7e0-451c-8384-13cf23298551", "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://www.virustotal.com/gui/collection/2cdadbf6aa2ec4f9815c038b0e9375b1475ac7e049fd123861d6e925e7802c6a", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD", "https://www.virustotal.com/graph/g40f442f2b5d64cba818cac88855ba4ce274d109ce4ef4fb496f1af4efb993886", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://viz.greynoise.io/query/AS4611", "https://www.virustotal.com/gui/collection/12100cb4982365cfe5122fcedda2c084d60cebe09314846cae980c36fc90fc8c/iocs", "https://www.virustotal.com/gui/collection/f60b8061133367a1047262a1e90d54cd72de4d59885c267906c6eeb557a35500", "https://www.virustotal.com/gui/collection/6a4e699473879d39e15ed7cd130f2ee9543f842b92c9ad8b78e310968f4b086f", "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/graph", "https://www.virustotal.com/gui/collection/02bef6a3cf1a035ad5bfb238cac2e913f4ed9425847d7cec5e7dc4097aa3c352", "https://www.virustotal.com/graph/embed/g699a7b9bfb324855859555181d01666c372310cf233441e08a095459b3394dea?theme=dark", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://www.virustotal.com/gui/collection/bd65940df2423788fcc8623495dfdafdfd4236d93533db0256db5ff4347b65f9", "https://www.virustotal.com/gui/collection/bc7e252dcc07855314e153efe890d70e7a7e9b8a743e171eac31e5951260c1b7", "https://www.virustotal.com/gui/collection/da35693aa528a682ca91aee332c8155d99ac8e4a13077cc73b2a8921c8fea36b", "https://www.virustotal.com/gui/collection/4b166c2c1752d85215da951b15a065688bfe24ea92c65228a45ded6f2d94685b/iocs", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://www.virustotal.com/graph/embed/g9219350397134ff3a645319a88b67833077c9cf0f50d4979aa0239a3d0b6ecea?theme=dark", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://www.virustotal.com/graph/embed/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076?theme=dark", "https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-be", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://www.virustotal.com/gui/collection/ba238f4d585b87abb85c126f927090cb866facfa9e4e2e0db8e307aff553397d", "https://www.virustotal.com/graph/embed/g78ea5ea9b68b4a4bbcd2bc078e23b321985e72d90da146c19d8d80ede366c1fa?theme=dark", "https://www.virustotal.com/gui/collection/ee0928d5289165511398be0144460ff4c8663292be0a99a05ac955de2728a078/iocs", "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters.", "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/iocs", "https://www.virustotal.com/graph/embed/gc0d82762363b4aa88991027c391afdbfe9585395bd8d4273bbe09907fbfaf532?theme=light", "https://www.virustotal.com/graph/embed/g798b5e01446c4711ba22802009d71f5ba78553df16794088a907ae7456e2a017?theme=dark", "https://www.virustotal.com/graph/embed/g3dae42eb79cc447182e3a3dd746e462f0903d71c784d4f5cacf970954deea221?theme=dark", "https://urlscan.io/result/aeb42615-79b7-465d-924e-c9bdde3eefd1/#transactions", "https://yaraify.abuse.ch/scan/results/32bfc760-1757-11f1-b47f-42010aa4000b", "https://viz.greynoise.io/ip/analysis/ae06b3b5-c746-4b44-b2ac-19bb3aea14a1 [11.23.25 - 