← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
08.31.23 - WTH UA - azure settings.json by jwanihad - updated - 09.23.25
WHITE Disable_Duck 2025-09-23 Modified: 2025-10-23
448
IOCs
HIGH VOLUME
This collection is based off a graph created by miniuser (2025) based on several samples I provided to the OG creator & Cybersecurity Expert. Related to Pulse: 'Ghost' in LevelBlueCyber OTX 2096 Related to 1-2+ Azure/Entra Tenants
entitypleasejavascript
Indicators of Compromise (43 / 448 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL http://alertcleaning.com/ 2025-09-23
URL http://apsc.ca/ 2025-09-23
URL http://calendar-app.virtosoftware.com/ 2025-09-23
URL http://date1line.com/ 2025-09-23
URL http://elsa.benoitbawles.info/ 2025-09-23
URL http://em.ma/ 2025-09-23
URL http://email.com/ 2025-09-23
URL http://fuse.net/ 2025-09-23
URL http://gdf.ads/ 2025-09-23
URL http://grigori23.gi/ 2025-09-23
URL http://he.l.en.ee.va/ 2025-09-23
URL http://invinity.com/ 2025-09-23
URL http://julia.sherkhun.info/ 2025-09-23
URL http://live.ca/ 2025-09-23
URL http://pdf.apps-encodian.com/ 2025-09-23
URL http://xt2scrc7qj3lvdacyfhqzm6n66lojoel.onsjzji.1.0.komu5z3k5rbhaysndepybvfnsolwsqpl7qhwqya.mlg5m14.dns0.org/ 2025-09-23
URL https://anemobro.com/signin-microsoft 2025-09-23
URL http://anemobro.azurewebsites.net/ 2025-09-23
URL http://bitly.ws/BcrL 2025-09-23
URL http://careers.cognizant.com/ 2025-09-23
URL http://careers.idexx.com/ 2025-09-23
URL http://careers.tripadvisor.com/ 2025-09-23
URL http://clients2.google.com/time/1/current?cup2key=8:G_nhUJF9NNwBBtawlgX6jdAlEqgY44pOQ1PXCo5neEs&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 2025-09-23
URL http://crl.xii.tcclass2-ii.trustcenter.de/ 2025-09-23
URL http://eclass.srv.ualberta.ca/ 2025-09-23
URL http://galeapps.gale.com/ 2025-09-23
URL http://hhnyouth.powerappsportals.com/ 2025-09-23
URL http://icicibank.com/ 2025-09-23
URL http://itworkx.powerappsportals.com/ 2025-09-23
URL http://login.ualberta.ca/ 2025-09-23
URL http://mail.gmail.com/ 2025-09-23
URL http://ns2.phicdn.net/ 2025-09-23
URL http://ns4.phicdn.net/ 2025-09-23
URL http://o365.servicecommunications.microsoft.com/ 2025-09-23
URL http://powerbi.microsoft.com/ 2025-09-23
URL http://recruitment.edmonton.ca/ 2025-09-23
URL http://tscp-aia.symauth.com/ 2025-09-23
URL http://webapp-conceptincsb365-launch-ecsd.azurewebsites.net/ 2025-09-23
URL http://www.chem.ualberta.ca/courses/Chem211/ 2025-09-23
URL http://x1.c.lencr.org/ 2025-09-23
URL https://app.powerbi.com/embedsetup/SignInRedirect 2025-09-23
URL https://eclass.srv.ualberta.ca/admin/tool/mobile/launch.php?service=moodle_mobile_app&passport=721.8424207530916&urlscheme=mmeclass 2025-09-23
URL https://management.azure.com/subscriptions/60289dc3-9d33-4ddb-b715-256b0fa214d8/resourceGroups/site-recovery-vault-rg/providers/Microsoft.Automation/automationAccounts/site-reco-a60-asr-automationaccount 2025-09-23
References (3)
↗ https://www.virustotal.com/graph/embed/g6e7ccf47fdd04a7487e54d1c35142f4cb0280a685f78403ca3aa49cfaeb91e97?theme=dark ↗ https://www.virustotal.com/gui/collection/0f562e5b2effefec9eaa30f081ec027330fcccdca4e399bcc29c802d9731d286/summary ↗ https://tria.ge/250729-wr59yabk7y