{ "type": "Domain", "indicator": "xmlsoft.org", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/xmlsoft.org", "alexa": "http://www.alexa.com/siteinfo/xmlsoft.org", "indicator": "xmlsoft.org", "type": "domain", "type_title": "Domain", "validation": [ { "source": "majestic", "message": "Whitelisted domain xmlsoft.org", "name": "Whitelisted domain" } ], "base_indicator": { "id": 4294611760, "indicator": "xmlsoft.org", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 8, "pulses": [ { "id": "69f3dd29978345cc0033cdec", "name": "CAPE Sandbox - powershell unsigned trust bypass affects arpa and msedge update", "description": "File is not signed-Microsoft Corporation. All rights reserved.\nProduct\nMicrosoft\u00ae Windows\u00ae Operating System\nDescription\nWindows PowerShell\nOriginal Name\nPowerShell.EXE\nInternal Name\nPOWERSHELL\nFile Version\n10.0.19041.546 (WinBuild.160101.0800)\nrefer to belasco chain or broken seal\nclient does not have windows", "modified": "2026-05-31T01:02:14", "created": "2026-04-30T22:52:25.691000", "tags": [ "31community", "35business", "cid1", "youtube https", "cohasset", "meta tags", "home category0", "home themecolor", "script tags" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 718, "FileHash-SHA1": 428, "FileHash-SHA256": 1579, "URL": 720, "hostname": 612, "domain": 210, "email": 4 }, "indicator_count": 4271, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13d458f27a51876d7949f5", "name": "NOW BOARDING: DARK-ZERO Sheep Tracker * CAPE Sandbox", "description": "Modern threat intelligence requires moving from passive observation to active intervention. In the context of targeted tracking implants, defending civil rights means engineering systems that protect user autonomy against unauthorized data extraction. Architectural Protections:\n0-Trust Telemetry: Designing operating systems where the user owns the cryptographic root of trust.\nHardware-Enforced Isolation: Utilizing Secure Enclaves to process cryptographic keys outside the reach of a compromised kernel.\nExploit Mitigation: Implementing advanced PAC+ Memory Tagging Extensions (MTE) to stop zero-day memory corruption bugs. The holiday serves as a reminder for SOCs to uphold high ethical standards, ensuring defensive tools are never repurposed for unauthorized surveillance. Respect to all.", "modified": "2026-05-27T17:19:19.635000", "created": "2026-05-25T04:47:20.503000", "tags": [ "win32 exe", "mozilla firefox", "zip adobe", "photoshop cc", "rar adobe", "air sdk", "adobe air", "lassa2", "default", "shell folders", "inprocserver32", "parent pid", "full path", "command line", "cname", "folders", "file size", "mwdb", "accept", "shutdown", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "file type", "json", "ascii", "utf8", "sqlite version", "found", "pe file", "intel", "pe32", "ms windows", "installer", "defense evasion", "window", "title", "template", "next", "united", "performs dns", "grabber honest", "layer protocol", "attack network", "info processes", "extra info", "zenbox macos", "verdict", "guest system", "ascii text", "sigma", "creates", "t1055 process", "info dropped", "malicious", "p2404", "p11718783889", "p4de83ek69hqsh4", "p11718784848", "bazaar", "sha3384", "ssdeep", "checker", "themida", "guard", "property", "adobe device", "property name", "productname", "displayname", "destination", "root", "totalsize", "langpack", "swedish", "win32", "windows sandbox", "calls clear", "sha256", "sha1", "crc32", "size", "flash", "june", "drops pe", "crlf line", "sample", "persistence", "win64", "hook", "instructor", "kids goldadobe", "errstr", "cultureneutral", "license", "error", "code", "service", "vmprotect", "february", "back", "number", "mitre attack", "network info", "processes extra", "fri dec", "database", "initial access", "program", "overview", "overview zenbox", "ultimate file", "info file", "Nullworld", "value", "value lang", "buildinfo", "productinfo", "addremoveinfo", "displayversion", "screnshots", "United", "Swedishvpncarrierenrollment", "calls process", "writes", "png image", "rgba", "guloader", "fraud", "phishing", "install", "pdapp", "urihandler", "us tcp", "product install", "gamma", "updater", "Now boarding", "DarkZero", "Sheep Tracker" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681399&Signature=o4EIDa%2Bu5q7UzJoKBZ3SHIdTRWKGT7HIZyLxFZSLdRJV2Ng655y2X8OLnU2siFeopgWPI6Gd8nE9F9LFBFgwM%2F0ZN0FWsDls8m78y46TmhjHhykfch6G%2Buw3LPxmfbz999yBfELXQDUCNWIiGUPv%2B23aUdHnc0c5jI4Mvlz2HGA%2BHlIMjc1w1S%2BWm%2FI6ftHJdyIAh0SqMbPXqAy%2BIonExlGkoEmMBCJl3r3pfMcYzy4ai0", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681421&Signature=oUYsIo6y2ldihmETch4oPYw5nb4sHZhKRik2zGuv2h9rqu30GcV1xZHlIO9ttFa625EXOlrrILZtAhfM%2FamkTDjXZUTqn2%2BTKmgnxqOOfJU6KrJHPLE9Do7l7MEaPxX4cs8z8tWd0%2FY8sBv8sjGAIdWrT5OPv202LNN%2FiVe6mEIUMkmNr%2BG1S3Pgs6LRTjo%2BgqhEcNXT0MFUgs3I2e4AQ0TQ4FOs%2BVRY", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681469&Signature=VGjB%2F%2BCQwDtsenSFWX7YNKbe9s%2Fgcpg%2FotVlxRZ6FXuE9VXITP76QQq6L2vlSM7pfQHSnBv%2BUdwMtN3QhCxjF7Zv2PV%2FkWLnwwA3hJciWMAKiLSeKTanNshzLWnmBjN04FASFwNf6kAq4PcunHkHh2PSOGl03eem41DHA6YOIRAjI1C6hAdDvKoAqJJXuGKM%2F5Z5vzfeTaXNgCRutOhVDB4%2FcAcV9zZaRcX9Ii0IFRAZo%2Bzk7rvI", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681490&Signature=bIUDLY2jLaPa0t0OyOiuRlKjk8VM9IFdVTwzJhuTKfuV%2BhwtwcYghSy4186P0qsGEebShI2xNNVBPSd3uQdeXMuYRDJWcyo18c12pLwgcLgaBot06%2Bfys%2BlGp%2FV%2FSCDBvdo3iLaAOesoSo8vbCLNsWAzGM5sztLl%2Beyq9%2F1oSuAvU692EiARhcufOCMFqXCn6MNuSp18gSQwkFRBadsMvHSjfHW645FvLUfiP5Egu1WuMVP2", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681535&Signature=K%2BM%2FPuLQI5kqDYLWjQMD%2BgPbchxwp2sWPPUtfDZYFn5H9w%2BqFPRxh7iZqH4FOPAnwlC0%2BN5TKTqrEuhABL3gWMqHySyweiNPNkJ1MlX29xZdE482pqQSn8rzkPs7CZD63ts4ZRPrK%2Bl06RV13mZf4TUzAD9Sx0m6%2FWhetQETuu6StpVmyzhie%2Fn%2FUdsdFN0SW%2BtLpQE74IVNfszCgKVhF9oNeBiifytanSbIG0SnLff9sXffjS", "https://vtbehaviour.commondatastorage.googleapis.com/087975d5f3c874a6fe9cbfe9d7ee77fb0af138e3c36a6f75e3d000699afc571d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681569&Signature=C286Cg30s1QDg1lkY0jtTLfia8Fs4B%2FdqNMfidFUYXpd2si4N25G7RBqy8LODkWqBQca8rpYyZ7FIYHuRDc0wBLk%2B1rPiEXJckZIdmkyhDkFJ2jrxfNV135BZTTeF6DkLrRfWPgnxciVK%2FJrkueYnjlYhYW08OZkTu9plzgmfR2IocW5ENVaqHbcPAdm2QDCC6VVrNQp%2FP%2FjV6%2Fkm37tinRyXhg1vKSf0TVFMzL1jpYkiS5PIc", "https://vtbehaviour.commondatastorage.googleapis.com/07f5960476ab34754f3e04143caf2d4899cb09e6b271bfd27ef1f1c8977ca050_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681591&Signature=uoP10og17YxXUe0yZ8kll3N15RJJ%2Bf5pJFzW0MUe4fdvXaLlcOfCxs%2B6EyW23FSqTj%2FbNedtUC6z7Y0dgMPBtJC%2F9gOhXEZj5%2BKKwnQbCBe7GuFtEsVMMkQRdiDQxJYZipAId1MwoBChhx%2BSr%2FrboVkDq%2F%2FbNLvWS6keRMn4fa8GX%2BF0lIJepJ98sjwXs48DXBch8974olbyd38VGGp1bLMl7mycstrQ2hIy2MFXWD", "https://vtbehaviour.commondatastorage.googleapis.com/0da371854ec2c04bbee9680dbdabb67a4e4a84add40e5e1877425790f2dfef02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682005&Signature=SyLSFT5xdlAZ5lwNyaeDpqsMTuwGywWruel4fBOIdsyiZ%2FvtOZYr7f%2B%2BIuBmqFMAwMI4L7kB6jRtv8mVn8lmU5MUJBAG6GJdVsEp2SoexU5Yl2kTksey03ZsjBloxlJqDzf8PULDlwjfD1Ydv%2B5QFPoY3%2Fk8TKMlmmpTIw7%2FYcR24%2FHYHw78XVF2cV%2Bnb3GoDaHw%2FnpxLrDwgfZP9dWvP8V264o5l2dDfxQtF0", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682086&Signature=yzXoWEcsMl9wlTGgMQfBKEZWwnDzmua%2FR2suwDMBSqPLhunpHELcj0SzY3czM%2F9HQG9QuvYzhQRVUxR1iDaFz1BQ4YHkXJih3zm%2BcNlDcfXsOZzyYzWUhaPsbSti%2FWbFoL4E14bnS7tIuG9s9R96LkGyGpWIsT%2BPeCNhsCzD7vFRU0cPMr6vNblu%2BBiO3Ki99QSrkF4hzBxkQ7DFgba3qi7kOfal%2F2K8hC1ikcZntmn5IESW", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682105&Signature=DkIw2nRg0%2BHKmd2TpyMzcgrB%2F4s6sIVIpOEEVMqz3Csoj6PPmSGNer%2Bt5X5oYKPZQgJETAHcCRs0mh3Lfa85XEPdYk6PjMimJmKQdBstqdULgs6q7wyZEjHDhQn41ri7eQ16g7pAo9ojfhLUNp4uW2xuYvdBwYhYBsZP3EO1BKz2f3dYxSg%2Bgsn2AnC2%2BDRTIX0Xxd%2Bt44%2BkXfiY32mvDHDNDCcuT5ZDFNrHwDp3HKuuJYy7lRHm8AlK", "https://vtbehaviour.commondatastorage.googleapis.com/1f1db73659fa2fe7a944d20bb4e9a867513a50ee9b51be89dfec30c73f6ed622_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682177&Signature=yjgeq7TPzf6M6Pn8mPFgBmhHQbfgGlaadZNsSsDUKq0Da4%2Bb25WhNl6nDIyUDmRBtABod6Itj2EUlbe%2B4U0QYLuJR00aQqsO%2F9pXU4AWeIFUEZhCrwgZ5WuNPpYbdVbOYcVX6oyDXpSjv1QEGmJ1NVVr%2F1esshl3tugyHxp6LFYa9%2BQeoiqsBikKLglNB52vsap%2BkwVPKyXg%2FjduMqTQd%2FhNMM41261XiBOTtUqjpzIm67", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682206&Signature=iCbR7BcpXhfqHIoxTRE%2BvhCqRoHYALCXll0hXveh8IQOJPjxw%2BlLNas6nIvp035t6sdMg9KdOY751XfThil%2FE2mLrvir%2FwKjheK2382r5bhEQFEsa6etlla3TDjlvttEFZDUN7SSLpGao8u7uVNwrPRb0BuwYDemKKVJK6DACPbUZEHk3DZ%2Bi8SxXIdELiXG%2Bozy7oC8Dcj0HqHGYuliXpjT1mV7OsCjFXvmjZPcFH06EzZS5L", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682251&Signature=z6Lrdrr5u6YZdzJaR%2B2Qab%2F%2FVA6%2FL6JaNA4%2BVxLe9wEjL%2B2ARzGBhQdq6RTX5ez3SDTWWmc%2BrOypKxxCsLeXUbjYRoIgcsSzYIxWQWoEl35tFARLVKf%2FVf%2B696U6PYQ%2F1BNWxSfuNOeUVNK2pIiMYCUjLnikvUyj9Ip3MrgKOaV9v9SShCLay93Y7b3GbAUZ2Jzy18PEYf%2FLuk4fDrqITmP2upsysOJq1MhZcJ%2", "https://vtbehaviour.commondatastorage.googleapis.com/105f31af20fdb87d442f81aad0c3a54030b7e214c4796cf2a069bae6aa89dc65_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682395&Signature=oVg82i1yTG%2BGfhoL5FyBdK%2BZKa6wi2iWMpwHyA77jBFtAOZxw%2Bs6z6So26GWDthH7UMEzwZwQC6ENF1TLBEqXukldXMdMg%2FvNylvy7vCdDKDsw53Ibc7vKnu5T0lNumnv%2FD5vnV14QZrzAE8PG3J0S0rtheY8mNCkM6t1w52XYYm5mfnGJXsnjyMEvgURuPhzOIq9%2B%2FG7XUWFK0vK%2BlzKmZU627%2FKYkT9EWHOI8Nyx%2FJUqad%2", "https://vtbehaviour.commondatastorage.googleapis.com/002150c786ae1e04ab2981bf5593d926987b60b9ac699f431ed4568084dd854b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682457&Signature=eWipoH1g7AQ8zq2pd%2BpyAKrKscAY%2FebCATbHE%2FMwdvIfIy%2F4i3OFy%2FKlfaNCXDLDU0OM6JaEF73FAqGhLEb8ZcxTuEfMeU%2F6WxjpgS2SqLZ0xOjAPgPWOOor3uCcdIEZRCcpJe%2BAzPY8jEZJ0aIf49RU85lkIx9yCiXcFnee1pNHHBFwpsBK4FNuTB%2FyDe61M5Htw4fjlf43GTnXFxj0%2Fjc%2Fe32Q7EpVkuSc0I%2F3zTrY0UkC", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682486&Signature=ucigAmI%2BTWYWnZuZjQb7cvSnhC1f6r93NM1kh5fCHjjcUodx6ltePV2QSdyXCnhrdH8ODLugh37CFZxsAmtiMMefuyuh6T8mtuxe7znGqLiJre5YFfSQLkzmz0Ksqekcg0sp1bUaKykXguy%2BKwv6Tg12CIM7xzaDB%2BGcjw6KkBLiD0A1sB6Z9gk9np%2FNtUBHdW7E0eBfvTWOK8F99R1lQdmQab2Vha55GLH6JRBksZ7AbBEdVS8DMtkaZCS9sV", "https://vtbehaviour.commondatastorage.googleapis.com/049c8db974d1830f931d605f6918184d8928c46c74f4152dfde3dc7bdffbf5d5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682585&Signature=z2IzO8oruo5%2BmP%2BuhsnAbNLmy7QRAemblZDUm1KEgUCliIqrtWVkruuMg2tcIokmH12yIvRumIVlk5OcGjVxI%2Bb%2B3Va9LgSnD%2Bwjbe5pAs%2BDuUGTY52XSe7V9xdcRN38UeNFYy2jTLa2KYspIZ0NzHMsL0BzU5pqOWw0bAShHYc9sNx0S7a%2BSD7PiY%2BDR%2Br%2BQll9wUT%2B4EjhHrYYmmdRCa6vbIyTLcHmdw4JzmHHsLy%2Bjf", "https://vtbehaviour.commondatastorage.googleapis.com/27086c4185aa32bbc6674267b947e3f6610554188ac694ce2dbc1191a9525339_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683188&Signature=o0pfi%2Bqzc6KRiLra5kzATI2ROhjWVPHqZ7tOokv%2B9i4HwxX3m%2BpcqtYKMIFJMVk1qNFDyYwnCDfkeiva50iZyrha2F3bacitBdmnSwCEQE5xMG73RGPjQAvPps3tKMm1MDH8Rzpy65y9bdKpTSCL9%2Bt2xAk4%2BXx13XPz2GlU%2BG8Q%2FSPkCW96%2BX6c5xzWpIH%2FlXn7%2Bgl2G9QMGbrbnwD%2FfR58%2FrXIeIEJ%2F9%2BNt2W3Fr", "https://vtbehaviour.commondatastorage.googleapis.com/2c7002510767deb9bbb0d2ee2d47be98828bf5b6e999d6cd882b1c1a1c908510_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683299&Signature=RMRBhdx9cTLEwBYgOaiBV4x03W8laZvNMUtTq68ykLCh0R5toTaD64MdSiBhgsNAZLaS8z9dPsGmVcfMC8U5sPrXXLzAt9CBPoJjT2jV40HyYrW58xs3wjf65936U00bQy9DGFrlU7xInrhEocKiXuD17i5A%2F7tdPgx74I6xY906Ua8hyOe3f5zVmaxE6zpNAonyZtoHtHmnuDLG71DTPwYyiKcGPff7glIXoNalw4ST3jQr3Ma%2Fv1Q3De", "https://vtbehaviour.commondatastorage.googleapis.com/2c98a3b3752939b7c2db76682607e3918dee0edd81998279cb4528cc6c67f715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683469&Signature=oE7hEU%2FccffwWPye7wmTWT154zCmhX2wBLLWErX6yptBjSn9YXSMLMohlpsjw%2BxO5VxqobuYkMh302JzsMTg4fXVD76S9F6aOL1vRPwZx8fTGOeMoKRTMO7B0xwvo2HQCra8ds7NMqXBpbNxN%2Bi7Ez6ZOyX%2FQUyixg1Ya1G7%2FkF8sEaT8z%2B4QHLhghEUdy4%2FMYbGVFzAKhSDW9Yg%2BcPfxQLt%2BViZ", "https://vtbehaviour.commondatastorage.googleapis.com/5f87d5cb5921df99f335e1a8f044db15187f88aea04ecc073b310a4b9649a5e1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683851&Signature=oDNiEuOved3Q5at8LARyePhpQE3%2FjmEYRIWg4Vzp0yzifSrnwMGaujbhYJWqc8BadzAh1AhmrfOaNLGJfe8IO2Izje4ofsfex0DAAfgHm5l1vDeQWFDfgypa9%2F8sHOOgBiUlbdSDYrVdZ2Z9f8MGr8OaswhQwykG5mL3UcUwRD4heOIda%2FFZGhfCLn%2B7ksTMcuD2%2BjT%2F7IuP8kYOTQ0ZqwnDZGNQwopAFpNNouIAx0LKAjPDIO", "https://vtbehaviour.commondatastorage.googleapis.com/5f9b9db4e9200b4576d6e8bc2888d6e7ab28a04e66083366bcde57915eed5078_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683897&Signature=A1uHov9N8mIMBn6lVPETST7i%2F%2F3lKCkTSifHpWYQ8lqnGw3%2FwBD1QhGr1tH%2BYzg4xJYZR1vHPxcGC2biWNZtPF89Sx8FKf%2F18O4PHYJb1n7YfdP24JbV%2BkekQpomFKe66pKsf0gWQQx1zTJDWvam9HuvVTyCV9h22TLG%2FmBDvK4SftnNssRv0EkzKP9dNqTfjJdMh0Y0rIEyQdNLLo%2BLsWQbrx2yxJo6kZD%2FJC", "https://vtbehaviour.commondatastorage.googleapis.com/727dc58bb6aaf24fd82f54a11560f26e38ee0ca6bb823ea70bad33fd7c9378ef_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683965&Signature=tYhGClprbVOZuxQF%2F%2BLWEx6LfO%2Fz4pigFaLvSPYRY%2Fqg92dL8%2BWlaAyT%2FJueBiXJFPkqBYoXk0DmZNj2UfqQiv4Jy9bhRG562tGCoadI7qFVHMBOyAmGj0uMVS%2FoyY00p8UkiUah%2BiG2lZaGt6eVnE1yrGqEIpnAnUxdyxti%2BDm0vFgP5Ust7yR%2F1SAtswsFyfntj2GSgBc5z1NbueSA2uSfZsxWtxmYAm9dk%2FrUPQ47Nb5Q", "https://vtbehaviour.commondatastorage.googleapis.com/7111bb197f77eecf518b22f7a6f269647abc17eda4aaed9ba50212462b9848ed_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684045&Signature=g5SPZe7A95%2FqyMCV3ihh6MGTnXRMjhKIGP6dBCJ3OB%2FCOBrSRTz%2BpnCcdIwsJk%2Fc74E6s1DRbKJn3SszGoP7h%2FNJwXl3BIBK6KeI0zYJeOibOT%2BeU9CnCcwY%2F3bx99X3LvHRwg0Fkdg%2BJoRI620jziRVAW%2FiC1wpzeMqmJNUOHn4NsTYiMD7H8cuBnRzAZQvK2lRO5asaddU11mHkkQ963f3YOOv", "https://vtbehaviour.commondatastorage.googleapis.com/8b10c7238761ba1c98b713c673c452437c4a56794ff0e3d657cff148056c9cf1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684153&Signature=MfmLhMZdg4gtuEoE1eB%2FroqyUo2QXTJ8L6oAmpYIvTmU8BmwS6hwF0opRe4GV3ox8yxCzd2O9fsm4T7dwrkSk8fJBlqrPHibaMNPNs4QpeMOraU4O6Au5EDLlJTtDwp43nz%2FK5tqLXzJpfqCvDEnQOghFLah5YCBj8qdFtGrKfHbvyMGL70BlhpaZsmAn3Jgu6zNXCQGqz3c%2BkATkQ3XNm%2F8FiNTOFzO5TUxHqPE3NUMFglmxAJhEo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2266, "IPv4": 