1000ipv4]", "https://urlscan.io/result/d4bf08e4-88dc-4bf8-be34-6b352576882e/#behaviour", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://www.virustotal.com/gui/collection/c1ea74232c607b23ded09484664f00ae58f911ccb82433d042056cbb84c9d602/iocs", "https://www.virustotal.com/gui/collection/385f419c1c3733dd9dd151d4403bdb38cb24d12c21f18ce8f4f41d818d7a12a5/summary", "https://www.virustotal.com/graph/g994d0094226240eba65c081dfbc3e4936aa010abf4db48049e3a964e7c5ad076", "https://www.virustotal.com/gui/collection/8d65d93130b4775903adbffbb53820d40bb9425dcf1848b806ffee65ee883984", "https://www.virustotal.com/gui/collection/27233a89c864ba0e77e672a8909fd63b4a8b6d457c9e4ff219f2a3e47db13376", "https://www.virustotal.com/gui/collection/18b52f4087178dedfee577ab7e53c5a86e84c2a7f901fa796240247f4be76f32/iocs", "https://viz.greynoise.io/query/AS45090", "https://www.virustotal.com/gui/collection/6434f0cf09638991baf3be289834696b46e11c4c6cbe1e7b9548f9ac27372b53", "https://www.virustotal.com/gui/collection/50919d9e9d6d71522b641a3907ed32093293c400a2ae4faaab142f175c48de4b", "https://www.virustotal.com/gui/collection/8f89eb9579ca53d15294ec27a4c1e763998ce57d3644ea746621d9fe0cb57e55/iocs", "https://www.virustotal.com/graph/embed/ge839428bb3e24a98aae8cbcc242ae4d8febdc0c46e49411ebb09d155e22b4bbc?theme=dark", "https://urlscan.io/asn/AS4611", "https://www.virustotal.com/gui/collection/a1866f4c7dbc79920d0c7e914a3bace0d3dc424a2aac06bf30bf724c6c8b0375/iocs", "https://www.virustotal.com/gui/collection/a6a81c8412b19ac6357a7c6e978c31a38d52a75fbb3b2e44f0f1a2bf0deb8a58/iocs", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://www.virustotal.com/gui/collection/be10f2ed2776b9b4028ac868814ab14bdd576ca5e5bce877ac2954389ba9d328", "Filescan[.]io report: bc47c757-0a4d-4659-98d4-5d0c86406462 (08.23.24)", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327", "https://www.virustotal.com/gui/collection/da124f42943c08f1cafdc1c42635457b0c69ccce41b4031263af3235717996a2/summary", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://www.virustotal.com/gui/collection/dbf356b0a281fa94308e2e24738d839491491bfb2defa4e6c42662646e52c8f8", "https://www.virustotal.com/gui/collection/8228434e85241bd42ae063de8cf2ee2afb86f0848675ed11e3f33b967e8c3c7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://www.virustotal.com/graph/embed/g6a67af8ffa22446da35d6989d7d0bc47efcd295eb893471e9b4912080c1dddef?theme=dark", "https://www.virustotal.com/gui/collection/343b947063e58a53ca281f5ad54a72a7fa1b9b6e4c1ca84de6202b99e3126327/summary", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs", "https://www.virustotal.com/gui/collection/33a61b144ffdece76551464e76866ab59346f0fa3f1f97380b401c1ac3f0d305", "https://www.virustotal.com/gui/collection/21cbd369ea901f41d51b666439aa41070c76eafb66dbbc6e56c86e0923b1569f/graph", "https://www.virustotal.com/graph/embed/g23481631a7c745c6ba19f72ce9f853643d17706c08ab44eb8851eb5c56c0f073?theme=dark" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Unknown APT Group(s) / Threat Actor (s)" ], "malware_families": [ "Stefan", "Wipes" ], "industries": [ "Government", "Telecommunications", "Education", "Technology", "Healthcare" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 22, "pulses": [ { "id": "69eb254f17eb4a2a990f07e5", "name": "LevelBlue - Open Threat Exchange", "description": "[ As part of security research, we look at some of the most well-known vulnerabilities in the PDF ecosystem, and how they can be identified and mitigated, with the help of a simple hash.] [64xxxx]", "modified": "2026-05-28T07:10:11.800000", "created": "2026-04-24T08:09:51.488000", "tags": [ "pdfkit", "cve202225765", "exploit script", "github", "unicordev", "cves", "xml external", "entity", "pdfs", "knowledge base", "python", "mozilla", "virustotal", "cisa", "apple", "microsoft", "pdfkit ruby", "remote code", "execution", "urls", "malware", "raid", "caddywiper", "wipes", "cve202543529", "webkit", "february", "cve202620643", "bypass", "march", "webkit bug", "command", "control", "levelblue", "open threat" ], "references": [ "https://otx.alienvault.com/indicator/ip/198.49.23.145#:~:text=CIDR:%206%20%7C%20CVE:%20107,infrastructure%20into%20global%20botnet%20clusters." ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Wipes", "display_name": "Wipes", "target": null } ], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1084, "FileHash-SHA1": 874, "FileHash-SHA256": 3052, "CVE": 36, "domain": 437, "hostname": 1086, "URL": 1411, "CIDR": 15, "email": 13 }, "indicator_count": 8008, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "3 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ede4900c0c36d508b00892", "name": "VirusTotal report for index.html tlp:green", "description": "[The following is the full text of the following:..woff2/akamai/clientlib-brand-base/resources/InstrumentSans-Variable-Latin-Italic] pdfkit[.net] = trans ip. Otx kept having server errors when trying to upload more comprehensive reports on this. Interference not by otx, suspect.", "modified": "2026-05-26T10:06:50.708000", "created": "2026-04-26T10:10:24.165000", "tags": [ "html internet", "html document", "unicode text", "utf8 text", "ascii text", "language", "https", "mitre attack", "network info", "processes extra", "transip", "performs dns", "t1055 process", "layer protocol", "overview", "overview zenbox", "title", "next", "meta", "link", "path", "doctype html", "ieedge", "bezet", "head", "body", "get url", "ip reputation", "divi child", "site kit", "google", "truetype", "woff", "user", "agent", "style", "original", "unknown", "has permission", "tls version", "file type", "loads", "urls", "persistence", "cloud", "malicious", "found", "dropped info", "zenbox android", "verdict" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196678&Signature=HzcyQV1X4%2BZuxALwV5MKabxavBVI2pXXV%2BqZ%2FxjbZGEzJLq3HvfBlhoJvnPO72cTsUYIRIF8xWwC5jRcagGjKfbaLJN2X5M8YJLFvzNW8EUuKXbP4HlPUyWW4vdbPPfTDk7AH9O3Mc%2Bsqm0rUu1TTZ5W30gnKw%2B8w129EjLK4TTXdxBhsVZflHp65tluC8NtT6PKr40eTUW79dRIU4EmpzQYixwP5kHPdWny4lMV2tyDCM4BVbj5jGGjOMlG", "https://vtbehaviour.commondatastorage.googleapis.com/117a61ad457cb776ca2e337cc04dce86510931b1e311b02e709a5e6c486333c4_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777196704&Signature=oj%2BDJfu%2FPrkzTQYzv%2BNGIb7bMBOERBArPqSmhPICbJXukp7MyQm%2FhSDqT3TSgCuwYbRMqjTmAdHa9EBQ%2FCjlr3PdRe5jLJ3yEljzhIZMVkux2h7EGR9NvtyGFd0b4G6DcOYfzDyXI7IIUvEDVqDTPa2biRIlSwUKAXKvFLQvemNBTNwAt6ZWjRPcsjpgkPpPBVYA6mGR50QOtob74rarfPZno74N59OZkm5XoVm7mwuzGXDl189f", "https://vtbehaviour.commondatastorage.googleapis.com/45a190c2f2471d465eadce7b529473c1092e0b0fa4a8bd5066f2f0dadd021517_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777197660&Signature=ZeKi%2BRgUGuBZD7C84XN%2BMrK%2FhjGTkk9wZi%2B8oRGqD%2FMkt4j53TX2%2FNO2D5kv3PFADqhPUkUWatmRPNgFj3%2Fxgz2H%2B1MaxZeG4uZ7yDAjWSgY1bcI2k5Z4SWMDc8FAivGl7%2FYutQiu%2FIWCMxbxTnk4yJQiQtuOgqwVTZybq4ROhIA52sWpFV9sAHWnPeTZJIPWahZpZz3LH5ByhNbVb8fHKqxFmoQAswKLvlgjAcNSh", "https://vtbehaviour.commondatastorage.googleapis.com/00000d3cb583c86b8fd89bcd270cf1a9c1974f23518caf52a9d55ba482afc255_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198022&Signature=X%2FtJADqZ8hUIDWnAnxXSy836h8XaVn9hIB%2FoJc%2BMiH70BQaiUPucRhxoQpLz8ff%2BU7i4DwbrecytnCCLiVA1QuLWxTYL9hBhT8xX%2F3h564r8jpG8kTHcyZTD%2F1w9THtZhgtgccYteH8vuC1RaaNpHpj8RESbs6TdENGlhzHELvXxYplQuBznpKau1ZeLiNJFngKuEOT%2FkcHjzOM%2B%2BUZzAovTwc6PDZOk4C4qBT7YdZ", "https://vtbehaviour.commondatastorage.googleapis.com/000011b9276d67cb6c737226e1572ad5396d96a7ce2a6512c6c5774371332730_Zenbox%20android.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1777198160&Signature=ErZReZYXc0zl2849KmoGwJGof9NjsCg2iX3sqgLWs2FU4WBoLpZAVnFi6g7Z3BFda%2FDPKxZ7%2FHG%2BlEU2VB7ctD7pXcNfD%2F3nEPZC54sles9Cycinws6vWWfHnYmSpwKF4DtTjjbL%2F7bwIb%2FOrT%2BeKzVvt7gGL%2ByHJpWrAgr4UtNSHKVmHLIIgRH%2FfDOtlS410ed%2Bal8ukGl9ZSeDQjYg0A0KKxdNkAtcJPN4fLcl" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1409", "name": "Access Stored Application Data", "display_name": "T1409 - Access Stored Application Data" }, { "id": "T1418", "name": "Application Discovery", "display_name": "T1418 - Application Discovery" }, { "id": "T1421", "name": "System Network Connections Discovery", "display_name": "T1421 - System Network Connections Discovery" }, { "id": "T1422", "name": "System Network Configuration Discovery", "display_name": "T1422 - System Network Configuration Discovery" }, { "id": "T1424", "name": "Process Discovery", "display_name": "T1424 - Process Discovery" }, { "id": "T1426", "name": "System Information Discovery", "display_name": "T1426 - System Information Discovery" }, { "id": "T1430", "name": "Location Tracking", "display_name": "T1430 - Location Tracking" }, { "id": "T1406", "name": "Obfuscated Files or Information", "display_name": "T1406 - Obfuscated Files or Information" }, { "id": "T1429", "name": "Capture Audio", "display_name": "T1429 - Capture Audio" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 554, "FileHash-MD5": 53, "FileHash-SHA1": 4, "URL": 561, "hostname": 275, "domain": 114 }, "indicator_count": 1561, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ca434ee788ab3d090e6013", "name": "PDFKIT.NET - Trust Bypass Continued Concerns", "description": "A complete list of key facts and statistics:..3-magnitude-based data-sharing platform, which was first created in 2003, has been published by the University of Oxford.<-- Pretext. Msudosos: Ongoing concerns persist regarding the use of the pdfkit.net library in specific DMV versions, which may allow for trust bypass across multiple platforms. Research indicates that isolating affected areas or voiding certificates will not remediate this issue, as the corrupted trusted root persists even after firmware-level restores.", "modified": "2026-05-16T07:23:42.485000", "created": "2026-03-30T09:33:02.363000", "tags": [ "fcc", "trust bypass", "pi", "hollow-root", "pdfkit.net", "cryptographically-invalid", "Docusign as an exploit", "gov / infra / healthcare / mun", "education", "US", "globalsign2020", "noend--point.", "null" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Netherlands", "Italy", "United States of America" ], "malware_families": [ { "id": "Stefan", "display_name": "Stefan", "target": null } ], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [ "Telecommunications", "Education", "Government" ], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 156, "domain": 49, "email": 4, "hostname": 227, "FileHash-SHA1": 230, "FileHash-SHA256": 323, "FileHash-MD5": 321, "CVE": 6, "IPv4": 118 }, "indicator_count": 1434, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d5f37d3917861c6b99884b", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-16T07:01:32.826000", "created": "2026-04-08T06:19:41.886000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 94, "FileHash-SHA1": 70, "FileHash-SHA256": 294, "domain": 50, "hostname": 410, "URL": 281, "CIDR": 1, "email": 3, "IPv4": 2 }, "indicator_count": 1205, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bf6063da146ed025a8890f", "name": "Double Umbrella Wixc2 Followup Iocs", "description": "The full text of the report on GoDaddy.com, which was published on 1 January 2017, is published online by the Internet Service Authority (icann) and will not be displayed on its website.>>><<<< pretext i didnt write - refer to my double umbrella post for big IP data", "modified": "2026-05-16T07:01:20.093000", "created": "2026-03-22T03:22:11.640000", "tags": [ "script urls", "present jun", "present jul", "a domains", "status", "present aug", "date", "united", "present feb", "meta", "title", "encrypt" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 298, "FileHash-SHA1": 280, "FileHash-SHA256": 336, "URL": 327, "domain": 548, "email": 8, "hostname": 136 }, "indicator_count": 1933, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "15 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d5f37c65fbf136884dae98", "name": "CAPE Sandbox RIP.exe BLOODBANK.exe", "description": "A Cuckoo executable, for MS Windows, runs at 12:12:57 on the morning of 11 November, 2024, and ends in an unauthorised binary that ends up in a box full of data.- rip.exe tied to a gov domain is a treat.", "modified": "2026-05-08T06:44:52.553000", "created": "2026-04-08T06:19:40.539000", "tags": [ "shell folders", "cname", "ip address", "nothing", "registry keys", "cape sandbox", "file type", "file size", "sha256", "mwdb", "accept", "shutdown", "windows sandbox", "calls process", "nethandle", "net1510000", "fastly", "skyca3", "po box", "city", "san francisco", "stateprov", "postalcode", "orgtechhandle", "orgnochandle", "orgid", "orgabuseref", "orgname", "cidr", "text process", "user", "default", "xport", "use my", "gmt ifnonematch", "microsoft excel", "pe file", "https", "contains", "spawns", "reads", "aslr", "seterrormode", "window", "malicious", "next", "csv text", "ascii text", "process", "queries memory", "network info", "dropped info", "persistence", "javascript", "please", "strong", "toggle", "mitre att", "advapi32", "windows", "dynamicloader", "sspicli", "name", "pid parent", "first", "threads", "path", "pegasus", "crypt32", "virustotal", "enterprise", "service", "close", "performs dns", "urls", "found", "united", "jpeg image", "jfif", "json", "tls version", "mitre attack", "creates", "phishing", "clear filters", "thumbprint", "temp", "full path", "windir", "behavior", "selfdeleting", "bat file", "address", "port", "report", "system