{ "type": "Domain", "indicator": "0a.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/0a.com", "alexa": "http://www.alexa.com/siteinfo/0a.com", "indicator": "0a.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4290757329, "indicator": "0a.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "6a10e8d0c46d08b820206d6c", "name": "Emotet - dating back to before 2019. CAPE Sandbox", "description": "[ Cuckoo is a computer program that runs on an operating system (KVM) and can be run on a desktop or a mobile device (also known as a virtual assistant)]", "modified": "2026-05-23T05:14:22.248000", "created": "2026-05-22T23:37:52.466000", "tags": [ "default", "jjjj", "settingswpad", "dos mode", "payload", "file type", "file size", "mwdb", "bazaar", "sha3384", "emotet", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/008a6413800ef811244f0807e0943df22ba724ed674c03bfc5b57d820c27a632_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779493221&Signature=K7tHlM4p%2FfG1TSV%2FfZASKdmBWp3Se3XBQN%2Fa14YDnlL0ZljOfWTPQ9t%2Bd2aP5K7YN8vKmT4RJJhl7HH4LqZQMp8GIbPe5r%2BM2C1L86LMrE41%2BkG%2Ff1kcZsSCFPfosyqdsDy8WxtnzsLYBOZXWqnqwDaIMQTY03ypckO20Z4rHEcTZV6YKBDggWJQaRNhggjm6jAVXSTzJY9dX0l5Ihm4Qn%2F1hmi80T4VkqsWvPH%2B5dGv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 69, "FileHash-SHA1": 36, "FileHash-SHA256": 1530, "IPv4": 8385, "domain": 631, "URL": 160, "hostname": 6900, "CIDR": 7 }, "indicator_count": 17718, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ce347222098a7c1739af70", "name": "Facebook Warns Users After Adobe Breach – Krebs on Security", "description": "The following is a guide to key key information found in the 2013 Adobe data leak, as well as the key details of key passwords and other key data, which were leaked to the public and shared online.- they clue was in the oa oa (auth) / or oa (adobe office) - more to come.", "modified": "2026-05-02T00:08:01.198000", "created": "2026-04-02T09:18:42.940000", "tags": [ "graham cluley", "adobe", "factors", "codebook", "2 list", "ecb mode", "triple des", "key strings", "facebook", "nancarrow", "adobe data", "jay nancarrow", "paul ducklin", "sophos", "adobe account", "update", "sunday", "woopie", "\u2019m", "hummmmmm", "been", "guardio", "password", "sponsored get", "me api", "out dashboard", "october", "recommended", "actions", "adobe breach", "levelblue", "alienvault", "enter", "otx platform", "electronic", "adobe ecb", "unix", "usenet", "said", "stanford", "msdos", "lisp", "sail", "teco", "hacker", "term", "stack", "core", "hack", "flame", "worm", "uucp", "acronym", "crunch", "shell", "advent", "close", "choke", "crash", "demon", "phase", "eris", "glitch", "hello", "trash", "open", "nanobot", "magic", "cracker", "blast", "burn", "cray", "bogus", "bounce", "meta", "copyleft", "dragon", "phantom", "mango", "iron", "waldo", "funky", "grovel", "rogue", "life", "back", "slime", "knight", "spin", "chad", "cookie", "empire", "discord", "flytrap", "june", "problem", "mutter", "tick", "storm", "music", "trivial", "push", "window", "drives", "jack", "yoyo", "general", "dirty", "ping", "benchmark", "shift", "blazer", "false", "damage", "horror", "tron", "anchor", "download", "snoopy", "enterprise", "mind", "epsilon", "chaos", "beep", "ding", "finger", "parody", "fool", "footprint", "lightning", "grep", "grok", "orig", "hair", "february", "razor", "hook", "this", "green", "warner", "lexer", "code", "blank", "mars", "bach", "xenon", "mensa", "police", "nethack", "mark", "path", "silly", "nuke", "find", "panic", "patch", "compiler", "friday", "prowler", "drop", "school", "beast", "rape", "comment", "simple", "small", "infinity", "terminal", "wallpaper", "zero", "zombie", "loader", "diablo", "wormhole", "write", "anime", "google", "creek", "save saved", "palo alto", "reviews google", "reviews", "rate", "review", "adobe creek", "wabbit", "multics", "gedanken", "file", "jargon file", "english", "next", "previous", "steele1983", "writing style", "format", "bill", "april", "explorer", "chon", "loud", "swedish", "philadelphia", "postscript", "jonl", "system", "pdp10", "uncle gaylord", "el camino", "bits", "bugs", "error", "losers", "alphabet", "alpha", "venus", "star", "period", "delta", "shoe", "galileo", "movie", "coke", "ravs", "murphy", "beethoven", "never", "generator", "august", "ginger", "hacked", "tech", "energy", "abagnale", "main official", "publications", "tips", "list", "privacy guard", "partner", "3 notable", "hacks", "frauds", "algorithm", "key identifier", "x509v3 subject", "thumbprint", "v3 serial", "number", "cus ogoogle", "trust", "cnwr3 validity", "subject public" ], "references": [ "https://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach/", "https://haveibeenpwned.com/breach/Adobe", "https://magic-cookie.co.uk/jargon/jarg211/jargon.htm#:~:text=terminate%20a%20conversation.