326, "domain": 179, "hostname": 381, "FileHash-MD5": 811, "FileHash-SHA1": 835, "URL": 815, "email": 2 }, "indicator_count": 5615, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13d450d1c0f6a31e71cef1", "name": "NOW BOARDING: DARK-ZERO Sheep Tracker * CAPE Sandbox", "description": "Modern threat intelligence requires moving from passive observation to active intervention. In the context of targeted tracking implants, defending civil rights means engineering systems that protect user autonomy against unauthorized data extraction. Architectural Protections:\n0-Trust Telemetry: Designing operating systems where the user owns the cryptographic root of trust.\nHardware-Enforced Isolation: Utilizing Secure Enclaves to process cryptographic keys outside the reach of a compromised kernel.\nExploit Mitigation: Implementing advanced PAC+ Memory Tagging Extensions (MTE) to stop zero-day memory corruption bugs. The holiday serves as a reminder for SOCs to uphold high ethical standards, ensuring defensive tools are never repurposed for unauthorized surveillance. Respect to all.", "modified": "2026-05-27T16:31:09.918000", "created": "2026-05-25T04:47:12.640000", "tags": [ "win32 exe", "mozilla firefox", "zip adobe", "photoshop cc", "rar adobe", "air sdk", "adobe air", "lassa2", "default", "shell folders", "inprocserver32", "parent pid", "full path", "command line", "cname", "folders", "file size", "mwdb", "accept", "shutdown", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "file type", "json", "ascii", "utf8", "sqlite version", "found", "pe file", "intel", "pe32", "ms windows", "installer", "defense evasion", "window", "title", "template", "next", "united", "performs dns", "grabber honest", "layer protocol", "attack network", "info processes", "extra info", "zenbox macos", "verdict", "guest system", "ascii text", "sigma", "creates", "t1055 process", "info dropped", "malicious", "p2404", "p11718783889", "p4de83ek69hqsh4", "p11718784848", "bazaar", "sha3384", "ssdeep", "checker", "themida", "guard", "property", "adobe device", "property name", "productname", "displayname", "destination", "root", "totalsize", "langpack", "swedish", "win32", "windows sandbox", "calls clear", "sha256", "sha1", "crc32", "size", "flash", "june", "drops pe", "crlf line", "sample", "persistence", "win64", "hook", "instructor", "kids goldadobe", "errstr", "cultureneutral", "license", "error", "code", "service", "vmprotect", "february", "back", "number", "mitre attack", "network info", "processes extra", "fri dec", "database", "initial access", "program", "overview", "overview zenbox", "ultimate file", "info file", "Nullworld", "value", "value lang", "buildinfo", "productinfo", "addremoveinfo", "displayversion", "screnshots", "United", "Swedishvpncarrierenrollment", "calls process", "writes", "png image", "rgba", "guloader", "fraud", "phishing", "install", "pdapp", "urihandler", "us tcp", "product install", "gamma", "updater", "Now boarding", "DarkZero", "Sheep Tracker" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681399&Signature=o4EIDa%2Bu5q7UzJoKBZ3SHIdTRWKGT7HIZyLxFZSLdRJV2Ng655y2X8OLnU2siFeopgWPI6Gd8nE9F9LFBFgwM%2F0ZN0FWsDls8m78y46TmhjHhykfch6G%2Buw3LPxmfbz999yBfELXQDUCNWIiGUPv%2B23aUdHnc0c5jI4Mvlz2HGA%2BHlIMjc1w1S%2BWm%2FI6ftHJdyIAh0SqMbPXqAy%2BIonExlGkoEmMBCJl3r3pfMcYzy4ai0", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681421&Signature=oUYsIo6y2ldihmETch4oPYw5nb4sHZhKRik2zGuv2h9rqu30GcV1xZHlIO9ttFa625EXOlrrILZtAhfM%2FamkTDjXZUTqn2%2BTKmgnxqOOfJU6KrJHPLE9Do7l7MEaPxX4cs8z8tWd0%2FY8sBv8sjGAIdWrT5OPv202LNN%2FiVe6mEIUMkmNr%2BG1S3Pgs6LRTjo%2BgqhEcNXT0MFUgs3I2e4AQ0TQ4FOs%2BVRY", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681469&Signature=VGjB%2F%2BCQwDtsenSFWX7YNKbe9s%2Fgcpg%2FotVlxRZ6FXuE9VXITP76QQq6L2vlSM7pfQHSnBv%2BUdwMtN3QhCxjF7Zv2PV%2FkWLnwwA3hJciWMAKiLSeKTanNshzLWnmBjN04FASFwNf6kAq4PcunHkHh2PSOGl03eem41DHA6YOIRAjI1C6hAdDvKoAqJJXuGKM%2F5Z5vzfeTaXNgCRutOhVDB4%2FcAcV9zZaRcX9Ii0IFRAZo%2Bzk7rvI", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681490&Signature=bIUDLY2jLaPa0t0OyOiuRlKjk8VM9IFdVTwzJhuTKfuV%2BhwtwcYghSy4186P0qsGEebShI2xNNVBPSd3uQdeXMuYRDJWcyo18c12pLwgcLgaBot06%2Bfys%2BlGp%2FV%2FSCDBvdo3iLaAOesoSo8vbCLNsWAzGM5sztLl%2Beyq9%2F1oSuAvU692EiARhcufOCMFqXCn6MNuSp18gSQwkFRBadsMvHSjfHW645FvLUfiP5Egu1WuMVP2", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681535&Signature=K%2BM%2FPuLQI5kqDYLWjQMD%2BgPbchxwp2sWPPUtfDZYFn5H9w%2BqFPRxh7iZqH4FOPAnwlC0%2BN5TKTqrEuhABL3gWMqHySyweiNPNkJ1MlX29xZdE482pqQSn8rzkPs7CZD63ts4ZRPrK%2Bl06RV13mZf4TUzAD9Sx0m6%2FWhetQETuu6StpVmyzhie%2Fn%2FUdsdFN0SW%2BtLpQE74IVNfszCgKVhF9oNeBiifytanSbIG0SnLff9sXffjS", "https://vtbehaviour.commondatastorage.googleapis.com/087975d5f3c874a6fe9cbfe9d7ee77fb0af138e3c36a6f75e3d000699afc571d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681569&Signature=C286Cg30s1QDg1lkY0jtTLfia8Fs4B%2FdqNMfidFUYXpd2si4N25G7RBqy8LODkWqBQca8rpYyZ7FIYHuRDc0wBLk%2B1rPiEXJckZIdmkyhDkFJ2jrxfNV135BZTTeF6DkLrRfWPgnxciVK%2FJrkueYnjlYhYW08OZkTu9plzgmfR2IocW5ENVaqHbcPAdm2QDCC6VVrNQp%2FP%2FjV6%2Fkm37tinRyXhg1vKSf0TVFMzL1jpYkiS5PIc", "https://vtbehaviour.commondatastorage.googleapis.com/07f5960476ab34754f3e04143caf2d4899cb09e6b271bfd27ef1f1c8977ca050_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681591&Signature=uoP10og17YxXUe0yZ8kll3N15RJJ%2Bf5pJFzW0MUe4fdvXaLlcOfCxs%2B6EyW23FSqTj%2FbNedtUC6z7Y0dgMPBtJC%2F9gOhXEZj5%2BKKwnQbCBe7GuFtEsVMMkQRdiDQxJYZipAId1MwoBChhx%2BSr%2FrboVkDq%2F%2FbNLvWS6keRMn4fa8GX%2BF0lIJepJ98sjwXs48DXBch8974olbyd38VGGp1bLMl7mycstrQ2hIy2MFXWD", "https://vtbehaviour.commondatastorage.googleapis.com/0da371854ec2c04bbee9680dbdabb67a4e4a84add40e5e1877425790f2dfef02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682005&Signature=SyLSFT5xdlAZ5lwNyaeDpqsMTuwGywWruel4fBOIdsyiZ%2FvtOZYr7f%2B%2BIuBmqFMAwMI4L7kB6jRtv8mVn8lmU5MUJBAG6GJdVsEp2SoexU5Yl2kTksey03ZsjBloxlJqDzf8PULDlwjfD1Ydv%2B5QFPoY3%2Fk8TKMlmmpTIw7%2FYcR24%2FHYHw78XVF2cV%2Bnb3GoDaHw%2FnpxLrDwgfZP9dWvP8V264o5l2dDfxQtF0", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682086&Signature=yzXoWEcsMl9wlTGgMQfBKEZWwnDzmua%2FR2suwDMBSqPLhunpHELcj0SzY3czM%2F9HQG9QuvYzhQRVUxR1iDaFz1BQ4YHkXJih3zm%2BcNlDcfXsOZzyYzWUhaPsbSti%2FWbFoL4E14bnS7tIuG9s9R96LkGyGpWIsT%2BPeCNhsCzD7vFRU0cPMr6vNblu%2BBiO3Ki99QSrkF4hzBxkQ7DFgba3qi7kOfal%2F2K8hC1ikcZntmn5IESW", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682105&Signature=DkIw2nRg0%2BHKmd2TpyMzcgrB%2F4s6sIVIpOEEVMqz3Csoj6PPmSGNer%2Bt5X5oYKPZQgJETAHcCRs0mh3Lfa85XEPdYk6PjMimJmKQdBstqdULgs6q7wyZEjHDhQn41ri7eQ16g7pAo9ojfhLUNp4uW2xuYvdBwYhYBsZP3EO1BKz2f3dYxSg%2Bgsn2AnC2%2BDRTIX0Xxd%2Bt44%2BkXfiY32mvDHDNDCcuT5ZDFNrHwDp3HKuuJYy7lRHm8AlK", "https://vtbehaviour.commondatastorage.googleapis.com/1f1db73659fa2fe7a944d20bb4e9a867513a50ee9b51be89dfec30c73f6ed622_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682177&Signature=yjgeq7TPzf6M6Pn8mPFgBmhHQbfgGlaadZNsSsDUKq0Da4%2Bb25WhNl6nDIyUDmRBtABod6Itj2EUlbe%2B4U0QYLuJR00aQqsO%2F9pXU4AWeIFUEZhCrwgZ5WuNPpYbdVbOYcVX6oyDXpSjv1QEGmJ1NVVr%2F1esshl3tugyHxp6LFYa9%2BQeoiqsBikKLglNB52vsap%2BkwVPKyXg%2FjduMqTQd%2FhNMM41261XiBOTtUqjpzIm67", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682206&Signature=iCbR7BcpXhfqHIoxTRE%2BvhCqRoHYALCXll0hXveh8IQOJPjxw%2BlLNas6nIvp035t6sdMg9KdOY751XfThil%2FE2mLrvir%2FwKjheK2382r5bhEQFEsa6etlla3TDjlvttEFZDUN7SSLpGao8u7uVNwrPRb0BuwYDemKKVJK6DACPbUZEHk3DZ%2Bi8SxXIdELiXG%2Bozy7oC8Dcj0HqHGYuliXpjT1mV7OsCjFXvmjZPcFH06EzZS5L", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682251&Signature=z6Lrdrr5u6YZdzJaR%2B2Qab%2F%2FVA6%2FL6JaNA4%2BVxLe9wEjL%2B2ARzGBhQdq6RTX5ez3SDTWWmc%2BrOypKxxCsLeXUbjYRoIgcsSzYIxWQWoEl35tFARLVKf%2FVf%2B696U6PYQ%2F1BNWxSfuNOeUVNK2pIiMYCUjLnikvUyj9Ip3MrgKOaV9v9SShCLay93Y7b3GbAUZ2Jzy18PEYf%2FLuk4fDrqITmP2upsysOJq1MhZcJ%2", "https://vtbehaviour.commondatastorage.googleapis.com/105f31af20fdb87d442f81aad0c3a54030b7e214c4796cf2a069bae6aa89dc65_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682395&Signature=oVg82i1yTG%2BGfhoL5FyBdK%2BZKa6wi2iWMpwHyA77jBFtAOZxw%2Bs6z6So26GWDthH7UMEzwZwQC6ENF1TLBEqXukldXMdMg%2FvNylvy7vCdDKDsw53Ibc7vKnu5T0lNumnv%2FD5vnV14QZrzAE8PG3J0S0rtheY8mNCkM6t1w52XYYm5mfnGJXsnjyMEvgURuPhzOIq9%2B%2FG7XUWFK0vK%2BlzKmZU627%2FKYkT9EWHOI8Nyx%2FJUqad%2", "https://vtbehaviour.commondatastorage.googleapis.com/002150c786ae1e04ab2981bf5593d926987b60b9ac699f431ed4568084dd854b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682457&Signature=eWipoH1g7AQ8zq2pd%2BpyAKrKscAY%2FebCATbHE%2FMwdvIfIy%2F4i3OFy%2FKlfaNCXDLDU0OM6JaEF73FAqGhLEb8ZcxTuEfMeU%2F6WxjpgS2SqLZ0xOjAPgPWOOor3uCcdIEZRCcpJe%2BAzPY8jEZJ0aIf49RU85lkIx9yCiXcFnee1pNHHBFwpsBK4FNuTB%2FyDe61M5Htw4fjlf43GTnXFxj0%2Fjc%2Fe32Q7EpVkuSc0I%2F3zTrY0UkC", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682486&Signature=ucigAmI%2BTWYWnZuZjQb7cvSnhC1f6r93NM1kh5fCHjjcUodx6ltePV2QSdyXCnhrdH8ODLugh37CFZxsAmtiMMefuyuh6T8mtuxe7znGqLiJre5YFfSQLkzmz0Ksqekcg0sp1bUaKykXguy%2BKwv6Tg12CIM7xzaDB%2BGcjw6KkBLiD0A1sB6Z9gk9np%2FNtUBHdW7E0eBfvTWOK8F99R1lQdmQab2Vha55GLH6JRBksZ7AbBEdVS8DMtkaZCS9sV", "https://vtbehaviour.commondatastorage.googleapis.com/049c8db974d1830f931d605f6918184d8928c46c74f4152dfde3dc7bdffbf5d5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682585&Signature=z2IzO8oruo5%2BmP%2BuhsnAbNLmy7QRAemblZDUm1KEgUCliIqrtWVkruuMg2tcIokmH12yIvRumIVlk5OcGjVxI%2Bb%2B3Va9LgSnD%2Bwjbe5pAs%2BDuUGTY52XSe7V9xdcRN38UeNFYy2jTLa2KYspIZ0NzHMsL0BzU5pqOWw0bAShHYc9sNx0S7a%2BSD7PiY%2BDR%2Br%2BQll9wUT%2B4EjhHrYYmmdRCa6vbIyTLcHmdw4JzmHHsLy%2Bjf", "https://vtbehaviour.commondatastorage.googleapis.com/27086c4185aa32bbc6674267b947e3f6610554188ac694ce2dbc1191a9525339_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683188&Signature=o0pfi%2Bqzc6KRiLra5kzATI2ROhjWVPHqZ7tOokv%2B9i4HwxX3m%2BpcqtYKMIFJMVk1qNFDyYwnCDfkeiva50iZyrha2F3bacitBdmnSwCEQE5xMG73RGPjQAvPps3tKMm1MDH8Rzpy65y9bdKpTSCL9%2Bt2xAk4%2BXx13XPz2GlU%2BG8Q%2FSPkCW96%2BX6c5xzWpIH%2FlXn7%2Bgl2G9QMGbrbnwD%2FfR58%2FrXIeIEJ%2F9%2BNt2W3Fr", "https://vtbehaviour.commondatastorage.googleapis.com/2c7002510767deb9bbb0d2ee2d47be98828bf5b6e999d6cd882b1c1a1c908510_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683299&Signature=RMRBhdx9cTLEwBYgOaiBV4x03W8laZvNMUtTq68ykLCh0R5toTaD64MdSiBhgsNAZLaS8z9dPsGmVcfMC8U5sPrXXLzAt9CBPoJjT2jV40HyYrW58xs3wjf65936U00bQy9DGFrlU7xInrhEocKiXuD17i5A%2F7tdPgx74I6xY906Ua8hyOe3f5zVmaxE6zpNAonyZtoHtHmnuDLG71DTPwYyiKcGPff7glIXoNalw4ST3jQr3Ma%2Fv1Q3De", "https://vtbehaviour.commondatastorage.googleapis.com/2c98a3b3752939b7c2db76682607e3918dee0edd81998279cb4528cc6c67f715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683469&Signature=oE7hEU%2FccffwWPye7wmTWT154zCmhX2wBLLWErX6yptBjSn9YXSMLMohlpsjw%2BxO5VxqobuYkMh302JzsMTg4fXVD76S9F6aOL1vRPwZx8fTGOeMoKRTMO7B0xwvo2HQCra8ds7NMqXBpbNxN%2Bi7Ez6ZOyX%2FQUyixg1Ya1G7%2FkF8sEaT8z%2B4QHLhghEUdy4%2FMYbGVFzAKhSDW9Yg%2BcPfxQLt%2BViZ", "https://vtbehaviour.commondatastorage.googleapis.com/5f87d5cb5921df99f335e1a8f044db15187f88aea04ecc073b310a4b9649a5e1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683851&Signature=oDNiEuOved3Q5at8LARyePhpQE3%2FjmEYRIWg4Vzp0yzifSrnwMGaujbhYJWqc8BadzAh1AhmrfOaNLGJfe8IO2Izje4ofsfex0DAAfgHm5l1vDeQWFDfgypa9%2F8sHOOgBiUlbdSDYrVdZ2Z9f8MGr8OaswhQwykG5mL3UcUwRD4heOIda%2FFZGhfCLn%2B7ksTMcuD2%2BjT%2F7IuP8kYOTQ0ZqwnDZGNQwopAFpNNouIAx0LKAjPDIO", "https://vtbehaviour.commondatastorage.googleapis.com/5f9b9db4e9200b4576d6e8bc2888d6e7ab28a04e66083366bcde57915eed5078_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683897&Signature=A1uHov9N8mIMBn6lVPETST7i%2F%2F3lKCkTSifHpWYQ8lqnGw3%2FwBD1QhGr1tH%2BYzg4xJYZR1vHPxcGC2biWNZtPF89Sx8FKf%2F18O4PHYJb1n7YfdP24JbV%2BkekQpomFKe66pKsf0gWQQx1zTJDWvam9HuvVTyCV9h22TLG%2FmBDvK4SftnNssRv0EkzKP9dNqTfjJdMh0Y0rIEyQdNLLo%2BLsWQbrx2yxJo6kZD%2FJC", "https://vtbehaviour.commondatastorage.googleapis.com/727dc58bb6aaf24fd82f54a11560f26e38ee0ca6bb823ea70bad33fd7c9378ef_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683965&Signature=tYhGClprbVOZuxQF%2F%2BLWEx6LfO%2Fz4pigFaLvSPYRY%2Fqg92dL8%2BWlaAyT%2FJueBiXJFPkqBYoXk0DmZNj2UfqQiv4Jy9bhRG562tGCoadI7qFVHMBOyAmGj0uMVS%2FoyY00p8UkiUah%2BiG2lZaGt6eVnE1yrGqEIpnAnUxdyxti%2BDm0vFgP5Ust7yR%2F1SAtswsFyfntj2GSgBc5z1NbueSA2uSfZsxWtxmYAm9dk%2FrUPQ47Nb5Q", "https://vtbehaviour.commondatastorage.googleapis.com/7111bb197f77eecf518b22f7a6f269647abc17eda4aaed9ba50212462b9848ed_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684045&Signature=g5SPZe7A95%2FqyMCV3ihh6MGTnXRMjhKIGP6dBCJ3OB%2FCOBrSRTz%2BpnCcdIwsJk%2Fc74E6s1DRbKJn3SszGoP7h%2FNJwXl3BIBK6KeI0zYJeOibOT%2BeU9CnCcwY%2F3bx99X3LvHRwg0Fkdg%2BJoRI620jziRVAW%2FiC1wpzeMqmJNUOHn4NsTYiMD7H8cuBnRzAZQvK2lRO5asaddU11mHkkQ963f3YOOv", "https://vtbehaviour.commondatastorage.googleapis.com/8b10c7238761ba1c98b713c673c452437c4a56794ff0e3d657cff148056c9cf1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684153&Signature=MfmLhMZdg4gtuEoE1eB%2FroqyUo2QXTJ8L6oAmpYIvTmU8BmwS6hwF0opRe4GV3ox8yxCzd2O9fsm4T7dwrkSk8fJBlqrPHibaMNPNs4QpeMOraU4O6Au5EDLlJTtDwp43nz%2FK5tqLXzJpfqCvDEnQOghFLah5YCBj8qdFtGrKfHbvyMGL70BlhpaZsmAn3Jgu6zNXCQGqz3c%2BkATkQ3XNm%2F8FiNTOFzO5TUxHqPE3NUMFglmxAJhEo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2266, "IPv4": 327, "domain": 178, "hostname": 372, "FileHash-MD5": 805, "FileHash-SHA1": 833, "URL": 812, "email": 2 }, "indicator_count": 5595, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13d455f52a1c3acb3904b6", "name": "NOW BOARDING: DARK-ZERO Sheep Tracker * CAPE Sandbox", "description": "Modern threat intelligence requires moving from passive observation to active intervention. In the context of targeted tracking implants, defending civil rights means engineering systems that protect user autonomy against unauthorized data extraction. Architectural Protections:\n0-Trust Telemetry: Designing operating systems where the user owns the cryptographic root of trust.\nHardware-Enforced Isolation: Utilizing Secure Enclaves to process cryptographic keys outside the reach of a compromised kernel.\nExploit Mitigation: Implementing advanced PAC+ Memory Tagging Extensions (MTE) to stop zero-day memory corruption bugs. The holiday serves as a reminder for SOCs to uphold high ethical standards, ensuring defensive tools are never repurposed for unauthorized surveillance. Respect to all.", "modified": "2026-05-27T16:29:42.941000", "created": "2026-05-25T04:47:17.194000", "tags": [ "win32 exe", "mozilla firefox", "zip adobe", "photoshop cc", "rar adobe", "air sdk", "adobe air", "lassa2", "default", "shell folders", "inprocserver32", "parent pid", "full path", "command line", "cname", "folders", "file size", "mwdb", "accept", "shutdown", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "file type", "json", "ascii", "utf8", "sqlite version", "found", "pe file", "intel", "pe32", "ms windows", "installer", "defense evasion", "window", "title", "template", "next", "united", "performs dns", "grabber honest", "layer protocol", "attack network", "info processes", "extra info", "zenbox macos", "verdict", "guest system", "ascii text", "sigma", "creates", "t1055 process", "info dropped", "malicious", "p2404", "p11718783889", "p4de83ek69hqsh4", "p11718784848", "bazaar", "sha3384", "ssdeep", "checker", "themida", "guard", "property", "adobe device", "property name", "productname", "displayname", "destination", "root", "totalsize", "langpack", "swedish", "win32", "windows sandbox", "calls clear", "sha256", "sha1", "crc32", "size", "flash", "june", "drops pe", "crlf line", "sample", "persistence", "win64", "hook", "instructor", "kids goldadobe", "errstr", "cultureneutral", "license", "error", "code", "service", "vmprotect", "february", "back", "number", "mitre attack", "network info", "processes extra", "fri dec", "database", "initial access", "program", "overview", "overview zenbox", "ultimate file", "info file", "Nullworld", "value", "value lang", "buildinfo", "productinfo", "addremoveinfo", "displayversion", "screnshots", "United", "Swedishvpncarrierenrollment", "calls process", "writes", "png image", "rgba", "guloader", "fraud", "phishing", "install", "pdapp", "urihandler", "us tcp", "product install", "gamma", "updater", "Now boarding", "DarkZero", "Sheep Tracker" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681399&Signature=o4EIDa%2Bu5q7UzJoKBZ3SHIdTRWKGT7HIZyLxFZSLdRJV2Ng655y2X8OLnU2siFeopgWPI6Gd8nE9F9LFBFgwM%2F0ZN0FWsDls8m78y46TmhjHhykfch6G%2Buw3LPxmfbz999yBfELXQDUCNWIiGUPv%2B23aUdHnc0c5jI4Mvlz2HGA%2BHlIMjc1w1S%2BWm%2FI6ftHJdyIAh0SqMbPXqAy%2BIonExlGkoEmMBCJl3r3pfMcYzy4ai0", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681421&Signature=oUYsIo6y2ldihmETch4oPYw5nb4sHZhKRik2zGuv2h9rqu30GcV1xZHlIO9ttFa625EXOlrrILZtAhfM%2FamkTDjXZUTqn2%2BTKmgnxqOOfJU6KrJHPLE9Do7l7MEaPxX4cs8z8tWd0%2FY8sBv8sjGAIdWrT5OPv202LNN%2FiVe6mEIUMkmNr%2BG1S3Pgs6LRTjo%2BgqhEcNXT0MFUgs3I2e4AQ0TQ4FOs%2BVRY", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681469&Signature=VGjB%2F%2BCQwDtsenSFWX7YNKbe9s%2Fgcpg%2FotVlxRZ6FXuE9VXITP76QQq6L2vlSM7pfQHSnBv%2BUdwMtN3QhCxjF7Zv2PV%2FkWLnwwA3hJciWMAKiLSeKTanNshzLWnmBjN04FASFwNf6kAq4PcunHkHh2PSOGl03eem41DHA6YOIRAjI1C6hAdDvKoAqJJXuGKM%2F5Z5vzfeTaXNgCRutOhVDB4%2FcAcV9zZaRcX9Ii0IFRAZo%2Bzk7rvI", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681490&Signature=bIUDLY2jLaPa0t0OyOiuRlKjk8VM9IFdVTwzJhuTKfuV%2BhwtwcYghSy4186P0qsGEebShI2xNNVBPSd3uQdeXMuYRDJWcyo18c12pLwgcLgaBot06%2Bfys%2BlGp%2FV%2FSCDBvdo3iLaAOesoSo8vbCLNsWAzGM5sztLl%2Beyq9%2F1oSuAvU692EiARhcufOCMFqXCn6MNuSp18gSQwkFRBadsMvHSjfHW645FvLUfiP5Egu1WuMVP2", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681535&Signature=K%2BM%2FPuLQI5kqDYLWjQMD%2BgPbchxwp2sWPPUtfDZYFn5H9w%2BqFPRxh7iZqH4FOPAnwlC0%2BN5TKTqrEuhABL3gWMqHySyweiNPNkJ1MlX29xZdE482pqQSn8rzkPs7CZD63ts4ZRPrK%2Bl06RV13mZf4TUzAD9Sx0m6%2FWhetQETuu6StpVmyzhie%2Fn%2FUdsdFN0SW%2BtLpQE74IVNfszCgKVhF9oNeBiifytanSbIG0SnLff9sXffjS", "https://vtbehaviour.commondatastorage.googleapis.com/087975d5f3c874a6fe9cbfe9d7ee77fb0af138e3c36a6f75e3d000699afc571d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681569&Signature=C286Cg30s1QDg1lkY0jtTLfia8Fs4B%2FdqNMfidFUYXpd2si4N25G7RBqy8LODkWqBQca8rpYyZ7FIYHuRDc0wBLk%2B1rPiEXJckZIdmkyhDkFJ2jrxfNV135BZTTeF6DkLrRfWPgnxciVK%2FJrkueYnjlYhYW08OZkTu9plzgmfR2IocW5ENVaqHbcPAdm2QDCC6VVrNQp%2FP%2FjV6%2Fkm37tinRyXhg1vKSf0TVFMzL1jpYkiS5PIc", "https://vtbehaviour.commondatastorage.googleapis.com/07f5960476ab34754f3e04143caf2d4899cb09e6b271bfd27ef1f1c8977ca050_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681591&Signature=uoP10og17YxXUe0yZ8kll3N15RJJ%2Bf5pJFzW0MUe4fdvXaLlcOfCxs%2B6EyW23FSqTj%2FbNedtUC6z7Y0dgMPBtJC%2F9gOhXEZj5%2BKKwnQbCBe7GuFtEsVMMkQRdiDQxJYZipAId1MwoBChhx%2BSr%2FrboVkDq%2F%2FbNLvWS6keRMn4fa8GX%2BF0lIJepJ98sjwXs48DXBch8974olbyd38VGGp1bLMl7mycstrQ2hIy2MFXWD", "https://vtbehaviour.commondatastorage.googleapis.com/0da371854ec2c04bbee9680dbdabb67a4e4a84add40e5e1877425790f2dfef02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682005&Signature=SyLSFT5xdlAZ5lwNyaeDpqsMTuwGywWruel4fBOIdsyiZ%2FvtOZYr7f%2B%2BIuBmqFMAwMI4L7kB6jRtv8mVn8lmU5MUJBAG6GJdVsEp2SoexU5Yl2kTksey03ZsjBloxlJqDzf8PULDlwjfD1Ydv%2B5QFPoY3%2Fk8TKMlmmpTIw7%2FYcR24%2FHYHw78XVF2cV%2Bnb3GoDaHw%2FnpxLrDwgfZP9dWvP8V264o5l2dDfxQtF0", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682086&Signature=yzXoWEcsMl9wlTGgMQfBKEZWwnDzmua%2FR2suwDMBSqPLhunpHELcj0SzY3czM%2F9HQG9QuvYzhQRVUxR1iDaFz1BQ4YHkXJih3zm%2BcNlDcfXsOZzyYzWUhaPsbSti%2FWbFoL4E14bnS7tIuG9s9R96LkGyGpWIsT%2BPeCNhsCzD7vFRU0cPMr6vNblu%2BBiO3Ki99QSrkF4hzBxkQ7DFgba3qi7kOfal%2F2K8hC1ikcZntmn5IESW", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682105&Signature=DkIw2nRg0%2BHKmd2TpyMzcgrB%2F4s6sIVIpOEEVMqz3Csoj6PPmSGNer%2Bt5X5oYKPZQgJETAHcCRs0mh3Lfa85XEPdYk6PjMimJmKQdBstqdULgs6q7wyZEjHDhQn41ri7eQ16g7pAo9ojfhLUNp4uW2xuYvdBwYhYBsZP3EO1BKz2f3dYxSg%2Bgsn2AnC2%2BDRTIX0Xxd%2Bt44%2BkXfiY32mvDHDNDCcuT5ZDFNrHwDp3HKuuJYy7lRHm8AlK", "https://vtbehaviour.commondatastorage.googleapis.com/1f1db73659fa2fe7a944d20bb4e9a867513a50ee9b51be89dfec30c73f6ed622_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682177&Signature=yjgeq7TPzf6M6Pn8mPFgBmhHQbfgGlaadZNsSsDUKq0Da4%2Bb25WhNl6nDIyUDmRBtABod6Itj2EUlbe%2B4U0QYLuJR00aQqsO%2F9pXU4AWeIFUEZhCrwgZ5WuNPpYbdVbOYcVX6oyDXpSjv1QEGmJ1NVVr%2F1esshl3tugyHxp6LFYa9%2BQeoiqsBikKLglNB52vsap%2BkwVPKyXg%2FjduMqTQd%2FhNMM41261XiBOTtUqjpzIm67", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682206&Signature=iCbR7BcpXhfqHIoxTRE%2BvhCqRoHYALCXll0hXveh8IQOJPjxw%2BlLNas6nIvp035t6sdMg9KdOY751XfThil%2FE2mLrvir%2FwKjheK2382r5bhEQFEsa6etlla3TDjlvttEFZDUN7SSLpGao8u7uVNwrPRb0BuwYDemKKVJK6DACPbUZEHk3DZ%2Bi8SxXIdELiXG%2Bozy7oC8Dcj0HqHGYuliXpjT1mV7OsCjFXvmjZPcFH06EzZS5L", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682251&Signature=z6Lrdrr5u6YZdzJaR%2B2Qab%2F%2FVA6%2FL6JaNA4%2BVxLe9wEjL%2B2ARzGBhQdq6RTX5ez3SDTWWmc%2BrOypKxxCsLeXUbjYRoIgcsSzYIxWQWoEl35tFARLVKf%2FVf%2B696U6PYQ%2F1BNWxSfuNOeUVNK2pIiMYCUjLnikvUyj9Ip3MrgKOaV9v9SShCLay93Y7b3GbAUZ2Jzy18PEYf%2FLuk4fDrqITmP2upsysOJq1MhZcJ%2", "https://vtbehaviour.commondatastorage.googleapis.com/105f31af20fdb87d442f81aad0c3a54030b7e214c4796cf2a069bae6aa89dc65_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682395&Signature=oVg82i1yTG%2BGfhoL5FyBdK%2BZKa6wi2iWMpwHyA77jBFtAOZxw%2Bs6z6So26GWDthH7UMEzwZwQC6ENF1TLBEqXukldXMdMg%2FvNylvy7vCdDKDsw53Ibc7vKnu5T0lNumnv%2FD5vnV14QZrzAE8PG3J0S0rtheY8mNCkM6t1w52XYYm5mfnGJXsnjyMEvgURuPhzOIq9%2B%2FG7XUWFK0vK%2BlzKmZU627%2FKYkT9EWHOI8Nyx%2FJUqad%2", "https://vtbehaviour.commondatastorage.googleapis.com/002150c786ae1e04ab2981bf5593d926987b60b9ac699f431ed4568084dd854b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682457&Signature=eWipoH1g7AQ8zq2pd%2BpyAKrKscAY%2FebCATbHE%2FMwdvIfIy%2F4i3OFy%2FKlfaNCXDLDU0OM6JaEF73FAqGhLEb8ZcxTuEfMeU%2F6WxjpgS2SqLZ0xOjAPgPWOOor3uCcdIEZRCcpJe%2BAzPY8jEZJ0aIf49RU85lkIx9yCiXcFnee1pNHHBFwpsBK4FNuTB%2FyDe61M5Htw4fjlf43GTnXFxj0%2Fjc%2Fe32Q7EpVkuSc0I%2F3zTrY0UkC", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682486&Signature=ucigAmI%2BTWYWnZuZjQb7cvSnhC1f6r93NM1kh5fCHjjcUodx6ltePV2QSdyXCnhrdH8ODLugh37CFZxsAmtiMMefuyuh6T8mtuxe7znGqLiJre5YFfSQLkzmz0Ksqekcg0sp1bUaKykXguy%2BKwv6Tg12CIM7xzaDB%2BGcjw6KkBLiD0A1sB6Z9gk9np%2FNtUBHdW7E0eBfvTWOK8F99R1lQdmQab2Vha55GLH6JRBksZ7AbBEdVS8DMtkaZCS9sV", "https://vtbehaviour.commondatastorage.googleapis.com/049c8db974d1830f931d605f6918184d8928c46c74f4152dfde3dc7bdffbf5d5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682585&Signature=z2IzO8oruo5%2BmP%2BuhsnAbNLmy7QRAemblZDUm1KEgUCliIqrtWVkruuMg2tcIokmH12yIvRumIVlk5OcGjVxI%2Bb%2B3Va9LgSnD%2Bwjbe5pAs%2BDuUGTY52XSe7V9xdcRN38UeNFYy2jTLa2KYspIZ0NzHMsL0BzU5pqOWw0bAShHYc9sNx0S7a%2BSD7PiY%2BDR%2Br%2BQll9wUT%2B4EjhHrYYmmdRCa6vbIyTLcHmdw4JzmHHsLy%2Bjf", "https://vtbehaviour.commondatastorage.googleapis.com/27086c4185aa32bbc6674267b947e3f6610554188ac694ce2dbc1191a9525339_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683188&Signature=o0pfi%2Bqzc6KRiLra5kzATI2ROhjWVPHqZ7tOokv%2B9i4HwxX3m%2BpcqtYKMIFJMVk1qNFDyYwnCDfkeiva50iZyrha2F3bacitBdmnSwCEQE5xMG73RGPjQAvPps3tKMm1MDH8Rzpy65y9bdKpTSCL9%2Bt2xAk4%2BXx13XPz2GlU%2BG8Q%2FSPkCW96%2BX6c5xzWpIH%2FlXn7%2Bgl2G9QMGbrbnwD%2FfR58%2FrXIeIEJ%2F9%2BNt2W3Fr", "https://vtbehaviour.commondatastorage.googleapis.com/2c7002510767deb9bbb0d2ee2d47be98828bf5b6e999d6cd882b1c1a1c908510_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