process", "downloads", "binary", "hxojc8o", "signatures", "success", "regopenkeyexw", "regopenkeyexa", "hkeycurrentuser", "hkeyclassesroot", "createfilew", "regcreatekeyexw", "regsetvalueexw", "genericread", "readfile", "desktop", "webview", "fail" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626394&Signature=mjMxHo8L7UrEZ%2B0mpGMaevi%2Fnyxg566NrZjoVPOa6T3Cbyv9SjUxWf%2BLTZqUG6wgBgPDMrC9WYvpluFNlA3a8CmS9FgO5Wk4ihVivuBtOPhisX8aQoky6AhLHqi%2FTU6pVryey1kfBt6MlRl0gEZ6OJtKADUb2hPUfxXN0b6zIDrBlBpDlzmi73JWdo%2BTl7HWhJzFk%2FDQy3DniCvgLRSPVSK0WPg%2BpvgzruUYB%2F5pkH20cP", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626418&Signature=TwvqChaO8lqc0vzwz%2BZ7W7IIwZZZt6%2FhJ4DzgyGjlwl%2Bev3Aj3iyAMtUxNhwGhTz10UGTbYuZcmLUPKLpQ81mgT%2B8axs57DfzVt1BoJTH5lWYK%2BOI8LDJGXD8tZ8DGKuNa6dHqqdQ9gDvuEpnhGfMmpJovXa%2B0drHScs%2BE%2FQKF%2BRTqOXjfSVxMdoqYnlB3zMc6AU2CYPv%2FE1mP06q5yCaRjgA0aIcnf7ADr9", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626474&Signature=kfjlpWuwZbaZbbP6fMcuay73HaFSKrqF520LJELy0GSL34yjKdsQSvLU8g4sBtj69rWQb6rJwENSsxoLQizFVcBSn04iqFQqS6VlgbQsMMJd57JpVb9gcQPuRc5iP37IN5crnnQjwWgIDQAxcMFVgX8L2SW2Eji5xGKVeIoJ6MJFYKxoyfiZD3779nqt8YvoaK1E4DWe5%2F9TzZWks0%2BaP5dwYHpoPnvYsj4k0X61JFQChNE5cZcNNbUH8i", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775626915&Signature=A8EIjrcllVER4J%2FPzV2FRPV1NC%2FPha6J1APjMga6WlTRSe%2By092MDDTg4tF9ILYLxQtuQgmgwx93nasQfll6ffrd12FvlAsin2zj4vtdTT4AcIXmxJcKO0d%2FoLnozrBzi1R36TlEknCbXkqQPX%2BdvF%2BwroU1F61f6IOtIfgIK2uxK0KIG5I41N7fQcNOUNIwHoCvfAlSb2OqY1V4ESvWxMJ4MjdBn%2F%2B%2FUAOfpOh%2B7c", "https://vtbehaviour.commondatastorage.googleapis.com/1d4dd113c9924d71398d9db20e2fcf347cad29c3d3bdc9612a44dfd47c1971aa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627160&Signature=K5%2FGwGNRKy0XCvva8zcyKHnsarNPNRQXXQI%2FV%2B1Susn9nmU9j%2Fm1SKT0f3LpBrVV5dyaLLy%2FYMPBmGKun3XY4WEmEl0KQkg17reIGCcLSeFbgDwpUm2DyN3ENt5d%2BkePCG6FvM5jUx7Cpf1ZTyw0PYePphEx1shaRArarvvSWz1kosuQhe%2BZ8tBYqt1c35e7%2BjQrwmLeZ489ungWsKJvhuXHetKJVJVEhY%2FLb3%2FBgTDodLwx3l", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627259&Signature=LB8UpSFAWpkptxq2TpSlVUjgaYsD8ZVxTie7HZDfh0FJ9h5o0dlAfn3fQ2KoL66TnUg2S0MIsEXMxl5O%2BL%2FFPweNRNyFyFK8M4aHPEHTZZlcAopz6ofdP7b0rYACYLl%2BH51rdDSCCDGVFB2AxZXaz54b748ZJBd0lCSxvueW2MVVLJcFl5w4hcNIIwnXuHCQD02rsYzffmjBIO6CC1hPulQwohf%2FTZKDK5iuOAhPoVWWswdroV2A7M6M6PUg9g", "https://vtbehaviour.commondatastorage.googleapis.com/1d5f970b7378625145832550f06d4eb5543258aee214e4d72172e4018c2d88a3_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627300&Signature=ZqM8a%2BUX0F1D8t51nlp1%2BcYFN0ozRLI92p85KFn1f3Aey19YDGw%2BAAEbxD1JMvi%2BsMRGGfYTPACg4h9DM0VFKT8yq4FOOqED%2FO17EAyZrz6YSyQcMMnozviy%2B%2FdpS0Sqd8sas9FdpgcUAS%2FzEEcqa%2FsQVtkpv2rp9BZLKqvbpquNXBlA9rnKzvbtNwEP7meNDc%2FXDspVqf%2Frb9bWY8uHq7hJl6pMWknVtV", "https://vtbehaviour.commondatastorage.googleapis.com/faa6f8935bf337bb6f98bfe73e3b74f6e785da6929775e6bacbbd20d90ecf2c3_SNDBOX.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627494&Signature=lBb52t94Lck4SSu4FORagQFNGojj5%2Bi7JRPlb68HqacyPusyn33LTlV%2F72P5M52r2EZ8ylUROPiRnCRBg0ry%2B2D1ctl1uWtP%2F1HDdBpnbxxUtkcM97MGzmUbIfTSOAsXsbB3f4Y6ZOIM%2BLYzCo%2BxwRmun4K%2Bo8K3mYHMatcF3mBtKcBPnP7WM5%2FHTz3XqJGMH9TCDIfe7j%2F3SAnx7X0tt0BgUcwPe4OkmHkUutihMBfek2MBp%2B", "https://vtbehaviour.commondatastorage.googleapis.com/0526bc88565de11e5c67b8e01590ba1184e3c6130fc1ced3d1ecacb00c51a7fa_Yomi%20Hunter.