%20Typical%20examples%20involve%20WIN%2C,flame.%22%20%22Boy%2C%20what%20a%20bagbiter!%20Chomp%2C%20chomp!%22", "https://www.google.com/viewer/place?mid=/m/0805kv4&sa=X&ved=2ahUKEwifwpDL186TAxVWlYkEHfhkM8wQqdYPegQIBhAG", "https://www.netmeister.org/news/jargon.html", "http://xahlee.info/comp/the_jargon_file.html" ], "public": 1, "adversary": "Woopie", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "\u2019m", "display_name": "\u2019m", "target": null }, { "id": "Hummmmmm", "display_name": "Hummmmmm", "target": null }, { "id": "WABBIT", "display_name": "WABBIT", "target": null }, { "id": "MULTICS", "display_name": "MULTICS", "target": null }, { "id": "GEDANKEN", "display_name": "GEDANKEN", "target": null }, { "id": "Usenet", "display_name": "Usenet", "target": null } ], "attack_ids": [ { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Defense", "Gas" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "domain": 23, "hostname": 30, "email": 27, "FileHash-SHA256": 102, "FileHash-MD5": 2, "FileHash-SHA1": 36 }, "indicator_count": 311, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ce349a964f9f09f38babbc", "name": "Facebook Warns Users After Adobe Breach – Krebs on Security", "description": "The following is a guide to key key information found in the 2013 Adobe data leak, as well as the key details of key passwords and other key data, which were leaked to the public and shared online.- they clue was in the oa oa (auth) / or oa (adobe office) - more to come.", "modified": "2026-05-02T00:08:01.198000", "created": "2026-04-02T09:19:22.046000", "tags": [ "graham cluley", "adobe", "factors", "codebook", "2 list", "ecb mode", "triple des", "key strings", "facebook", "nancarrow", "adobe data", "jay nancarrow", "paul ducklin", "sophos", "adobe account", "update", "sunday", "woopie", "\u2019m", "hummmmmm", "been", "guardio", "password", "sponsored get", "me api", "out dashboard", "october", "recommended", "actions", "adobe breach", "levelblue", "alienvault", "enter", "otx platform", "electronic", "adobe ecb", "unix", "usenet", "said", "stanford", "msdos", "lisp", "sail", "teco", "hacker", "term", "stack", "core", "hack", "flame", "worm", "uucp", "acronym", "crunch", "shell", "advent", "close", "choke", "crash", "demon", "phase", "eris", "glitch", "hello", "trash", "open", "nanobot", "magic", "cracker", "blast", "burn", "cray", "bogus", "bounce", "meta", "copyleft", "dragon", "phantom", "mango", "iron", "waldo", "funky", "grovel", "rogue", "life", "back", "slime", "knight", "spin", "chad", "cookie", "empire", "discord", "flytrap", "june", "problem", "mutter", "tick", "storm", "music", "trivial", "push", "window", "drives", "jack", "yoyo", "general", "dirty", "ping", "benchmark", "shift", "blazer", "false", "damage", "horror", "tron", "anchor", "download", "snoopy", "enterprise", "mind", "epsilon", "chaos", "beep", "ding", "finger", "parody", "fool", "footprint", "lightning", "grep", "grok", "orig", "hair", "february", "razor", "hook", "this", "green", "warner", "lexer", "code", "blank", "mars", "bach", "xenon", "mensa", "police", "nethack", "mark", "path", "silly", "nuke", "find", "panic", "patch", "compiler", "friday", "prowler", "drop", "school", "beast", "rape", "comment", "simple", "small", "infinity", "terminal", "wallpaper", "zero", "zombie", "loader", "diablo", "wormhole", "write", "anime", "google", "creek", "save saved", "palo alto", "reviews google", "reviews", "rate", "review", "adobe creek", "wabbit", "multics", "gedanken", "file", "jargon file", "english", "next", "previous", "steele1983", "writing style", "format", "bill", "april", "explorer", "chon", "loud", "swedish", "philadelphia", "postscript", "jonl", "system", "pdp10", "uncle gaylord", "el camino", "bits", "bugs", "error", "losers", "alphabet", "alpha", "venus", "star", "period", "delta", "shoe", "galileo", "movie", "coke", "ravs", "murphy", "beethoven", "never", "generator", "august", "ginger", "hacked", "tech", "energy", "abagnale", "main official", "publications", "tips", "list", "privacy guard", "partner", "3 notable", "hacks", "frauds", "algorithm", "key identifier", "x509v3 subject", "thumbprint", "v3 serial", "number", "cus ogoogle", "trust", "cnwr3 validity", "subject public" ], "references": [ "https://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach/", "https://haveibeenpwned.com/breach/Adobe", "https://magic-cookie.co.uk/jargon/jarg211/jargon.htm#:~:text=terminate%20a%20conversation.