683299&Signature=RMRBhdx9cTLEwBYgOaiBV4x03W8laZvNMUtTq68ykLCh0R5toTaD64MdSiBhgsNAZLaS8z9dPsGmVcfMC8U5sPrXXLzAt9CBPoJjT2jV40HyYrW58xs3wjf65936U00bQy9DGFrlU7xInrhEocKiXuD17i5A%2F7tdPgx74I6xY906Ua8hyOe3f5zVmaxE6zpNAonyZtoHtHmnuDLG71DTPwYyiKcGPff7glIXoNalw4ST3jQr3Ma%2Fv1Q3De", "https://vtbehaviour.commondatastorage.googleapis.com/2c98a3b3752939b7c2db76682607e3918dee0edd81998279cb4528cc6c67f715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683469&Signature=oE7hEU%2FccffwWPye7wmTWT154zCmhX2wBLLWErX6yptBjSn9YXSMLMohlpsjw%2BxO5VxqobuYkMh302JzsMTg4fXVD76S9F6aOL1vRPwZx8fTGOeMoKRTMO7B0xwvo2HQCra8ds7NMqXBpbNxN%2Bi7Ez6ZOyX%2FQUyixg1Ya1G7%2FkF8sEaT8z%2B4QHLhghEUdy4%2FMYbGVFzAKhSDW9Yg%2BcPfxQLt%2BViZ", "https://vtbehaviour.commondatastorage.googleapis.com/5f87d5cb5921df99f335e1a8f044db15187f88aea04ecc073b310a4b9649a5e1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683851&Signature=oDNiEuOved3Q5at8LARyePhpQE3%2FjmEYRIWg4Vzp0yzifSrnwMGaujbhYJWqc8BadzAh1AhmrfOaNLGJfe8IO2Izje4ofsfex0DAAfgHm5l1vDeQWFDfgypa9%2F8sHOOgBiUlbdSDYrVdZ2Z9f8MGr8OaswhQwykG5mL3UcUwRD4heOIda%2FFZGhfCLn%2B7ksTMcuD2%2BjT%2F7IuP8kYOTQ0ZqwnDZGNQwopAFpNNouIAx0LKAjPDIO", "https://vtbehaviour.commondatastorage.googleapis.com/5f9b9db4e9200b4576d6e8bc2888d6e7ab28a04e66083366bcde57915eed5078_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683897&Signature=A1uHov9N8mIMBn6lVPETST7i%2F%2F3lKCkTSifHpWYQ8lqnGw3%2FwBD1QhGr1tH%2BYzg4xJYZR1vHPxcGC2biWNZtPF89Sx8FKf%2F18O4PHYJb1n7YfdP24JbV%2BkekQpomFKe66pKsf0gWQQx1zTJDWvam9HuvVTyCV9h22TLG%2FmBDvK4SftnNssRv0EkzKP9dNqTfjJdMh0Y0rIEyQdNLLo%2BLsWQbrx2yxJo6kZD%2FJC", "https://vtbehaviour.commondatastorage.googleapis.com/727dc58bb6aaf24fd82f54a11560f26e38ee0ca6bb823ea70bad33fd7c9378ef_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683965&Signature=tYhGClprbVOZuxQF%2F%2BLWEx6LfO%2Fz4pigFaLvSPYRY%2Fqg92dL8%2BWlaAyT%2FJueBiXJFPkqBYoXk0DmZNj2UfqQiv4Jy9bhRG562tGCoadI7qFVHMBOyAmGj0uMVS%2FoyY00p8UkiUah%2BiG2lZaGt6eVnE1yrGqEIpnAnUxdyxti%2BDm0vFgP5Ust7yR%2F1SAtswsFyfntj2GSgBc5z1NbueSA2uSfZsxWtxmYAm9dk%2FrUPQ47Nb5Q", "https://vtbehaviour.commondatastorage.googleapis.com/7111bb197f77eecf518b22f7a6f269647abc17eda4aaed9ba50212462b9848ed_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684045&Signature=g5SPZe7A95%2FqyMCV3ihh6MGTnXRMjhKIGP6dBCJ3OB%2FCOBrSRTz%2BpnCcdIwsJk%2Fc74E6s1DRbKJn3SszGoP7h%2FNJwXl3BIBK6KeI0zYJeOibOT%2BeU9CnCcwY%2F3bx99X3LvHRwg0Fkdg%2BJoRI620jziRVAW%2FiC1wpzeMqmJNUOHn4NsTYiMD7H8cuBnRzAZQvK2lRO5asaddU11mHkkQ963f3YOOv", "https://vtbehaviour.commondatastorage.googleapis.com/8b10c7238761ba1c98b713c673c452437c4a56794ff0e3d657cff148056c9cf1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684153&Signature=MfmLhMZdg4gtuEoE1eB%2FroqyUo2QXTJ8L6oAmpYIvTmU8BmwS6hwF0opRe4GV3ox8yxCzd2O9fsm4T7dwrkSk8fJBlqrPHibaMNPNs4QpeMOraU4O6Au5EDLlJTtDwp43nz%2FK5tqLXzJpfqCvDEnQOghFLah5YCBj8qdFtGrKfHbvyMGL70BlhpaZsmAn3Jgu6zNXCQGqz3c%2BkATkQ3XNm%2F8FiNTOFzO5TUxHqPE3NUMFglmxAJhEo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2266, "IPv4": 327, "domain": 178, "hostname": 382, "FileHash-MD5": 805, "FileHash-SHA1": 833, "URL": 816, "email": 2 }, "indicator_count": 5609, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7c0f0657edc9c6d735", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-14T11:55:50.332000", "created": "2026-04-04T19:46:04.113000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2971, "URL": 388, "domain": 356, "hostname": 141, "FileHash-MD5": 25, "FileHash-SHA1": 21, "IPv4": 2 }, "indicator_count": 3904, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7bc549fa66f964d19b", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-04T19:25:55.402000", "created": "2026-04-04T19:46:03.621000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 2469, "URL": 287, "domain": 281, "hostname": 110 }, "indicator_count": 3183, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7d00b0ea85aaf98736", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-04T19:25:55.402000", "created": "2026-04-04T19:46:05.954000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 2469, "URL": 287, "domain": 281, "hostname": 110 }, "indicator_count": 3183, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7d28330920cf77f5b0", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-04T19:25:55.402000", "created": "2026-04-04T19:46:05.437000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 2469, "URL": 287, "domain": 281, "hostname": 110 }, "indicator_count": 3183, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682206&Signature=iCbR7BcpXhfqHIoxTRE%2BvhCqRoHYALCXll0hXveh8IQOJPjxw%2BlLNas6nIvp035t6sdMg9KdOY751XfThil%2FE2mLrvir%2FwKjheK2382r5bhEQFEsa6etlla3TDjlvttEFZDUN7SSLpGao8u7uVNwrPRb0BuwYDemKKVJK6DACPbUZEHk3DZ%2Bi8SxXIdELiXG%2Bozy7oC8Dcj0HqHGYuliXpjT1mV7OsCjFXvmjZPcFH06EzZS5L", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld", "https://vtbehaviour.commondatastorage.googleapis.com/8b10c7238761ba1c98b713c673c452437c4a56794ff0e3d657cff148056c9cf1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684153&Signature=MfmLhMZdg4gtuEoE1eB%2FroqyUo2QXTJ8L6oAmpYIvTmU8BmwS6hwF0opRe4GV3ox8yxCzd2O9fsm4T7dwrkSk8fJBlqrPHibaMNPNs4QpeMOraU4O6Au5EDLlJTtDwp43nz%2FK5tqLXzJpfqCvDEnQOghFLah5YCBj8qdFtGrKfHbvyMGL70BlhpaZsmAn3Jgu6zNXCQGqz3c%2BkATkQ3XNm%2F8FiNTOFzO5TUxHqPE3NUMFglmxAJhEo", "https://vtbehaviour.commondatastorage.googleapis.com/105f31af20fdb87d442f81aad0c3a54030b7e214c4796cf2a069bae6aa89dc65_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682395&Signature=oVg82i1yTG%2BGfhoL5FyBdK%2BZKa6wi2iWMpwHyA77jBFtAOZxw%2Bs6z6So26GWDthH7UMEzwZwQC6ENF1TLBEqXukldXMdMg%2FvNylvy7vCdDKDsw53Ibc7vKnu5T0lNumnv%2FD5vnV14QZrzAE8PG3J0S0rtheY8mNCkM6t1w52XYYm5mfnGJXsnjyMEvgURuPhzOIq9%2B%2FG7XUWFK0vK%2BlzKmZU627%2FKYkT9EWHOI8Nyx%2FJUqad%2", "https://vtbehaviour.commondatastorage.googleapis.com/27086c4185aa32bbc6674267b947e3f6610554188ac694ce2dbc1191a9525339_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683188&Signature=o0pfi%2Bqzc6KRiLra5kzATI2ROhjWVPHqZ7tOokv%2B9i4HwxX3m%2BpcqtYKMIFJMVk1qNFDyYwnCDfkeiva50iZyrha2F3bacitBdmnSwCEQE5xMG73RGPjQAvPps3tKMm1MDH8Rzpy65y9bdKpTSCL9%2Bt2xAk4%2BXx13XPz2GlU%2BG8Q%2FSPkCW96%2BX6c5xzWpIH%2FlXn7%2Bgl2G9QMGbrbnwD%2FfR58%2FrXIeIEJ%2F9%2BNt2W3Fr", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681469&Signature=VGjB%2F%2BCQwDtsenSFWX7YNKbe9s%2Fgcpg%2FotVlxRZ6FXuE9VXITP76QQq6L2vlSM7pfQHSnBv%2BUdwMtN3QhCxjF7Zv2PV%2FkWLnwwA3hJciWMAKiLSeKTanNshzLWnmBjN04FASFwNf6kAq4PcunHkHh2PSOGl03eem41DHA6YOIRAjI1C6hAdDvKoAqJJXuGKM%2F5Z5vzfeTaXNgCRutOhVDB4%2FcAcV9zZaRcX9Ii0IFRAZo%2Bzk7rvI", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681421&Signature=oUYsIo6y2ldihmETch4oPYw5nb4sHZhKRik2zGuv2h9rqu30GcV1xZHlIO9ttFa625EXOlrrILZtAhfM%2FamkTDjXZUTqn2%2BTKmgnxqOOfJU6KrJHPLE9Do7l7MEaPxX4cs8z8tWd0%2FY8sBv8sjGAIdWrT5OPv202LNN%2FiVe6mEIUMkmNr%2BG1S3Pgs6LRTjo%2BgqhEcNXT0MFUgs3I2e4AQ0TQ4FOs%2BVRY", "https://vtbehaviour.commondatastorage.googleapis.com/2c98a3b3752939b7c2db76682607e3918dee0edd81998279cb4528cc6c67f715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683469&Signature=oE7hEU%2FccffwWPye7wmTWT154zCmhX2wBLLWErX6yptBjSn9YXSMLMohlpsjw%2BxO5VxqobuYkMh302JzsMTg4fXVD76S9F6aOL1vRPwZx8fTGOeMoKRTMO7B0xwvo2HQCra8ds7NMqXBpbNxN%2Bi7Ez6ZOyX%2FQUyixg1Ya1G7%2FkF8sEaT8z%2B4QHLhghEUdy4%2FMYbGVFzAKhSDW9Yg%2BcPfxQLt%2BViZ", "https://vtbehaviour.commondatastorage.googleapis.com/7111bb197f77eecf518b22f7a6f269647abc17eda4aaed9ba50212462b9848ed_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684045&Signature=g5SPZe7A95%2FqyMCV3ihh6MGTnXRMjhKIGP6dBCJ3OB%2FCOBrSRTz%2BpnCcdIwsJk%2Fc74E6s1DRbKJn3SszGoP7h%2FNJwXl3BIBK6KeI0zYJeOibOT%2BeU9CnCcwY%2F3bx99X3LvHRwg0Fkdg%2BJoRI620jziRVAW%2FiC1wpzeMqmJNUOHn4NsTYiMD7H8cuBnRzAZQvK2lRO5asaddU11mHkkQ963f3YOOv", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682105&Signature=DkIw2nRg0%2BHKmd2TpyMzcgrB%2F4s6sIVIpOEEVMqz3Csoj6PPmSGNer%2Bt5X5oYKPZQgJETAHcCRs0mh3Lfa85XEPdYk6PjMimJmKQdBstqdULgs6q7wyZEjHDhQn41ri7eQ16g7pAo9ojfhLUNp4uW2xuYvdBwYhYBsZP3EO1BKz2f3dYxSg%2Bgsn2AnC2%2BDRTIX0Xxd%2Bt44%2BkXfiY32mvDHDNDCcuT5ZDFNrHwDp3HKuuJYy7lRHm8AlK", "https://vtbehaviour.commondatastorage.googleapis.com/5f9b9db4e9200b4576d6e8bc2888d6e7ab28a04e66083366bcde57915eed5078_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683897&Signature=A1uHov9N8mIMBn6lVPETST7i%2F%2F3lKCkTSifHpWYQ8lqnGw3%2FwBD1QhGr1tH%2BYzg4xJYZR1vHPxcGC2biWNZtPF89Sx8FKf%2F18O4PHYJb1n7YfdP24JbV%2BkekQpomFKe66pKsf0gWQQx1zTJDWvam9HuvVTyCV9h22TLG%2FmBDvK4SftnNssRv0EkzKP9dNqTfjJdMh0Y0rIEyQdNLLo%2BLsWQbrx2yxJo6kZD%2FJC", "https://vtbehaviour.commondatastorage.googleapis.com/727dc58bb6aaf24fd82f54a11560f26e38ee0ca6bb823ea70bad33fd7c9378ef_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683965&Signature=tYhGClprbVOZuxQF%2F%2BLWEx6LfO%2Fz4pigFaLvSPYRY%2Fqg92dL8%2BWlaAyT%2FJueBiXJFPkqBYoXk0DmZNj2UfqQiv4Jy9bhRG562tGCoadI7qFVHMBOyAmGj0uMVS%2FoyY00p8UkiUah%2BiG2lZaGt6eVnE1yrGqEIpnAnUxdyxti%2BDm0vFgP5Ust7yR%2F1SAtswsFyfntj2GSgBc5z1NbueSA2uSfZsxWtxmYAm9dk%2FrUPQ47Nb5Q", "https://vtbehaviour.commondatastorage.googleapis.com/049c8db974d1830f931d605f6918184d8928c46c74f4152dfde3dc7bdffbf5d5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682585&Signature=z2IzO8oruo5%2BmP%2BuhsnAbNLmy7QRAemblZDUm1KEgUCliIqrtWVkruuMg2tcIokmH12yIvRumIVlk5OcGjVxI%2Bb%2B3Va9LgSnD%2Bwjbe5pAs%2BDuUGTY52XSe7V9xdcRN38UeNFYy2jTLa2KYspIZ0NzHMsL0BzU5pqOWw0bAShHYc9sNx0S7a%2BSD7PiY%2BDR%2Br%2BQll9wUT%2B4EjhHrYYmmdRCa6vbIyTLcHmdw4JzmHHsLy%2Bjf", "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681399&Signature=o4EIDa%2Bu5q7UzJoKBZ3SHIdTRWKGT7HIZyLxFZSLdRJV2Ng655y2X8OLnU2siFeopgWPI6Gd8nE9F9LFBFgwM%2F0ZN0FWsDls8m78y46TmhjHhykfch6G%2Buw3LPxmfbz999yBfELXQDUCNWIiGUPv%2B23aUdHnc0c5jI4Mvlz2HGA%2BHlIMjc1w1S%2BWm%2FI6ftHJdyIAh0SqMbPXqAy%2BIonExlGkoEmMBCJl3r3pfMcYzy4ai0", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682086&Signature=yzXoWEcsMl9wlTGgMQfBKEZWwnDzmua%2FR2suwDMBSqPLhunpHELcj0SzY3czM%2F9HQG9QuvYzhQRVUxR1iDaFz1BQ4YHkXJih3zm%2BcNlDcfXsOZzyYzWUhaPsbSti%2FWbFoL4E14bnS7tIuG9s9R96LkGyGpWIsT%2BPeCNhsCzD7vFRU0cPMr6vNblu%2BBiO3Ki99QSrkF4hzBxkQ7DFgba3qi7kOfal%2F2K8hC1ikcZntmn5IESW", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682486&Signature=ucigAmI%2BTWYWnZuZjQb7cvSnhC1f6r93NM1kh5fCHjjcUodx6ltePV2QSdyXCnhrdH8ODLugh37CFZxsAmtiMMefuyuh6T8mtuxe7znGqLiJre5YFfSQLkzmz0Ksqekcg0sp1bUaKykXguy%2BKwv6Tg12CIM7xzaDB%2BGcjw6KkBLiD0A1sB6Z9gk9np%2FNtUBHdW7E0eBfvTWOK8F99R1lQdmQab2Vha55GLH6JRBksZ7AbBEdVS8DMtkaZCS9sV", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681535&Signature=K%2BM%2FPuLQI5kqDYLWjQMD%2BgPbchxwp2sWPPUtfDZYFn5H9w%2BqFPRxh7iZqH4FOPAnwlC0%2BN5TKTqrEuhABL3gWMqHySyweiNPNkJ1MlX29xZdE482pqQSn8rzkPs7CZD63ts4ZRPrK%2Bl06RV13mZf4TUzAD9Sx0m6%2FWhetQETuu6StpVmyzhie%2Fn%2FUdsdFN0SW%2BtLpQE74IVNfszCgKVhF9oNeBiifytanSbIG0SnLff9sXffjS", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682251&Signature=z6Lrdrr5u6YZdzJaR%2B2Qab%2F%2FVA6%2FL6JaNA4%2BVxLe9wEjL%2B2ARzGBhQdq6RTX5ez3SDTWWmc%2BrOypKxxCsLeXUbjYRoIgcsSzYIxWQWoEl35tFARLVKf%2FVf%2B696U6PYQ%2F1BNWxSfuNOeUVNK2pIiMYCUjLnikvUyj9Ip3MrgKOaV9v9SShCLay93Y7b3GbAUZ2Jzy18PEYf%2FLuk4fDrqITmP2upsysOJq1MhZcJ%2", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/0da371854ec2c04bbee9680dbdabb67a4e4a84add40e5e1877425790f2dfef02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682005&Signature=SyLSFT5xdlAZ5lwNyaeDpqsMTuwGywWruel4fBOIdsyiZ%2FvtOZYr7f%2B%2BIuBmqFMAwMI4L7kB6jRtv8mVn8lmU5MUJBAG6GJdVsEp2SoexU5Yl2kTksey03ZsjBloxlJqDzf8PULDlwjfD1Ydv%2B5QFPoY3%2Fk8TKMlmmpTIw7%2FYcR24%2FHYHw78XVF2cV%2Bnb3GoDaHw%2FnpxLrDwgfZP9dWvP8V264o5l2dDfxQtF0", "https://vtbehaviour.commondatastorage.googleapis.com/5f87d5cb5921df99f335e1a8f044db15187f88aea04ecc073b310a4b9649a5e1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683851&Signature=oDNiEuOved3Q5at8LARyePhpQE3%2FjmEYRIWg4Vzp0yzifSrnwMGaujbhYJWqc8BadzAh1AhmrfOaNLGJfe8IO2Izje4ofsfex0DAAfgHm5l1vDeQWFDfgypa9%2F8sHOOgBiUlbdSDYrVdZ2Z9f8MGr8OaswhQwykG5mL3UcUwRD4heOIda%2FFZGhfCLn%2B7ksTMcuD2%2BjT%2F7IuP8kYOTQ0ZqwnDZGNQwopAFpNNouIAx0LKAjPDIO", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/2c7002510767deb9bbb0d2ee2d47be98828bf5b6e999d6cd882b1c1a1c908510_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683299&Signature=RMRBhdx9cTLEwBYgOaiBV4x03W8laZvNMUtTq68ykLCh0R5toTaD64MdSiBhgsNAZLaS8z9dPsGmVcfMC8U5sPrXXLzAt9CBPoJjT2jV40HyYrW58xs3wjf65936U00bQy9DGFrlU7xInrhEocKiXuD17i5A%2F7tdPgx74I6xY906Ua8hyOe3f5zVmaxE6zpNAonyZtoHtHmnuDLG71DTPwYyiKcGPff7glIXoNalw4ST3jQr3Ma%2Fv1Q3De", "https://vtbehaviour.commondatastorage.googleapis.com/002150c786ae1e04ab2981