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627608&Signature=nc6gUdC0NeDtHUOIT6P0pC0i9EKDBHTO%2BMbcwHvgjPzFPqDFGMq%2Fei9aUhg8ub9H4poa985bQO4xz1xEEOmGhEihgwKvDZ5u0QETkzbQJLxzzm5g9t%2Fx4iBeBHToQjDXdMrSu0ML%2FYBep0l%2F%2BkYortodmtnjHYhAEYOOLSZn4gSAWaPoq5vxXF9gtsRojKf9RIk5VuzDXFGY6BGsDKn2tch7nTJ3SmYKodEv4iWyVn4jp5g%2B4", "https://vtbehaviour.commondatastorage.googleapis.com/0c5a10f10eb29b8251a5dfe15fa74f7e25c281b4f9be7c87839a9ae3d34dfe6d_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775627783&Signature=FHIZFXnHZsAaWvZbG2O1vXTFfRz6BqTP8ikzyyXMpZ4VG6WEVnK3yHhhrnLfoLQqUCUgXvWOb1ThHRM6WXJGEx4jLnKM%2Fp6YkHmVEj1nFXBd%2BQ0IPGVwZRJfZcttoBFwmLwJ%2BTXEzUvqX%2FTXDGgeIKFac4IFl%2FGXPEmxi43CSXwZsWuD5CLfaHxEu65DvnuniHqPovnhBOp%2B2rEM2jSLgHuouV%2B9LiZwjgsSXeUVh1BFN5XrPPojB0Lk", "https://vtbehaviour.commondatastorage.googleapis.com/644031a68bde879af85bcc9cb3e6fa1e9a6b0f61d49307581974b5dbc09d3de8_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628069&Signature=Tqx0WDIqoieH9yCo18tkPUdcYvTU0l0vEGnEzncxScNgePm2%2Bm5dMzcVkPb2dN4j43pL0c6xFpyqUmgcAaV4yJd1bWnukU%2FSoTPxrfzwEEPlXeMoapx9eeELYqF6WZWyor0m%2F4qv%2FuaYFkLWO2D8iOkqIiaNQBvu6nVuNBM3I%2FkrnXhWRxt3C8KQlAF%2Fo3ft05L0QBoJH6mQquOx2C777xrO6tjr31CGKjIMIAih66ud8Oskb57I%2B6zt", "https://vtbehaviour.commondatastorage.googleapis.com/aa2691bc8ec9abf5359396a356551d1e2de12c9c5035c259650650ced6607c6f_VirusTotal%20R2DBox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628175&Signature=C%2Bm0zPP%2FHfqcIuof%2F2O%2F0UbWPaY37tDrVB%2FZMr2M9H%2BjPTiynLMHNyn5vNT97ndboi7U21mT93t30I4UMIqdICdXtc%2BlGG7rYgE2ruFbI6U%2BBxHCmlKEUYh1FZY%2BPsskjCqojS2K4I1w%2BfsLyUwkpsGHzh92WF%2B5h5FbNY5PySi2Fd3B4ns1okQyrU6i%2F0PdPGs%2BjnHvLfdB%2Bx%2FOjTJPOcKqkwk", "https://vtbehaviour.commondatastorage.googleapis.com/6c375dc240faf5cde2a8eafd44351309edfa18c7e11ea52c2437701584ec2579_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628363&Signature=dlMT8ox9JTkziQZLJ6FL%2BRBc%2Fz%2BeAIvgi4qr%2FO3pMT9vAKLgbGFgQum2bJ74s07XpftMHPBj1fCgNY5xK7EIouHXhmpyiD%2B5zsfcKaNckOkNoIo6A9%2FfM6g42hN5djOg3pDclOqwj0ECuBWrtZXqZcrc5nv%2BU51qwqs6AAkIaiZWOX341r7RHPc49dpGRK0DG1XQDRGxacXm5erHEQmAAO8I8yR%2FzKT%2BZ6EJK6xC99uC", "https://vtbehaviour.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a_Dr.Web%20vxCube.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775628967&Signature=cw9IN04sKdFEDdQTLeqNWDt35Spbg0yI2vZFSrsk%2FJ6%2BD%2BRC5pt7QZKTQlutBh8zpYG9b4%2F7TjCFxf5jo1s6uYpiVA8s%2F5c5ZVy2Ia387UGrip6kYJ9s2cfp%2BgQ1o2RHEQRhukeRqR6uQpb87IVhWb1VjeABoOqT%2Buy%2BeXUckwOcInk8tcs9wCI1xhRe3raMJ1EC1gIdXCGzMqLU%2F874cclP6LWAUiQ08FPQe8VZtob", "https://vtbehaviour.commondatastorage.googleapis.com/012f268838dbc4f0877ea47f272bcd5acdc15ac4584c3d3cddeae2f5107d09de_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629156&Signature=qIGYvmHwkDg5a1aWpPn%2FCFierOaHWS9Gyvi4Owjd4sJ7YytEl%2F5qxIIpo84v%2F7J%2BvxGYG9PrPDBHbH5jiJc2VOMkKroiRdzapAh%2FFwXVnVhn%2FCJ1eu6xMH2KJ6bs578zBbSbt6QJ2KPBU2E7RJQ5o%2FxLV93YjttPgspSTvjqiC1vCSwx78AdV7nt4xmxTCpqZB3OJuH%2ByROH7tWED9Qzq%2BVgwf7AmK9UrFuIKnmo07prAMKfo1k1", "https://vtcuckoo.commondatastorage.googleapis.com/000001ea2ae617d6de171f648d2683ff43b52cc01bc077f131cfd1be7549704a?