bf5593d926987b60b9ac699f431ed4568084dd854b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682457&Signature=eWipoH1g7AQ8zq2pd%2BpyAKrKscAY%2FebCATbHE%2FMwdvIfIy%2F4i3OFy%2FKlfaNCXDLDU0OM6JaEF73FAqGhLEb8ZcxTuEfMeU%2F6WxjpgS2SqLZ0xOjAPgPWOOor3uCcdIEZRCcpJe%2BAzPY8jEZJ0aIf49RU85lkIx9yCiXcFnee1pNHHBFwpsBK4FNuTB%2FyDe61M5Htw4fjlf43GTnXFxj0%2Fjc%2Fe32Q7EpVkuSc0I%2F3zTrY0UkC", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681490&Signature=bIUDLY2jLaPa0t0OyOiuRlKjk8VM9IFdVTwzJhuTKfuV%2BhwtwcYghSy4186P0qsGEebShI2xNNVBPSd3uQdeXMuYRDJWcyo18c12pLwgcLgaBot06%2Bfys%2BlGp%2FV%2FSCDBvdo3iLaAOesoSo8vbCLNsWAzGM5sztLl%2Beyq9%2F1oSuAvU692EiARhcufOCMFqXCn6MNuSp18gSQwkFRBadsMvHSjfHW645FvLUfiP5Egu1WuMVP2", "https://vtbehaviour.commondatastorage.googleapis.com/087975d5f3c874a6fe9cbfe9d7ee77fb0af138e3c36a6f75e3d000699afc571d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681569&Signature=C286Cg30s1QDg1lkY0jtTLfia8Fs4B%2FdqNMfidFUYXpd2si4N25G7RBqy8LODkWqBQca8rpYyZ7FIYHuRDc0wBLk%2B1rPiEXJckZIdmkyhDkFJ2jrxfNV135BZTTeF6DkLrRfWPgnxciVK%2FJrkueYnjlYhYW08OZkTu9plzgmfR2IocW5ENVaqHbcPAdm2QDCC6VVrNQp%2FP%2FjV6%2Fkm37tinRyXhg1vKSf0TVFMzL1jpYkiS5PIc", "https://vtbehaviour.commondatastorage.googleapis.com/1f1db73659fa2fe7a944d20bb4e9a867513a50ee9b51be89dfec30c73f6ed622_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682177&Signature=yjgeq7TPzf6M6Pn8mPFgBmhHQbfgGlaadZNsSsDUKq0Da4%2Bb25WhNl6nDIyUDmRBtABod6Itj2EUlbe%2B4U0QYLuJR00aQqsO%2F9pXU4AWeIFUEZhCrwgZ5WuNPpYbdVbOYcVX6oyDXpSjv1QEGmJ1NVVr%2F1esshl3tugyHxp6LFYa9%2BQeoiqsBikKLglNB52vsap%2BkwVPKyXg%2FjduMqTQd%2FhNMM41261XiBOTtUqjpzIm67", "https://vtbehaviour.commondatastorage.googleapis.com/07f5960476ab34754f3e04143caf2d4899cb09e6b271bfd27ef1f1c8977ca050_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681591&Signature=uoP10og17YxXUe0yZ8kll3N15RJJ%2Bf5pJFzW0MUe4fdvXaLlcOfCxs%2B6EyW23FSqTj%2FbNedtUC6z7Y0dgMPBtJC%2F9gOhXEZj5%2BKKwnQbCBe7GuFtEsVMMkQRdiDQxJYZipAId1MwoBChhx%2BSr%2FrboVkDq%2F%2FbNLvWS6keRMn4fa8GX%2BF0lIJepJ98sjwXs48DXBch8974olbyd38VGGp1bLMl7mycstrQ2hIy2MFXWD", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 8, "pulses": [ { "id": "69f3dd29978345cc0033cdec", "name": "CAPE Sandbox - powershell unsigned trust bypass affects arpa and msedge update", "description": "File is not signed-Microsoft Corporation. All rights reserved.\nProduct\nMicrosoft\u00ae Windows\u00ae Operating System\nDescription\nWindows PowerShell\nOriginal Name\nPowerShell.EXE\nInternal Name\nPOWERSHELL\nFile Version\n10.0.19041.546 (WinBuild.160101.0800)\nrefer to belasco chain or broken seal\nclient does not have windows", "modified": "2026-05-31T01:02:14", "created": "2026-04-30T22:52:25.691000", "tags": [ "31community", "35business", "cid1", "youtube https", "cohasset", "meta tags", "home category0", "home themecolor", "script tags" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1485", "name": "Data Destruction", "display_name": "T1485 - Data Destruction" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 718, "FileHash-SHA1": 428, "FileHash-SHA256": 1579, "URL": 720, "hostname": 612, "domain": 210, "email": 4 }, "indicator_count": 4271, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "1 day ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13d458f27a51876d7949f5", "name": "NOW BOARDING: DARK-ZERO Sheep Tracker * CAPE Sandbox", "description": "Modern threat intelligence requires moving from passive observation to active intervention. In the context of targeted tracking implants, defending civil rights means engineering systems that protect user autonomy against unauthorized data extraction. Architectural Protections:\n0-Trust Telemetry: Designing operating systems where the user owns the cryptographic root of trust.\nHardware-Enforced Isolation: Utilizing Secure Enclaves to process cryptographic keys outside the reach of a compromised kernel.\nExploit Mitigation: Implementing advanced PAC+ Memory Tagging Extensions (MTE) to stop zero-day memory corruption bugs. The holiday serves as a reminder for SOCs to uphold high ethical standards, ensuring defensive tools are never repurposed for unauthorized surveillance. Respect to all.", "modified": "2026-05-27T17:19:19.635000", "created": "2026-05-25T04:47:20.503000", "tags": [ "win32 exe", "mozilla firefox", "zip adobe", "photoshop cc", "rar adobe", "air sdk", "adobe air", "lassa2", "default", "shell folders", "inprocserver32", "parent pid", "full path", "command line", "cname", "folders", "file size", "mwdb", "accept", "shutdown", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "file type", "json", "ascii", "utf8", "sqlite version", "found", "pe file", "intel", "pe32", "ms windows", "installer", "defense evasion", "window", "title", "template", "next", "united", "performs dns", "grabber honest", "layer protocol", "attack network", "info processes", "extra info", "zenbox macos", "verdict", "guest system", "ascii text", "sigma", "creates", "t1055 process", "info dropped", "malicious", "p2404", "p11718783889", "p4de83ek69hqsh4", "p11718784848", "bazaar", "sha3384", "ssdeep", "checker", "themida", "guard", "property", "adobe device", "property name", "productname", "displayname", "destination", "root", "totalsize", "langpack", "swedish", "win32", "windows sandbox", "calls clear", "sha256", "sha1", "crc32", "size", "flash", "june", "drops pe", "crlf line", "sample", "persistence", "win64", "hook", "instructor", "kids goldadobe", "errstr", "cultureneutral", "license", "error", "code", "service", "vmprotect", "february", "back", "number", "mitre attack", "network info", "processes extra", "fri dec", "database", "initial access", "program", "overview", "overview zenbox", "ultimate file", "info file", "Nullworld", "value", "value lang", "buildinfo", "productinfo", "addremoveinfo", "displayversion", "screnshots", "United", "Swedishvpncarrierenrollment", "calls process", "writes", "png image", "rgba", "guloader", "fraud", "phishing", "install", "pdapp", "urihandler", "us tcp", "product install", "gamma", "updater", "Now boarding", "DarkZero", "Sheep Tracker" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681399&Signature=o4EIDa%2Bu5q7UzJoKBZ3SHIdTRWKGT7HIZyLxFZSLdRJV2Ng655y2X8OLnU2siFeopgWPI6Gd8nE9F9LFBFgwM%2F0ZN0FWsDls8m78y46TmhjHhykfch6G%2Buw3LPxmfbz999yBfELXQDUCNWIiGUPv%2B23aUdHnc0c5jI4Mvlz2HGA%2BHlIMjc1w1S%2BWm%2FI6ftHJdyIAh0SqMbPXqAy%2BIonExlGkoEmMBCJl3r3pfMcYzy4ai0", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681421&Signature=oUYsIo6y2ldihmETch4oPYw5nb4sHZhKRik2zGuv2h9rqu30GcV1xZHlIO9ttFa625EXOlrrILZtAhfM%2FamkTDjXZUTqn2%2BTKmgnxqOOfJU6KrJHPLE9Do7l7MEaPxX4cs8z8tWd0%2FY8sBv8sjGAIdWrT5OPv202LNN%2FiVe6mEIUMkmNr%2BG1S3Pgs6LRTjo%2BgqhEcNXT0MFUgs3I2e4AQ0TQ4FOs%2BVRY", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681469&Signature=VGjB%2F%2BCQwDtsenSFWX7YNKbe9s%2Fgcpg%2FotVlxRZ6FXuE9VXITP76QQq6L2vlSM7pfQHSnBv%2BUdwMtN3QhCxjF7Zv2PV%2FkWLnwwA3hJciWMAKiLSeKTanNshzLWnmBjN04FASFwNf6kAq4PcunHkHh2PSOGl03eem41DHA6YOIRAjI1C6hAdDvKoAqJJXuGKM%2F5Z5vzfeTaXNgCRutOhVDB4%2FcAcV9zZaRcX9Ii0IFRAZo%2Bzk7rvI", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681490&Signature=bIUDLY2jLaPa0t0OyOiuRlKjk8VM9IFdVTwzJhuTKfuV%2BhwtwcYghSy4186P0qsGEebShI2xNNVBPSd3uQdeXMuYRDJWcyo18c12pLwgcLgaBot06%2Bfys%2BlGp%2FV%2FSCDBvdo3iLaAOesoSo8vbCLNsWAzGM5sztLl%2Beyq9%2F1oSuAvU692EiARhcufOCMFqXCn6MNuSp18gSQwkFRBadsMvHSjfHW645FvLUfiP5Egu1WuMVP2", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681535&Signature=K%2BM%2FPuLQI5kqDYLWjQMD%2BgPbchxwp2sWPPUtfDZYFn5H9w%2BqFPRxh7iZqH4FOPAnwlC0%2BN5TKTqrEuhABL3gWMqHySyweiNPNkJ1MlX29xZdE482pqQSn8rzkPs7CZD63ts4ZRPrK%2Bl06RV13mZf4TUzAD9Sx0m6%2FWhetQETuu6StpVmyzhie%2Fn%2FUdsdFN0SW%2BtLpQE74IVNfszCgKVhF9oNeBiifytanSbIG0SnLff9sXffjS", "https://vtbehaviour.commondatastorage.googleapis.com/087975d5f3c874a6fe9cbfe9d7ee77fb0af138e3c36a6f75e3d000699afc571d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681569&Signature=C286Cg30s1QDg1lkY0jtTLfia8Fs4B%2FdqNMfidFUYXpd2si4N25G7RBqy8LODkWqBQca8rpYyZ7FIYHuRDc0wBLk%2B1rPiEXJckZIdmkyhDkFJ2jrxfNV135BZTTeF6DkLrRfWPgnxciVK%2FJrkueYnjlYhYW08OZkTu9plzgmfR2IocW5ENVaqHbcPAdm2QDCC6VVrNQp%2FP%2FjV6%2Fkm37tinRyXhg1vKSf0TVFMzL1jpYkiS5PIc", "https://vtbehaviour.commondatastorage.googleapis.com/07f5960476ab34754f3e04143caf2d4899cb09e6b271bfd27ef1f1c8977ca050_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681591&Signature=uoP10og17YxXUe0yZ8kll3N15RJJ%2Bf5pJFzW0MUe4fdvXaLlcOfCxs%2B6EyW23FSqTj%2FbNedtUC6z7Y0dgMPBtJC%2F9gOhXEZj5%2BKKwnQbCBe7GuFtEsVMMkQRdiDQxJYZipAId1MwoBChhx%2BSr%2FrboVkDq%2F%2FbNLvWS6keRMn4fa8GX%2BF0lIJepJ98sjwXs48DXBch8974olbyd38VGGp1bLMl7mycstrQ2hIy2MFXWD", "https://vtbehaviour.commondatastorage.googleapis.com/0da371854ec2c04bbee9680dbdabb67a4e4a84add40e5e1877425790f2dfef02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682005&Signature=SyLSFT5xdlAZ5lwNyaeDpqsMTuwGywWruel4fBOIdsyiZ%2FvtOZYr7f%2B%2BIuBmqFMAwMI4L7kB6jRtv8mVn8lmU5MUJBAG6GJdVsEp2SoexU5Yl2kTksey03ZsjBloxlJqDzf8PULDlwjfD1Ydv%2B5QFPoY3%2Fk8TKMlmmpTIw7%2FYcR24%2FHYHw78XVF2cV%2Bnb3GoDaHw%2FnpxLrDwgfZP9dWvP8V264o5l2dDfxQtF0", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682086&Signature=yzXoWEcsMl9wlTGgMQfBKEZWwnDzmua%2FR2suwDMBSqPLhunpHELcj0SzY3czM%2F9HQG9QuvYzhQRVUxR1iDaFz1BQ4YHkXJih3zm%2BcNlDcfXsOZzyYzWUhaPsbSti%2FWbFoL4E14bnS7tIuG9s9R96LkGyGpWIsT%2BPeCNhsCzD7vFRU0cPMr6vNblu%2BBiO3Ki99QSrkF4hzBxkQ7DFgba3qi7kOfal%2F2K8hC1ikcZntmn5IESW", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682105&Signature=DkIw2nRg0%2BHKmd2TpyMzcgrB%2F4s6sIVIpOEEVMqz3Csoj6PPmSGNer%2Bt5X5oYKPZQgJETAHcCRs0mh3Lfa85XEPdYk6PjMimJmKQdBstqdULgs6q7wyZEjHDhQn41ri7eQ16g7pAo9ojfhLUNp4uW2xuYvdBwYhYBsZP3EO1BKz2f3dYxSg%2Bgsn2AnC2%2BDRTIX0Xxd%2Bt44%2BkXfiY32mvDHDNDCcuT5ZDFNrHwDp3HKuuJYy7lRHm8AlK", "https://vtbehaviour.commondatastorage.googleapis.com/1f1db73659fa2fe7a944d20bb4e9a867513a50ee9b51be89dfec30c73f6ed622_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682177&Signature=yjgeq7TPzf6M6Pn8mPFgBmhHQbfgGlaadZNsSsDUKq0Da4%2Bb25WhNl6nDIyUDmRBtABod6Itj2EUlbe%2B4U0QYLuJR00aQqsO%2F9pXU4AWeIFUEZhCrwgZ5WuNPpYbdVbOYcVX6oyDXpSjv1QEGmJ1NVVr%2F1esshl3tugyHxp6LFYa9%2BQeoiqsBikKLglNB52vsap%2BkwVPKyXg%2FjduMqTQd%2FhNMM41261XiBOTtUqjpzIm67", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682206&Signature=iCbR7BcpXhfqHIoxTRE%2BvhCqRoHYALCXll0hXveh8IQOJPjxw%2BlLNas6nIvp035t6sdMg9KdOY751XfThil%2FE2mLrvir%2FwKjheK2382r5bhEQFEsa6etlla3TDjlvttEFZDUN7SSLpGao8u7uVNwrPRb0BuwYDemKKVJK6DACPbUZEHk3DZ%2Bi8SxXIdELiXG%2Bozy7oC8Dcj0HqHGYuliXpjT1mV7OsCjFXvmjZPcFH06EzZS5L", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682251&Signature=z6Lrdrr5u6YZdzJaR%2B2Qab%2F%2FVA6%2FL6JaNA4%2BVxLe9wEjL%2B2ARzGBhQdq6RTX5ez3SDTWWmc%2BrOypKxxCsLeXUbjYRoIgcsSzYIxWQWoEl35tFARLVKf%2FVf%2B696U6PYQ%2F1BNWxSfuNOeUVNK2pIiMYCUjLnikvUyj9Ip3MrgKOaV9v9SShCLay93Y7b3GbAUZ2Jzy18PEYf%2FLuk4fDrqITmP2upsysOJq1MhZcJ%2", "https://vtbehaviour.commondatastorage.googleapis.com/105f31af20fdb87d442f81aad0c3a54030b7e214c4796cf2a069bae6aa89dc65_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682395&Signature=oVg82i1yTG%2BGfhoL5FyBdK%2BZKa6wi2iWMpwHyA77jBFtAOZxw%2Bs6z6So26GWDthH7UMEzwZwQC6ENF1TLBEqXukldXMdMg%2FvNylvy7vCdDKDsw53Ibc7vKnu5T0lNumnv%2FD5vnV14QZrzAE8PG3J0S0rtheY8mNCkM6t1w52XYYm5mfnGJXsnjyMEvgURuPhzOIq9%2B%2FG7XUWFK0vK%2BlzKmZU627%2FKYkT9EWHOI8Nyx%2FJUqad%2", "https://vtbehaviour.commondatastorage.googleapis.com/002150c786ae1e04ab2981bf5593d926987b60b9ac699f431ed4568084dd854b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682457&Signature=eWipoH1g7AQ8zq2pd%2BpyAKrKscAY%2FebCATbHE%2FMwdvIfIy%2F4i3OFy%2FKlfaNCXDLDU0OM6JaEF73FAqGhLEb8ZcxTuEfMeU%2F6WxjpgS2SqLZ0xOjAPgPWOOor3uCcdIEZRCcpJe%2BAzPY8jEZJ0aIf49RU85lkIx9yCiXcFnee1pNHHBFwpsBK4FNuTB%2FyDe61M5Htw4fjlf43GTnXFxj0%2Fjc%2Fe32Q7EpVkuSc0I%2F3zTrY0UkC", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682486&Signature=ucigAmI%2BTWYWnZuZjQb7cvSnhC1f6r93NM1kh5fCHjjcUodx6ltePV2QSdyXCnhrdH8ODLugh37CFZxsAmtiMMefuyuh6T8mtuxe7znGqLiJre5YFfSQLkzmz0Ksqekcg0sp1bUaKykXguy%2BKwv6Tg12CIM7xzaDB%2BGcjw6KkBLiD0A1sB6Z9gk9np%2FNtUBHdW7E0eBfvTWOK8F99R1lQdmQab2Vha55GLH6JRBksZ7AbBEdVS8DMtkaZCS9sV", "https://vtbehaviour.commondatastorage.googleapis.com/049c8db974d1830f931d605f6918184d8928c46c74f4152dfde3dc7bdffbf5d5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682585&Signature=z2IzO8oruo5%2BmP%2BuhsnAbNLmy7QRAemblZDUm1KEgUCliIqrtWVkruuMg2tcIokmH12yIvRumIVlk5OcGjVxI%2Bb%2B3Va9LgSnD%2Bwjbe5pAs%2BDuUGTY52XSe7V9xdcRN38UeNFYy2jTLa2KYspIZ0NzHMsL0BzU5pqOWw0bAShHYc9sNx0S7a%2BSD7PiY%2BDR%2Br%2BQll9wUT%2B4EjhHrYYmmdRCa6vbIyTLcHmdw4JzmHHsLy%2Bjf", "https://vtbehaviour.commondatastorage.googleapis.com/27086c4185aa32bbc6674267b947e3f6610554188ac694ce2dbc1191a9525339_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683188&Signature=o0pfi%2Bqzc6KRiLra5kzATI2ROhjWVPHqZ7tOokv%2B9i4HwxX3m%2BpcqtYKMIFJMVk1qNFDyYwnCDfkeiva50iZyrha2F3bacitBdmnSwCEQE5xMG73RGPjQAvPps3tKMm1MDH8Rzpy65y9bdKpTSCL9%2Bt2xAk4%2BXx13XPz2GlU%2BG8Q%2FSPkCW96%2BX6c5xzWpIH%2FlXn7%2Bgl2G9QMGbrbnwD%2FfR58%2FrXIeIEJ%2F9%2BNt2W3Fr", "https://vtbehaviour.commondatastorage.googleapis.com/2c7002510767deb9bbb0d2ee2d47be98828bf5b6e999d6cd882b1c1a1c908510_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683299&Signature=RMRBhdx9cTLEwBYgOaiBV4x03W8laZvNMUtTq68ykLCh0R5toTaD64MdSiBhgsNAZLaS8z9dPsGmVcfMC8U5sPrXXLzAt9CBPoJjT2jV40HyYrW58xs3wjf65936U00bQy9DGFrlU7xInrhEocKiXuD17i5A%2F7tdPgx74I6xY906Ua8hyOe3f5zVmaxE6zpNAonyZtoHtHmnuDLG71DTPwYyiKcGPff7glIXoNalw4ST3jQr3Ma%2Fv1Q3De", "https://vtbehaviour.commondatastorage.googleapis.com/2c98a3b3752939b7c2db76682607e3918dee0edd81998279cb4528cc6c67f715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683469&Signature=oE7hEU%2FccffwWPye7wmTWT154zCmhX2wBLLWErX6yptBjSn9YXSMLMohlpsjw%2BxO5VxqobuYkMh302JzsMTg4fXVD76S9F6aOL1vRPwZx8fTGOeMoKRTMO7B0xwvo2HQCra8ds7NMqXBpbNxN%2Bi7Ez6ZOyX%2FQUyixg1Ya1G7%2FkF8sEaT8z%2B4QHLhghEUdy4%2FMYbGVFzAKhSDW9Yg%2BcPfxQLt%2BViZ", "https://vtbehaviour.commondatastorage.googleapis.com/5f87d5cb5921df99f335e1a8f044db15187f88aea04ecc073b310a4b9649a5e1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683851&Signature=oDNiEuOved3Q5at8LARyePhpQE3%2FjmEYRIWg4Vzp0yzifSrnwMGaujbhYJWqc8BadzAh1AhmrfOaNLGJfe8IO2Izje4ofsfex0DAAfgHm5l1vDeQWFDfgypa9%2F8sHOOgBiUlbdSDYrVdZ2Z9f8MGr8OaswhQwykG5mL3UcUwRD4heOIda%2FFZGhfCLn%2B7ksTMcuD2%2BjT%2F7IuP8kYOTQ0ZqwnDZGNQwopAFpNNouIAx0LKAjPDIO", "https://vtbehaviour.commondatastorage.googleapis.com/5f9b9db4e9200b4576d6e8bc2888d6e7ab28a04e66083366bcde57915eed5078_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683897&Signature=A1uHov9N8mIMBn6lVPETST7i%2F%2F3lKCkTSifHpWYQ8lqnGw3%2FwBD1QhGr1tH%2BYzg4xJYZR1vHPxcGC2biWNZtPF89Sx8FKf%2F18O4PHYJb1n7YfdP24JbV%2BkekQpomFKe66pKsf0gWQQx1zTJDWvam9HuvVTyCV9h22TLG%2FmBDvK4SftnNssRv0EkzKP9dNqTfjJdMh0Y0rIEyQdNLLo%2BLsWQbrx2yxJo6kZD%2FJC", "https://vtbehaviour.commondatastorage.googleapis.com/727dc58bb6aaf24fd82f54a11560f26e38ee0ca6bb823ea70bad33fd7c9378ef_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683965&Signature=tYhGClprbVOZuxQF%2F%2BLWEx6LfO%2Fz4pigFaLvSPYRY%2Fqg92dL8%2BWlaAyT%2FJueBiXJFPkqBYoXk0DmZNj2UfqQiv4Jy9bhRG562tGCoadI7qFVHMBOyAmGj0uMVS%2FoyY00p8UkiUah%2BiG2lZaGt6eVnE1yrGqEIpnAnUxdyxti%2BDm0vFgP5Ust7yR%2F1SAtswsFyfntj2GSgBc5z1NbueSA2uSfZsxWtxmYAm9dk%2FrUPQ47Nb5Q", "https://vtbehaviour.commondatastorage.googleapis.com/7111bb197f77eecf518b22f7a6f269647abc17eda4aaed9ba50212462b9848ed_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684045&Signature=g5SPZe7A95%2FqyMCV3ihh6MGTnXRMjhKIGP6dBCJ3OB%2FCOBrSRTz%2BpnCcdIwsJk%2Fc74E6s1DRbKJn3SszGoP7h%2FNJwXl3BIBK6KeI0zYJeOibOT%2BeU9CnCcwY%2F3bx99X3LvHRwg0Fkdg%2BJoRI620jziRVAW%2FiC1wpzeMqmJNUOHn4NsTYiMD7H8cuBnRzAZQvK2lRO5asaddU11mHkkQ963f3YOOv", "https://vtbehaviour.commondatastorage.googleapis.com/8b10c7238761ba1c98b713c673c452437c4a56794ff0e3d657cff148056c9cf1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684153&Signature=MfmLhMZdg4gtuEoE1eB%2FroqyUo2QXTJ8L6oAmpYIvTmU8BmwS6hwF0opRe4GV3ox8yxCzd2O9fsm4T7dwrkSk8fJBlqrPHibaMNPNs4QpeMOraU4O6Au5EDLlJTtDwp43nz%2FK5tqLXzJpfqCvDEnQOghFLah5YCBj8qdFtGrKfHbvyMGL70BlhpaZsmAn3Jgu6zNXCQGqz3c%2BkATkQ3XNm%2F8FiNTOFzO5TUxHqPE3NUMFglmxAJhEo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2266, "IPv4": 326, "domain": 179, "hostname": 381, "FileHash-MD5": 811, "FileHash-SHA1": 835, "URL": 815, "email": 2 }, "indicator_count": 5615, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13d450d1c0f6a31e71cef1", "name": "NOW BOARDING: DARK-ZERO Sheep Tracker * CAPE Sandbox", "description": "Modern threat intelligence requires moving from passive observation to active intervention. In the context of targeted tracking implants, defending civil rights means engineering systems that protect user autonomy against unauthorized data extraction. Architectural Protections:\n0-Trust Telemetry: Designing operating systems where the user owns the cryptographic root of trust.\nHardware-Enforced Isolation: Utilizing Secure Enclaves to process cryptographic keys outside the reach of a compromised kernel.\nExploit Mitigation: Implementing advanced PAC+ Memory Tagging Extensions (MTE) to stop zero-day memory corruption bugs. The holiday serves as a reminder for SOCs to uphold high ethical standards, ensuring defensive tools are never repurposed for unauthorized surveillance. Respect to all.", "modified": "2026-05-27T16:31:09.918000", "created": "2026-05-25T04:47:12.640000", "tags": [ "win32 exe", "mozilla firefox", "zip adobe", "photoshop cc", "rar adobe", "air sdk", "adobe air", "lassa2", "default", "shell folders", "inprocserver32", "parent pid", "full path", "command line", "cname", "folders", "file size", "mwdb", "accept", "shutdown", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "file type", "json", "ascii", "utf8", "sqlite version", "found", "pe file", "intel", "pe32", "ms windows", "installer", "defense evasion", "window", "title", "template", "next", "united", "performs dns", "grabber honest", "layer protocol", "attack network", "info processes", "extra info", "zenbox macos", "verdict", "guest system", "ascii text", "sigma", "creates", "t1055 process", "info dropped", "malicious", "p2404", "p11718783889", "p4de83ek69hqsh4", "p11718784848", "bazaar", "sha3384", "ssdeep", "checker", "themida", "guard", "property", "adobe device", "property name", "productname", "displayname", "destination", "root", "totalsize", "langpack", "swedish", "win32", "windows sandbox", "calls clear", "sha256", "sha1", "crc32", "size", "flash", "june", "drops pe", "crlf line", "sample", "persistence", "win64", "hook", "instructor", "kids goldadobe", "errstr", "cultureneutral", "license", "error", "code", "service", "vmprotect", "february", "back", "number", "mitre attack", "network info", "processes extra", "fri dec", "database", "initial access", "program", "overview", "overview zenbox", "ultimate file", "info file", "Nullworld", "value", "value lang", "buildinfo", "productinfo", "addremoveinfo", "displayversion", "screnshots", "United", "Swedishvpncarrierenrollment", "calls process", "writes", "png image", "rgba", "guloader", "fraud", "phishing", "install", "pdapp", "urihandler", "us tcp", "product install", "gamma", "updater", "Now boarding", "DarkZero", "Sheep Tracker" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681399&Signature=o4EIDa%2Bu5q7UzJoKBZ3SHIdTRWKGT7HIZyLxFZSLdRJV2Ng655y2X8OLnU2siFeopgWPI6Gd8nE9F9LFBFgwM%2F0ZN0FWsDls8m78y46TmhjHhykfch6G%2Buw3LPxmfbz999yBfELXQDUCNWIiGUPv%2B23aUdHnc0c5jI4Mvlz2HGA%2BHlIMjc1w1S%2BWm%2FI6ftHJdyIAh0SqMbPXqAy%2BIonExlGkoEmMBCJl3r3pfMcYzy4ai0", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681421&Signature=oUYsIo6y2ldihmETch4oPYw5nb4sHZhKRik2zGuv2h9rqu30GcV1xZHlIO9ttFa625EXOlrrILZtAhfM%2FamkTDjXZUTqn2%2BTKmgnxqOOfJU6KrJHPLE9Do7l7MEaPxX4cs8z8tWd0%2FY8sBv8sjGAIdWrT5OPv202LNN%2FiVe6mEIUMkmNr%2BG1S3Pgs6LRTjo%2BgqhEcNXT0MFUgs3I2e4AQ0TQ4FOs%2BVRY", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681469&Signature=VGjB%2F%2BCQwDtsenSFWX7YNKbe9s%2Fgcpg%2FotVlxRZ6FXuE9VXITP76QQq6L2vlSM7pfQHSnBv%2BUdwMtN3QhCxjF7Zv2PV%2FkWLnwwA3hJciWMAKiLSeKTanNshzLWnmBjN04FASFwNf6kAq4PcunHkHh2PSOGl03eem41DHA6YOIRAjI1C6hAdDvKoAqJJXuGKM%2F5Z5vzfeTaXNgCRutOhVDB4%2FcAcV9zZaRcX9Ii0IFRAZo%2Bzk7rvI", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681490&Signature=bIUDLY2jLaPa0t0OyOiuRlKjk8VM9IFdVTwzJhuTKfuV%2BhwtwcYghSy4186P0qsGEebShI2xNNVBPSd3uQdeXMuYRDJWcyo18c12pLwgcLgaBot06%2Bfys%2BlGp%2FV%2FSCDBvdo3iLaAOesoSo8vbCLNsWAzGM5sztLl%2Beyq9%2F1oSuAvU692EiARhcufOCMFqXCn6MNuSp18gSQwkFRBadsMvHSjfHW645FvLUfiP5Egu1WuMVP2", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681535&Signature=K%2BM%2FPuLQI5kqDYLWjQMD%2BgPbchxwp2sWPPUtfDZYFn5H9w%2BqFPRxh7iZqH4FOPAnwlC0%2BN5TKTqrEuhABL3gWMqHySyweiNPNkJ1MlX29xZdE482pqQSn8rzkPs7CZD63ts4ZRPrK%2Bl06RV13mZf4TUzAD9Sx0m6%2FWhetQETuu6StpVmyzhie%2Fn%2FUdsdFN0SW%2BtLpQE74IVNfszCgKVhF9oNeBiifytanSbIG0SnLff9sXffjS", "https://vtbehaviour.commondatastorage.googleapis.com/087975d5f3c874a6fe9cbfe9d7ee77fb0af138e3c36a6f75e3d000699afc571d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681569&Signature=C286Cg30s1QDg1lkY0jtTLfia8Fs4B%2FdqNMfidFUYXpd2si4N25G7RBqy8LODkWqBQca8rpYyZ7FIYHuRDc0wBLk%2B1rPiEXJckZIdmkyhDkFJ2jrxfNV135BZTTeF6DkLrRfWPgnxciVK%2FJrkueYnjlYhYW08OZkTu9plzgmfR2IocW5ENVaqHbcPAdm2QDCC6VVrNQp%2FP%2FjV6%2Fkm37tinRyXhg1vKSf0TVFMzL1jpYkiS5PIc", "https://vtbehaviour.commondatastorage.googleapis.com/07f5960476ab34754f3e04143caf2d4899cb09e6b271bfd27ef1f1c8977ca050_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681591&Signature=uoP10og17YxXUe0yZ8kll3N15RJJ%2Bf5pJFzW0MUe4fdvXaLlcOfCxs%2B6EyW23FSqTj%2FbNedtUC6z7Y0dgMPBtJC%2F9gOhXEZj5%2BKKwnQbCBe7GuFtEsVMMkQRdiDQxJYZipAId1MwoBChhx%2BSr%2FrboVkDq%2F%2FbNLvWS6keRMn4fa8GX%2BF0lIJepJ98sjwXs48DXBch8974olbyd38VGGp1bLMl7mycstrQ2hIy2MFXWD", "https://vtbehaviour.commondatastorage.googleapis.com/0da371854ec2c04bbee9680dbdabb67a4e4a84add40e5e1877425790f2dfef02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682005&Signature=SyLSFT5xdlAZ5lwNyaeDpqsMTuwGywWruel4fBOIdsyiZ%2FvtOZYr7f%2B%2BIuBmqFMAwMI4L7kB6jRtv8mVn8lmU5MUJBAG6GJdVsEp2SoexU5Yl2kTksey03ZsjBloxlJqDzf8PULDlwjfD1Ydv%2B5QFPoY3%2Fk8TKMlmmpTIw7%2FYcR24%2FHYHw78XVF2cV%2Bnb3GoDaHw%2FnpxLrDwgfZP9dWvP8V264o5l2dDfxQtF0", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682086&Signature=yzXoWEcsMl9wlTGgMQfBKEZWwnDzmua%2FR2suwDMBSqPLhunpHELcj0SzY3czM%2F9HQG9QuvYzhQRVUxR1iDaFz1BQ4YHkXJih3zm%2BcNlDcfXsOZzyYzWUhaPsbSti%2FWbFoL4E14bnS7tIuG9s9R96LkGyGpWIsT%2BPeCNhsCzD7vFRU0cPMr6vNblu%2BBiO3Ki99QSrkF4hzBxkQ7DFgba3qi7kOfal%2F2K8hC1ikcZntmn5IESW", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682105&Signature=DkIw2nRg0%2BHKmd2TpyMzcgrB%2F4s6sIVIpOEEVMqz3Csoj6PPmSGNer%2Bt5X5oYKPZQgJETAHcCRs0mh3Lfa85XEPdYk6PjMimJmKQdBstqdULgs6q7wyZEjHDhQn41ri7eQ16g7pAo9ojfhLUNp4uW2xuYvdBwYhYBsZP3EO1BKz2f3dYxSg%2Bgsn2AnC2%2BDRTIX0Xxd%2Bt44%2BkXfiY32mvDHDNDCcuT5ZDFNrHwDp3HKuuJYy7lRHm8AlK", "https://vtbehaviour.commondatastorage.googleapis.com/1f1db73659fa2fe7a944d20bb4e9a867513a50ee9b51be89dfec30c73f6ed622_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682177&Signature=yjgeq7TPzf6M6Pn8mPFgBmhHQbfgGlaadZNsSsDUKq0Da4%2Bb25WhNl6nDIyUDmRBtABod6Itj2EUlbe%2B4U0QYLuJR00aQqsO%2F9pXU4AWeIFUEZhCrwgZ5WuNPpYbdVbOYcVX6oyDXpSjv1QEGmJ1NVVr%2F1esshl3tugyHxp6LFYa9%2BQeoiqsBikKLglNB52vsap%2BkwVPKyXg%2FjduMqTQd%2FhNMM41261XiBOTtUqjpzIm67", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682206&Signature=iCbR7BcpXhfqHIoxTRE%2BvhCqRoHYALCXll0hXveh8IQOJPjxw%2BlLNas6nIvp035t6sdMg9KdOY751XfThil%2FE2mLrvir%2FwKjheK2382r5bhEQFEsa6etlla3TDjlvttEFZDUN7SSLpGao8u7uVNwrPRb0BuwYDemKKVJK6DACPbUZEHk3DZ%2Bi8SxXIdELiXG%2Bozy7oC8Dcj0HqHGYuliXpjT1mV7OsCjFXvmjZPcFH06EzZS5L", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682251&Signature=z6Lrdrr5u6YZdzJaR%2B2Qab%2F%2FVA6%2FL6JaNA4%2BVxLe9wEjL%2B2ARzGBhQdq6RTX5ez3SDTWWmc%2BrOypKxxCsLeXUbjYRoIgcsSzYIxWQWoEl35tFARLVKf%2FVf%2B696U6PYQ%2F1BNWxSfuNOeUVNK2pIiMYCUjLnikvUyj9Ip3MrgKOaV9v9SShCLay93Y7b3GbAUZ2Jzy18PEYf%2FLuk4fDrqITmP2upsysOJq1MhZcJ%2", "https://vtbehaviour.commondatastorage.googleapis.com/105f31af20fdb87d442f81aad0c3a54030b7e214c4796cf2a069bae6aa89dc65_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682395&Signature=oVg82i1yTG%2BGfhoL5FyBdK%2BZKa6wi2iWMpwHyA77jBFtAOZxw%2Bs6z6So26GWDthH7UMEzwZwQC6ENF1TLBEqXukldXMdMg%2FvNylvy7vCdDKDsw53Ibc7vKnu5T0lNumnv%2FD5vnV14QZrzAE8PG3J0S0rtheY8mNCkM6t1w52XYYm5mfnGJXsnjyMEvgURuPhzOIq9%2B%2FG7XUWFK0vK%2BlzKmZU627%2FKYkT9EWHOI8Nyx%2FJUqad%2", "https://vtbehaviour.commondatastorage.googleapis.com/002150c786ae1e04ab2981bf5593d926987b60b9ac699f431ed4568084dd854b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682457&Signature=eWipoH1g7AQ8zq2pd%2BpyAKrKscAY%2FebCATbHE%2FMwdvIfIy%2F4i3OFy%2FKlfaNCXDLDU0OM6JaEF73FAqGhLEb8ZcxTuEfMeU%2F6WxjpgS2SqLZ0xOjAPgPWOOor3uCcdIEZRCcpJe%2BAzPY8jEZJ0aIf49RU85lkIx9yCiXcFnee1pNHHBFwpsBK4FNuTB%2FyDe61M5Htw4fjlf43GTnXFxj0%2Fjc%2Fe32Q7EpVkuSc0I%2F3zTrY0UkC", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682486&Signature=ucigAmI%2BTWYWnZuZjQb7cvSnhC1f6r93NM1kh5fCHjjcUodx6ltePV2QSdyXCnhrdH8ODLugh37CFZxsAmtiMMefuyuh6T8mtuxe7znGqLiJre5YFfSQLkzmz0Ksqekcg0sp1bUaKykXguy%2BKwv6Tg12CIM7xzaDB%2BGcjw6KkBLiD0A1sB6Z9gk9np%2FNtUBHdW7E0eBfvTWOK8F99R1lQdmQab2Vha55GLH6JRBksZ7AbBEdVS8DMtkaZCS9sV", "https://vtbehaviour.commondatastorage.googleapis.com/049c8db974d1830f931d605f6918184d8928c46c74f4152dfde3dc7bdffbf5d5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682585&Signature=z2IzO8oruo5%2BmP%2BuhsnAbNLmy7QRAemblZDUm1KEgUCliIqrtWVkruuMg2tcIokmH12yIvRumIVlk5OcGjVxI%2Bb%2B3Va9LgSnD%2Bwjbe5pAs%2BDuUGTY52XSe7V9xdcRN38UeNFYy2jTLa2KYspIZ0NzHMsL0BzU5pqOWw0bAShHYc9sNx0S7a%2BSD7PiY%2BDR%2Br%2BQll9wUT%2B4EjhHrYYmmdRCa6vbIyTLcHmdw4JzmHHsLy%2Bjf", "https://vtbehaviour.commondatastorage.googleapis.com/27086c4185aa32bbc6674267b947e3f6610554188ac694ce2dbc1191a9525339_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683188&Signature=o0pfi%2Bqzc6KRiLra5kzATI2ROhjWVPHqZ7tOokv%2B9i4HwxX3m%2BpcqtYKMIFJMVk1qNFDyYwnCDfkeiva50iZyrha2F3bacitBdmnSwCEQE5xMG73RGPjQAvPps3tKMm1MDH8Rzpy65y9bdKpTSCL9%2Bt2xAk4%2BXx13XPz2GlU%2BG8Q%2FSPkCW96%2BX6c5xzWpIH%2FlXn7%2Bgl2G9QMGbrbnwD%2FfR58%2FrXIeIEJ%2F9%2BNt2W3Fr", "https://vtbehaviour.commondatastorage.googleapis.com/2c7002510767deb9bbb0d2ee2d47be98828bf5b6e999d6cd882b1c1a1c908510_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683299&Signature=RMRBhdx9cTLEwBYgOaiBV4x03W8laZvNMUtTq68ykLCh0R5toTaD64MdSiBhgsNAZLaS8z9dPsGmVcfMC8U5sPrXXLzAt9CBPoJjT2jV40HyYrW58xs3wjf65936U00bQy9DGFrlU7xInrhEocKiXuD17i5A%2F7tdPgx74I6xY906Ua8hyOe3f5zVmaxE6zpNAonyZtoHtHmnuDLG71DTPwYyiKcGPff7glIXoNalw4ST3jQr3Ma%2Fv1Q3De", "https://vtbehaviour.commondatastorage.googleapis.com/2c98a3b3752939b7c2db76682607e3918dee0edd81998279cb4528cc6c67f715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683469&Signature=oE7hEU%2FccffwWPye7wmTWT154zCmhX2wBLLWErX6yptBjSn9YXSMLMohlpsjw%2BxO5VxqobuYkMh302JzsMTg4fXVD76S9F6aOL1vRPwZx8fTGOeMoKRTMO7B0xwvo2HQCra8ds7NMqXBpbNxN%2Bi7Ez6ZOyX%2FQUyixg1Ya1G7%2FkF8sEaT8z%2B4QHLhghEUdy4%2FMYbGVFzAKhSDW9Yg%2BcPfxQLt%2BViZ", "https://vtbehaviour.commondatastorage.googleapis.com/5f87d5cb5921df99f335e1a8f044db15187f88aea04ecc073b310a4b9649a5e1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683851&Signature=oDNiEuOved3Q5at8LARyePhpQE3%2FjmEYRIWg4Vzp0yzifSrnwMGaujbhYJWqc8BadzAh1AhmrfOaNLGJfe8IO2Izje4ofsfex0DAAfgHm5l1vDeQWFDfgypa9%2F8sHOOgBiUlbdSDYrVdZ2Z9f8MGr8OaswhQwykG5mL3UcUwRD4heOIda%2FFZGhfCLn%2B7ksTMcuD2%2BjT%2F7IuP8kYOTQ0ZqwnDZGNQwopAFpNNouIAx0LKAjPDIO", "https://vtbehaviour.commondatastorage.googleapis.com/5f9b9db4e9200b4576d6e8bc2888d6e7ab28a04e66083366bcde57915eed5078_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683897&Signature=A1uHov9N8mIMBn6lVPETST7i%2F%2F3lKCkTSifHpWYQ8lqnGw3%2FwBD1QhGr1tH%2BYzg4xJYZR1vHPxcGC2biWNZtPF89Sx8FKf%2F18O4PHYJb1n7YfdP24JbV%2BkekQpomFKe66pKsf0gWQQx1zTJDWvam9HuvVTyCV9h22TLG%2FmBDvK4SftnNssRv0EkzKP9dNqTfjJdMh0Y0rIEyQdNLLo%2BLsWQbrx2yxJo6kZD%2FJC", "https://vtbehaviour.commondatastorage.googleapis.com/727dc58bb6aaf24fd82f54a11560f26e38ee0ca6bb823ea70bad33fd7c9378ef_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683965&Signature=tYhGClprbVOZuxQF%2F%2BLWEx6LfO%2Fz4pigFaLvSPYRY%2Fqg92dL8%2BWlaAyT%2FJueBiXJFPkqBYoXk0DmZNj2UfqQiv4Jy9bhRG562tGCoadI7qFVHMBOyAmGj0uMVS%2FoyY00p8UkiUah%2BiG2lZaGt6eVnE1yrGqEIpnAnUxdyxti%2BDm0vFgP5Ust7yR%2F1SAtswsFyfntj2GSgBc5z1NbueSA2uSfZsxWtxmYAm9dk%2FrUPQ47Nb5Q", "https://vtbehaviour.commondatastorage.googleapis.com/7111bb197f77eecf518b22f7a6f269647abc17eda4aaed9ba50212462b9848ed_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684045&Signature=g5SPZe7A95%2FqyMCV3ihh6MGTnXRMjhKIGP6dBCJ3OB%2FCOBrSRTz%2BpnCcdIwsJk%2Fc74E6s1DRbKJn3SszGoP7h%2FNJwXl3BIBK6KeI0zYJeOibOT%2BeU9CnCcwY%2F3bx99X3LvHRwg0Fkdg%2BJoRI620jziRVAW%2FiC1wpzeMqmJNUOHn4NsTYiMD7H8cuBnRzAZQvK2lRO5asaddU11mHkkQ963f3YOOv", "https://vtbehaviour.commondatastorage.googleapis.com/8b10c7238761ba1c98b713c673c452437c4a56794ff0e3d657cff148056c9cf1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684153&Signature=MfmLhMZdg4gtuEoE1eB%2FroqyUo2QXTJ8L6oAmpYIvTmU8BmwS6hwF0opRe4GV3ox8yxCzd2O9fsm4T7dwrkSk8fJBlqrPHibaMNPNs4QpeMOraU4O6Au5EDLlJTtDwp43nz%2FK5tqLXzJpfqCvDEnQOghFLah5YCBj8qdFtGrKfHbvyMGL70BlhpaZsmAn3Jgu6zNXCQGqz3c%2BkATkQ3XNm%2F8FiNTOFzO5TUxHqPE3NUMFglmxAJhEo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2266, "IPv4": 327, "domain": 178, "hostname": 372, "FileHash-MD5": 805, "FileHash-SHA1": 833, "URL": 812, "email": 2 }, "indicator_count": 5595, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a13d455f52a1c3acb3904b6", "name": "NOW BOARDING: DARK-ZERO Sheep Tracker * CAPE Sandbox", "description": "Modern threat intelligence requires moving from passive observation to active intervention. In the context of targeted tracking implants, defending civil rights means engineering systems that protect user autonomy against unauthorized data extraction. Architectural Protections:\n0-Trust Telemetry: Designing operating systems where the user owns the cryptographic root of trust.\nHardware-Enforced Isolation: Utilizing Secure Enclaves to process cryptographic keys outside the reach of a compromised kernel.\nExploit Mitigation: Implementing advanced PAC+ Memory Tagging Extensions (MTE) to stop zero-day memory corruption bugs. The holiday serves as a reminder for SOCs to uphold high ethical standards, ensuring defensive tools are never repurposed for unauthorized surveillance. Respect to all.", "modified": "2026-05-27T16:29:42.941000", "created": "2026-05-25T04:47:17.194000", "tags": [ "win32 exe", "mozilla firefox", "zip adobe", "photoshop cc", "rar adobe", "air sdk", "adobe air", "lassa2", "default", "shell folders", "inprocserver32", "parent pid", "full path", "command line", "cname", "folders", "file size", "mwdb", "accept", "shutdown", "ip address", "virustotal box", "apples sandbox", "sandbox sha256", "analysis date", "file", "operations", "process open", "write delete", "move time", "file type", "json", "ascii", "utf8", "sqlite version", "found", "pe file", "intel", "pe32", "ms windows", "installer", "defense evasion", "window", "title", "template", "next", "united", "performs dns", "grabber honest", "layer protocol", "attack network", "info processes", "extra info", "zenbox macos", "verdict", "guest system", "ascii text", "sigma", "creates", "t1055 process", "info dropped", "malicious", "p2404", "p11718783889", "p4de83ek69hqsh4", "p11718784848", "bazaar", "sha3384", "ssdeep", "checker", "themida", "guard", "property", "adobe device", "property name", "productname", "displayname", "destination", "root", "totalsize", "langpack", "swedish", "win32", "windows sandbox", "calls clear", "sha256", "sha1", "crc32", "size", "flash", "june", "drops pe", "crlf line", "sample", "persistence", "win64", "hook", "instructor", "kids goldadobe", "errstr", "cultureneutral", "license", "error", "code", "service", "vmprotect", "february", "back", "number", "mitre attack", "network info", "processes extra", "fri dec", "database", "initial access", "program", "overview", "overview zenbox", "ultimate file", "info file", "Nullworld", "value", "value lang", "buildinfo", "productinfo", "addremoveinfo", "displayversion", "screnshots", "United", "Swedishvpncarrierenrollment", "calls process", "writes", "png image", "rgba", "guloader", "fraud", "phishing", "install", "pdapp", "urihandler", "us tcp", "product install", "gamma", "updater", "Now boarding", "DarkZero", "Sheep Tracker" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681399&Signature=o4EIDa%2Bu5q7UzJoKBZ3SHIdTRWKGT7HIZyLxFZSLdRJV2Ng655y2X8OLnU2siFeopgWPI6Gd8nE9F9LFBFgwM%2F0ZN0FWsDls8m78y46TmhjHhykfch6G%2Buw3LPxmfbz999yBfELXQDUCNWIiGUPv%2B23aUdHnc0c5jI4Mvlz2HGA%2BHlIMjc1w1S%2BWm%2FI6ftHJdyIAh0SqMbPXqAy%2BIonExlGkoEmMBCJl3r3pfMcYzy4ai0", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681421&Signature=oUYsIo6y2ldihmETch4oPYw5nb4sHZhKRik2zGuv2h9rqu30GcV1xZHlIO9ttFa625EXOlrrILZtAhfM%2FamkTDjXZUTqn2%2BTKmgnxqOOfJU6KrJHPLE9Do7l7MEaPxX4cs8z8tWd0%2FY8sBv8sjGAIdWrT5OPv202LNN%2FiVe6mEIUMkmNr%2BG1S3Pgs6LRTjo%2BgqhEcNXT0MFUgs3I2e4AQ0TQ4FOs%2BVRY", "https://vtbehaviour.commondatastorage.googleapis.com/036d1a174e3ef9a15c8075248958c4f36d8817573ef3f6f12c62850976b32737_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681469&Signature=VGjB%2F%2BCQwDtsenSFWX7YNKbe9s%2Fgcpg%2FotVlxRZ6FXuE9VXITP76QQq6L2vlSM7pfQHSnBv%2BUdwMtN3QhCxjF7Zv2PV%2FkWLnwwA3hJciWMAKiLSeKTanNshzLWnmBjN04FASFwNf6kAq4PcunHkHh2PSOGl03eem41DHA6YOIRAjI1C6hAdDvKoAqJJXuGKM%2F5Z5vzfeTaXNgCRutOhVDB4%2FcAcV9zZaRcX9Ii0IFRAZo%2Bzk7rvI", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox%20macOS.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681490&Signature=bIUDLY2jLaPa0t0OyOiuRlKjk8VM9IFdVTwzJhuTKfuV%2BhwtwcYghSy4186P0qsGEebShI2xNNVBPSd3uQdeXMuYRDJWcyo18c12pLwgcLgaBot06%2Bfys%2BlGp%2FV%2FSCDBvdo3iLaAOesoSo8vbCLNsWAzGM5sztLl%2Beyq9%2F1oSuAvU692EiARhcufOCMFqXCn6MNuSp18gSQwkFRBadsMvHSjfHW645FvLUfiP5Egu1WuMVP2", "https://vtbehaviour.commondatastorage.googleapis.com/05eff75186e681b14135ce2945d124664260e5a88e0d14f138050d622d82745a_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681535&Signature=K%2BM%2FPuLQI5kqDYLWjQMD%2BgPbchxwp2sWPPUtfDZYFn5H9w%2BqFPRxh7iZqH4FOPAnwlC0%2BN5TKTqrEuhABL3gWMqHySyweiNPNkJ1MlX29xZdE482pqQSn8rzkPs7CZD63ts4ZRPrK%2Bl06RV13mZf4TUzAD9Sx0m6%2FWhetQETuu6StpVmyzhie%2Fn%2FUdsdFN0SW%2BtLpQE74IVNfszCgKVhF9oNeBiifytanSbIG0SnLff9sXffjS", "https://vtbehaviour.commondatastorage.googleapis.com/087975d5f3c874a6fe9cbfe9d7ee77fb0af138e3c36a6f75e3d000699afc571d_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681569&Signature=C286Cg30s1QDg1lkY0jtTLfia8Fs4B%2FdqNMfidFUYXpd2si4N25G7RBqy8LODkWqBQca8rpYyZ7FIYHuRDc0wBLk%2B1rPiEXJckZIdmkyhDkFJ2jrxfNV135BZTTeF6DkLrRfWPgnxciVK%2FJrkueYnjlYhYW08OZkTu9plzgmfR2IocW5ENVaqHbcPAdm2QDCC6VVrNQp%2FP%2FjV6%2Fkm37tinRyXhg1vKSf0TVFMzL1jpYkiS5PIc", "https://vtbehaviour.commondatastorage.googleapis.com/07f5960476ab34754f3e04143caf2d4899cb09e6b271bfd27ef1f1c8977ca050_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779681591&Signature=uoP10og17YxXUe0yZ8kll3N15RJJ%2Bf5pJFzW0MUe4fdvXaLlcOfCxs%2B6EyW23FSqTj%2FbNedtUC6z7Y0dgMPBtJC%2F9gOhXEZj5%2BKKwnQbCBe7GuFtEsVMMkQRdiDQxJYZipAId1MwoBChhx%2BSr%2FrboVkDq%2F%2FbNLvWS6keRMn4fa8GX%2BF0lIJepJ98sjwXs48DXBch8974olbyd38VGGp1bLMl7mycstrQ2hIy2MFXWD", "https://vtbehaviour.commondatastorage.googleapis.com/0da371854ec2c04bbee9680dbdabb67a4e4a84add40e5e1877425790f2dfef02_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682005&Signature=SyLSFT5xdlAZ5lwNyaeDpqsMTuwGywWruel4fBOIdsyiZ%2FvtOZYr7f%2B%2BIuBmqFMAwMI4L7kB6jRtv8mVn8lmU5MUJBAG6GJdVsEp2SoexU5Yl2kTksey03ZsjBloxlJqDzf8PULDlwjfD1Ydv%2B5QFPoY3%2Fk8TKMlmmpTIw7%2FYcR24%2FHYHw78XVF2cV%2Bnb3GoDaHw%2FnpxLrDwgfZP9dWvP8V264o5l2dDfxQtF0", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682086&Signature=yzXoWEcsMl9wlTGgMQfBKEZWwnDzmua%2FR2suwDMBSqPLhunpHELcj0SzY3czM%2F9HQG9QuvYzhQRVUxR1iDaFz1BQ4YHkXJih3zm%2BcNlDcfXsOZzyYzWUhaPsbSti%2FWbFoL4E14bnS7tIuG9s9R96LkGyGpWIsT%2BPeCNhsCzD7vFRU0cPMr6vNblu%2BBiO3Ki99QSrkF4hzBxkQ7DFgba3qi7kOfal%2F2K8hC1ikcZntmn5IESW", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682105&Signature=DkIw2nRg0%2BHKmd2TpyMzcgrB%2F4s6sIVIpOEEVMqz3Csoj6PPmSGNer%2Bt5X5oYKPZQgJETAHcCRs0mh3Lfa85XEPdYk6PjMimJmKQdBstqdULgs6q7wyZEjHDhQn41ri7eQ16g7pAo9ojfhLUNp4uW2xuYvdBwYhYBsZP3EO1BKz2f3dYxSg%2Bgsn2AnC2%2BDRTIX0Xxd%2Bt44%2BkXfiY32mvDHDNDCcuT5ZDFNrHwDp3HKuuJYy7lRHm8AlK", "https://vtbehaviour.commondatastorage.googleapis.com/1f1db73659fa2fe7a944d20bb4e9a867513a50ee9b51be89dfec30c73f6ed622_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682177&Signature=yjgeq7TPzf6M6Pn8mPFgBmhHQbfgGlaadZNsSsDUKq0Da4%2Bb25WhNl6nDIyUDmRBtABod6Itj2EUlbe%2B4U0QYLuJR00aQqsO%2F9pXU4AWeIFUEZhCrwgZ5WuNPpYbdVbOYcVX6oyDXpSjv1QEGmJ1NVVr%2F1esshl3tugyHxp6LFYa9%2BQeoiqsBikKLglNB52vsap%2BkwVPKyXg%2FjduMqTQd%2FhNMM41261XiBOTtUqjpzIm67", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682206&Signature=iCbR7BcpXhfqHIoxTRE%2BvhCqRoHYALCXll0hXveh8IQOJPjxw%2BlLNas6nIvp035t6sdMg9KdOY751XfThil%2FE2mLrvir%2FwKjheK2382r5bhEQFEsa6etlla3TDjlvttEFZDUN7SSLpGao8u7uVNwrPRb0BuwYDemKKVJK6DACPbUZEHk3DZ%2Bi8SxXIdELiXG%2Bozy7oC8Dcj0HqHGYuliXpjT1mV7OsCjFXvmjZPcFH06EzZS5L", "https://vtbehaviour.commondatastorage.googleapis.com/17c1908439bc7132f6a7c496c68d39b0c0cee504fe9020c920a2d1d04685fb5b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682251&Signature=z6Lrdrr5u6YZdzJaR%2B2Qab%2F%2FVA6%2FL6JaNA4%2BVxLe9wEjL%2B2ARzGBhQdq6RTX5ez3SDTWWmc%2BrOypKxxCsLeXUbjYRoIgcsSzYIxWQWoEl35tFARLVKf%2FVf%2B696U6PYQ%2F1BNWxSfuNOeUVNK2pIiMYCUjLnikvUyj9Ip3MrgKOaV9v9SShCLay93Y7b3GbAUZ2Jzy18PEYf%2FLuk4fDrqITmP2upsysOJq1MhZcJ%2", "https://vtbehaviour.commondatastorage.googleapis.com/105f31af20fdb87d442f81aad0c3a54030b7e214c4796cf2a069bae6aa89dc65_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682395&Signature=oVg82i1yTG%2BGfhoL5FyBdK%2BZKa6wi2iWMpwHyA77jBFtAOZxw%2Bs6z6So26GWDthH7UMEzwZwQC6ENF1TLBEqXukldXMdMg%2FvNylvy7vCdDKDsw53Ibc7vKnu5T0lNumnv%2FD5vnV14QZrzAE8PG3J0S0rtheY8mNCkM6t1w52XYYm5mfnGJXsnjyMEvgURuPhzOIq9%2B%2FG7XUWFK0vK%2BlzKmZU627%2FKYkT9EWHOI8Nyx%2FJUqad%2", "https://vtbehaviour.commondatastorage.googleapis.com/002150c786ae1e04ab2981bf5593d926987b60b9ac699f431ed4568084dd854b_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682457&Signature=eWipoH1g7AQ8zq2pd%2BpyAKrKscAY%2FebCATbHE%2FMwdvIfIy%2F4i3OFy%2FKlfaNCXDLDU0OM6JaEF73FAqGhLEb8ZcxTuEfMeU%2F6WxjpgS2SqLZ0xOjAPgPWOOor3uCcdIEZRCcpJe%2BAzPY8jEZJ0aIf49RU85lkIx9yCiXcFnee1pNHHBFwpsBK4FNuTB%2FyDe61M5Htw4fjlf43GTnXFxj0%2Fjc%2Fe32Q7EpVkuSc0I%2F3zTrY0UkC", "https://vtbehaviour.commondatastorage.googleapis.com/492dc39e7752dccfd15f588054991277e6548b794b28a03f42b9cee132eebd2e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682486&Signature=ucigAmI%2BTWYWnZuZjQb7cvSnhC1f6r93NM1kh5fCHjjcUodx6ltePV2QSdyXCnhrdH8ODLugh37CFZxsAmtiMMefuyuh6T8mtuxe7znGqLiJre5YFfSQLkzmz0Ksqekcg0sp1bUaKykXguy%2BKwv6Tg12CIM7xzaDB%2BGcjw6KkBLiD0A1sB6Z9gk9np%2FNtUBHdW7E0eBfvTWOK8F99R1lQdmQab2Vha55GLH6JRBksZ7AbBEdVS8DMtkaZCS9sV", "https://vtbehaviour.commondatastorage.googleapis.com/049c8db974d1830f931d605f6918184d8928c46c74f4152dfde3dc7bdffbf5d5_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779682585&Signature=z2IzO8oruo5%2BmP%2BuhsnAbNLmy7QRAemblZDUm1KEgUCliIqrtWVkruuMg2tcIokmH12yIvRumIVlk5OcGjVxI%2Bb%2B3Va9LgSnD%2Bwjbe5pAs%2BDuUGTY52XSe7V9xdcRN38UeNFYy2jTLa2KYspIZ0NzHMsL0BzU5pqOWw0bAShHYc9sNx0S7a%2BSD7PiY%2BDR%2Br%2BQll9wUT%2B4EjhHrYYmmdRCa6vbIyTLcHmdw4JzmHHsLy%2Bjf", "https://vtbehaviour.commondatastorage.googleapis.com/27086c4185aa32bbc6674267b947e3f6610554188ac694ce2dbc1191a9525339_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683188&Signature=o0pfi%2Bqzc6KRiLra5kzATI2ROhjWVPHqZ7tOokv%2B9i4HwxX3m%2BpcqtYKMIFJMVk1qNFDyYwnCDfkeiva50iZyrha2F3bacitBdmnSwCEQE5xMG73RGPjQAvPps3tKMm1MDH8Rzpy65y9bdKpTSCL9%2Bt2xAk4%2BXx13XPz2GlU%2BG8Q%2FSPkCW96%2BX6c5xzWpIH%2FlXn7%2Bgl2G9QMGbrbnwD%2FfR58%2FrXIeIEJ%2F9%2BNt2W3Fr", "https://vtbehaviour.commondatastorage.googleapis.com/2c7002510767deb9bbb0d2ee2d47be98828bf5b6e999d6cd882b1c1a1c908510_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683299&Signature=RMRBhdx9cTLEwBYgOaiBV4x03W8laZvNMUtTq68ykLCh0R5toTaD64MdSiBhgsNAZLaS8z9dPsGmVcfMC8U5sPrXXLzAt9CBPoJjT2jV40HyYrW58xs3wjf65936U00bQy9DGFrlU7xInrhEocKiXuD17i5A%2F7tdPgx74I6xY906Ua8hyOe3f5zVmaxE6zpNAonyZtoHtHmnuDLG71DTPwYyiKcGPff7glIXoNalw4ST3jQr3Ma%2Fv1Q3De", "https://vtbehaviour.commondatastorage.googleapis.com/2c98a3b3752939b7c2db76682607e3918dee0edd81998279cb4528cc6c67f715_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683469&Signature=oE7hEU%2FccffwWPye7wmTWT154zCmhX2wBLLWErX6yptBjSn9YXSMLMohlpsjw%2BxO5VxqobuYkMh302JzsMTg4fXVD76S9F6aOL1vRPwZx8fTGOeMoKRTMO7B0xwvo2HQCra8ds7NMqXBpbNxN%2Bi7Ez6ZOyX%2FQUyixg1Ya1G7%2FkF8sEaT8z%2B4QHLhghEUdy4%2FMYbGVFzAKhSDW9Yg%2BcPfxQLt%2BViZ", "https://vtbehaviour.commondatastorage.googleapis.com/5f87d5cb5921df99f335e1a8f044db15187f88aea04ecc073b310a4b9649a5e1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683851&Signature=oDNiEuOved3Q5at8LARyePhpQE3%2FjmEYRIWg4Vzp0yzifSrnwMGaujbhYJWqc8BadzAh1AhmrfOaNLGJfe8IO2Izje4ofsfex0DAAfgHm5l1vDeQWFDfgypa9%2F8sHOOgBiUlbdSDYrVdZ2Z9f8MGr8OaswhQwykG5mL3UcUwRD4heOIda%2FFZGhfCLn%2B7ksTMcuD2%2BjT%2F7IuP8kYOTQ0ZqwnDZGNQwopAFpNNouIAx0LKAjPDIO", "https://vtbehaviour.commondatastorage.googleapis.com/5f9b9db4e9200b4576d6e8bc2888d6e7ab28a04e66083366bcde57915eed5078_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683897&Signature=A1uHov9N8mIMBn6lVPETST7i%2F%2F3lKCkTSifHpWYQ8lqnGw3%2FwBD1QhGr1tH%2BYzg4xJYZR1vHPxcGC2biWNZtPF89Sx8FKf%2F18O4PHYJb1n7YfdP24JbV%2BkekQpomFKe66pKsf0gWQQx1zTJDWvam9HuvVTyCV9h22TLG%2FmBDvK4SftnNssRv0EkzKP9dNqTfjJdMh0Y0rIEyQdNLLo%2BLsWQbrx2yxJo6kZD%2FJC", "https://vtbehaviour.commondatastorage.googleapis.com/727dc58bb6aaf24fd82f54a11560f26e38ee0ca6bb823ea70bad33fd7c9378ef_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779683965&Signature=tYhGClprbVOZuxQF%2F%2BLWEx6LfO%2Fz4pigFaLvSPYRY%2Fqg92dL8%2BWlaAyT%2FJueBiXJFPkqBYoXk0DmZNj2UfqQiv4Jy9bhRG562tGCoadI7qFVHMBOyAmGj0uMVS%2FoyY00p8UkiUah%2BiG2lZaGt6eVnE1yrGqEIpnAnUxdyxti%2BDm0vFgP5Ust7yR%2F1SAtswsFyfntj2GSgBc5z1NbueSA2uSfZsxWtxmYAm9dk%2FrUPQ47Nb5Q", "https://vtbehaviour.commondatastorage.googleapis.com/7111bb197f77eecf518b22f7a6f269647abc17eda4aaed9ba50212462b9848ed_VirusTotal%20Box%20of%20Apples.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684045&Signature=g5SPZe7A95%2FqyMCV3ihh6MGTnXRMjhKIGP6dBCJ3OB%2FCOBrSRTz%2BpnCcdIwsJk%2Fc74E6s1DRbKJn3SszGoP7h%2FNJwXl3BIBK6KeI0zYJeOibOT%2BeU9CnCcwY%2F3bx99X3LvHRwg0Fkdg%2BJoRI620jziRVAW%2FiC1wpzeMqmJNUOHn4NsTYiMD7H8cuBnRzAZQvK2lRO5asaddU11mHkkQ963f3YOOv", "https://vtbehaviour.commondatastorage.googleapis.com/8b10c7238761ba1c98b713c673c452437c4a56794ff0e3d657cff148056c9cf1_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779684153&Signature=MfmLhMZdg4gtuEoE1eB%2FroqyUo2QXTJ8L6oAmpYIvTmU8BmwS6hwF0opRe4GV3ox8yxCzd2O9fsm4T7dwrkSk8fJBlqrPHibaMNPNs4QpeMOraU4O6Au5EDLlJTtDwp43nz%2FK5tqLXzJpfqCvDEnQOghFLah5YCBj8qdFtGrKfHbvyMGL70BlhpaZsmAn3Jgu6zNXCQGqz3c%2BkATkQ3XNm%2F8FiNTOFzO5TUxHqPE3NUMFglmxAJhEo" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1091", "name": "Replication Through Removable Media", "display_name": "T1091 - Replication Through Removable Media" }, { "id": "T1120", "name": "Peripheral Device Discovery", "display_name": "T1120 - Peripheral Device Discovery" }, { "id": "T1014", "name": "Rootkit", "display_name": "T1014 - Rootkit" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1539", "name": "Steal Web Session Cookie", "display_name": "T1539 - Steal Web Session Cookie" }, { "id": "T1542", "name": "Pre-OS Boot", "display_name": "T1542 - Pre-OS Boot" }, { "id": "T1548", "name": "Abuse Elevation Control Mechanism", "display_name": "T1548 - Abuse Elevation Control Mechanism" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1569", "name": "System Services", "display_name": "T1569 - System Services" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2266, "IPv4": 327, "domain": 178, "hostname": 382, "FileHash-MD5": 805, "FileHash-SHA1": 833, "URL": 816, "email": 2 }, "indicator_count": 5609, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "5 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7c0f0657edc9c6d735", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-14T11:55:50.332000", "created": "2026-04-04T19:46:04.113000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2971, "URL": 388, "domain": 356, "hostname": 141, "FileHash-MD5": 25, "FileHash-SHA1": 21, "IPv4": 2 }, "indicator_count": 3904, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "18 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7bc549fa66f964d19b", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-04T19:25:55.402000", "created": "2026-04-04T19:46:03.621000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 2469, "URL": 287, "domain": 281, "hostname": 110 }, "indicator_count": 3183, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7d00b0ea85aaf98736", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-04T19:25:55.402000", "created": "2026-04-04T19:46:05.954000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 2469, "URL": 287, "domain": 281, "hostname": 110 }, "indicator_count": 3183, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d16a7d28330920cf77f5b0", "name": "VirusTotal report\n for run.sh", "description": "A full report on the Bourne-Again malware, published on 18 October, 2016. \u00c2\u00a31.5m (\u20ac2.4m; $3.6m).", "modified": "2026-05-04T19:25:55.402000", "created": "2026-04-04T19:46:05.437000", "tags": [ "file type", "ascii", "ascii text", "c source", "python", "python script", "writes shell", "html document", "sample", "posix shell", "persistence", "info", "linuxunix shell", "perl script", "shell", "mitre attack", "overview", "dropped info", "processes extra", "overview zenbox", "linux verdict", "guest system", "ultimate file", "info file", "malicious", "next", "java source", "crlf line", "sgml document", "certificate", "version3", "java keystore", "fraud", "network info", "unicode text", "utf8 text", "png image", "window" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/a711ab9f034ec8f7e6af1f3d2038912744b7633fa6722d9836965742dee6d6a2_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331684&Signature=c5WpYuxTIbVivjy9twSEEFcaF8XNBTwVhnJlSlxi23MOgSHpgwXbHsfE6flrpICVrApX5aa%2FM9SEhNMSNrqfZfffeKVVlSP5HK83DIz5cX7zxj3e6QUJBxfzYTehKIu7PboV3pv7iqaiKuTSoAuVB7SO3q0cmLVdmj0CwgVl%2Bxb2uk8cAuHSozlNlUQTtKp4kj%2B7vXJ8Cu0R8tEldXA9lnQ2YHfdanefJ6U495%2B%2FoBB4eckkj1On", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775331990&Signature=xR4cCaqYva2bIYOcAYm48EanAq0MTwsTs8BeXhQOE0MrQatTTXDq8gR5ixARCa3GTu2zx8spFdfiUylsmJCarhu8D5vIEuQQ3UD02scWNSGkAu8HiPX2hmMd7Cbni5nWDZIHfI4%2BKCrW8SHDXTrKzyIVfRPxixWVBic9Yaidd1Oqa3KEls3bG28By6k5H1Rd1Qf27epwdP%2BUjrjgpKlmK5tO%2FP7kK1x%2FtMv3w6R4sjLiHATrIjPgoD", "https://vtbehaviour.commondatastorage.googleapis.com/deeb5ee27b4a740fb22423f0b54253f44fbc1c879569748aae9886f4a9113ec1_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332051&Signature=Bo5b49qay%2F21SiP8bhvZJkYRuw%2BLHz1dfkvJnnEemMii%2F%2FNHk09bmq75u0v2tYMhruii4ncU%2BzXle2POGINpkNmed9FGVbpw3iSzCD9QQKvPuXK0ble2ocVUSZR5vo8vNEV9cS89z1r%2BYqpO3XyS7u%2BajghqNocwpRoq3dwURQqQEqC7II07YOa%2FRpjFQooyWMmOwKC9I%2Fny%2FUmw0%2BDrgg20Kf%2FNsuAzOZLMrdO2o%2B3z", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332091&Signature=CpWTTwCL%2FHBNW7gUdVTGV%2BaYfdffmVnwTljmRJrMAWNVTHZxyiho8OCuzbtyaSxy12vi8YVQ3DzfT8iWx74O9dBqvZgm5NXwFxgPE3qT7MSzykVmuGB9J00pmU2mZCTWSK6Vkm1KQxSJOEYfMu3aaL3P42m84wWdxFDLlEQl2rsllq4t0ADGNFSPSqAXvC6SBm%2F16y8gRzM9dYJ%2B%2FCjznOtd1vc2jV8%2BvjNPi1oJyyEbt2jnI4", "https://vtbehaviour.commondatastorage.googleapis.com/1a0c03d5766301f341ed160511b7442d063a320d6aa4ffd6bbec89a809059d09_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332117&Signature=QrQhWy6CHNIt4LrFDW8Us3KA0iRKZQsz1n3Grrkp%2FAFqaB1bg7YxB2%2F9WZxBzZ6PMwIWuUdgioXJFXzRQQ55c%2BCI5rBOGF290mKickctOopJ%2FIZ%2FS4MrYScbePx7GxujMl%2BBt0UT1MtozDTOja6QP2MBW5H2mbH5A5PYPJtpn4MwwQg6iUy4IAaEx9FeiJYrpkqvLSzsoq8uDCVv9GGvwXhzWDaOGvzxpSMsY%2BEZ0ti5z1hk8TsA2nI9", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox%20Linux.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332153&Signature=dgkLQ0GIqiF%2Fxe%2BVGzHTZfBQIbpzMfUfH2TTP0G%2FfiVlTXg8BMGx7TyX9WTGlpu6ejWe2xalYze6ohM5Fjaw86Z%2BhmeXwhayr3CfV%2F8EJzusPyOM03QF5IR1ftbWe5tFyxcV0TtA1S5PehVGZRHYHV%2FpOG%2BbzR1Dcn2z2u0I72hZ%2F7X5nKoHtBjRMDvZnZneoi%2FAI9C2DMtsZemC3g7FLaEM6BV1JXkzjSoeH01LFLze", "https://vtbehaviour.commondatastorage.googleapis.com/6ff69fa3791b2fa97f24d4bf813c0482afa79961203ba0251fd98328c96ed36e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1775332172&Signature=AEpI2boARQpxEdX1svqF6ucRMxm96JGdMomcZOTdUlwdGfdyyB8kDhkui3aHlFIFUijkXBGRDLpG4%2FEFvHiA4JDASaFT7MuYUgw%2Fy7xLA5S28HNLgqEqzGb4TSOa58v0WxA0YOpEEs8i8Umx7Kx6LM7C5R9OI50lKO9ma917WLa3ugyTqBnXCqx9Rgb7OwRuWGCAnqNUqjSXub0XMP8HEgzkgzPRzOZkoSA07gn7t6bTHV4QLuqEHqQX3YZPbSI3ld" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1064", "name": "Scripting", "display_name": "T1064 - Scripting" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1222", "name": "File and Directory Permissions Modification", "display_name": "T1222 - File and Directory Permissions Modification" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1543", "name": "Create or Modify System Process", "display_name": "T1543 - Create or Modify System Process" }, { "id": "T1010", "name": "Application Window Discovery", "display_name": "T1010 - Application Window Discovery" }, { "id": "T1560", "name": "Archive Collected Data", "display_name": "T1560 - Archive Collected Data" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 18, "FileHash-SHA1": 18, "FileHash-SHA256": 2469, "URL": 287, "domain": 281, "hostname": 110 }, "indicator_count": 3183, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "28 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "xmlsoft.org", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "xmlsoft.org", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780351009.6680899 }