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775629192&Signature=gnfHVeS3e3cryOoChL6czgBUI9mEJwFk8OZ22bAN4U7V1r1yCjBq7i3y7Sarv1O34zp2Yabguk5BQI4cgnZ64Dj1uLdrx9dUaYo%2FzBoITjzCiJ7djJCvB0alIiIw%2Bok%2BqRGGtIFbrfS61QNeDiXmFpeD1d%2F1lGe8ZoBd0nLLqtP5xdbRALcJbrvbCeln9nFuu199svtMraGxafiWFWiEC4GRx1BmdMZYVqC%2B%2FukhirOXs7MyPd6i1%2FsSjSWfGa8ss4pgIMD" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 164, "FileHash-SHA1": 161, "FileHash-SHA256": 463, "domain": 56, "hostname": 396, "URL": 456, "CIDR": 1, "email": 7 }, "indicator_count": 1704, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc0f45c9945c939e6406f2", "name": "The dates are odd lately, so Im going back in history.", "description": "[ at the key vulnerabilities in Fortinet FortiOS 6.0.7 and FortiProxy 2.2.3.4.9.. and the full list of vulnerabilities]\nCVE 2018 and its associated current malware dating mostly 2020-2024", "modified": "2026-05-07T05:26:18.669000", "created": "2026-05-07T04:04:21.095000", "tags": [ "targeted", "legal", "epss", "impact", "scan endpoints", "all msudosos", "pulse pulses", "files", "exploits", "cve overview", "media", "defense", "energy", "authentication" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 8, "FileHash-SHA1": 7, "FileHash-SHA256": 13, "domain": 10, "URL": 64, "hostname": 23 }, "indicator_count": 126, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f97a905451e3304319988b", "name": ".may 4 clone own on may 5", "description": "", "modified": "2026-05-07T02:57:38.229000", "created": "2026-05-05T05:05:20.493000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "69f7fa1a282840a6e0aa370c", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3143, "hostname": 2037, "IPv4": 186, "URL": 3288, "CIDR": 12, "email": 43, "domain": 1645, "URI": 1, "SSLCertFingerprint": 18, "CVE": 1 }, "indicator_count": 11083, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "24 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f7fa1a282840a6e0aa370c", "name": "May the 4th be with... every destructed file that never died", "description": "[undreds of thousands of people have been signing a petition calling for the removal of the president, Barack Obama, from the White House and the UK's prime minister, Theresa May, to be remove] The wording here. Its also May3rd not May 4th.", "modified": "2026-05-05T05:04:02.911000", "created": "2026-05-04T01:44:57.811000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 341, "FileHash-SHA1": 368, "FileHash-SHA256": 3142, "hostname": 1890, "IPv4": 162, "URL": 3241, "CIDR": 12, "email": 37, "domain": 1616, "URI": 1, "SSLCertFingerprint": 18 }, "indicator_count": 10828, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "26 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f53a2d55fd1ee070d57d25", "name": "Coordinated Vulnerability Disclosure \u2014 trustpilot.com", "description": "Per https://saviourr.org/uam-1.json \u2014 verify at https://saviourr.org/.well-known/security.txt", "modified": "2026-05-01T23:41:33.930000", "created": "2026-05-01T23:41:33.930000", "tags": [ "cvd", "iso-29147", "rfc-9116" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "MST478293", "id": "402211", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1 }, "indicator_count": 1, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "trustpilot.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "trustpilot.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780250208.5369606 }