%20Typical%20examples%20involve%20WIN%2C,flame.%22%20%22Boy%2C%20what%20a%20bagbiter!%20Chomp%2C%20chomp!%22", "https://www.google.com/viewer/place?mid=/m/0805kv4&sa=X&ved=2ahUKEwifwpDL186TAxVWlYkEHfhkM8wQqdYPegQIBhAG", "https://www.netmeister.org/news/jargon.html", "http://xahlee.info/comp/the_jargon_file.html" ], "public": 1, "adversary": "Woopie", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "\u2019m", "display_name": "\u2019m", "target": null }, { "id": "Hummmmmm", "display_name": "Hummmmmm", "target": null }, { "id": "WABBIT", "display_name": "WABBIT", "target": null }, { "id": "MULTICS", "display_name": "MULTICS", "target": null }, { "id": "GEDANKEN", "display_name": "GEDANKEN", "target": null }, { "id": "Usenet", "display_name": "Usenet", "target": null } ], "attack_ids": [ { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Defense", "Gas" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "domain": 23, "hostname": 30, "email": 27, "FileHash-SHA256": 102, "FileHash-MD5": 2, "FileHash-SHA1": 36 }, "indicator_count": 311, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.netmeister.org/news/jargon.html", "https://magic-cookie.co.uk/jargon/jarg211/jargon.htm#:~:text=terminate%20a%20conversation.%20Typical%20examples%20involve%20WIN%2C,flame.%22%20%22Boy%2C%20what%20a%20bagbiter!%20Chomp%2C%20chomp!%22", "https://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach/", "http://xahlee.info/comp/the_jargon_file.html", "https://haveibeenpwned.com/breach/Adobe", "https://www.google.com/viewer/place?mid=/m/0805kv4&sa=X&ved=2ahUKEwifwpDL186TAxVWlYkEHfhkM8wQqdYPegQIBhAG", "https://vtbehaviour.commondatastorage.googleapis.com/008a6413800ef811244f0807e0943df22ba724ed674c03bfc5b57d820c27a632_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779493221&Signature=K7tHlM4p%2FfG1TSV%2FfZASKdmBWp3Se3XBQN%2Fa14YDnlL0ZljOfWTPQ9t%2Bd2aP5K7YN8vKmT4RJJhl7HH4LqZQMp8GIbPe5r%2BM2C1L86LMrE41%2BkG%2Ff1kcZsSCFPfosyqdsDy8WxtnzsLYBOZXWqnqwDaIMQTY03ypckO20Z4rHEcTZV6YKBDggWJQaRNhggjm6jAVXSTzJY9dX0l5Ihm4Qn%2F1hmi80T4VkqsWvPH%2B5dGv" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Woopie" ], "malware_families": [ "Hummmmmm", "Multics", "\u2019m", "Wabbit", "Gedanken", "Usenet" ], "industries": [ "Defense", "Gas" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "6a10e8d0c46d08b820206d6c", "name": "Emotet - dating back to before 2019. CAPE Sandbox", "description": "[ Cuckoo is a computer program that runs on an operating system (KVM) and can be run on a desktop or a mobile device (also known as a virtual assistant)]", "modified": "2026-05-23T05:14:22.248000", "created": "2026-05-22T23:37:52.466000", "tags": [ "default", "jjjj", "settingswpad", "dos mode", "payload", "file type", "file size", "mwdb", "bazaar", "sha3384", "emotet", "shutdown", "back" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/008a6413800ef811244f0807e0943df22ba724ed674c03bfc5b57d820c27a632_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779493221&Signature=K7tHlM4p%2FfG1TSV%2FfZASKdmBWp3Se3XBQN%2Fa14YDnlL0ZljOfWTPQ9t%2Bd2aP5K7YN8vKmT4RJJhl7HH4LqZQMp8GIbPe5r%2BM2C1L86LMrE41%2BkG%2Ff1kcZsSCFPfosyqdsDy8WxtnzsLYBOZXWqnqwDaIMQTY03ypckO20Z4rHEcTZV6YKBDggWJQaRNhggjm6jAVXSTzJY9dX0l5Ihm4Qn%2F1hmi80T4VkqsWvPH%2B5dGv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 69, "FileHash-SHA1": 36, "FileHash-SHA256": 1530, "IPv4": 8385, "domain": 631, "URL": 160, "hostname": 6900, "CIDR": 7 }, "indicator_count": 17718, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "10 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ce347222098a7c1739af70", "name": "Facebook Warns Users After Adobe Breach – Krebs on Security", "description": "The following is a guide to key key information found in the 2013 Adobe data leak, as well as the key details of key passwords and other key data, which were leaked to the public and shared online.- they clue was in the oa oa (auth) / or oa (adobe office) - more to come.", "modified": "2026-05-02T00:08:01.198000", "created": "2026-04-02T09:18:42.940000", "tags": [ "graham cluley", "adobe", "factors", "codebook", "2 list", "ecb mode", "triple des", "key strings", "facebook", "nancarrow", "adobe data", "jay nancarrow", "paul ducklin", "sophos", "adobe account", "update", "sunday", "woopie", "\u2019m", "hummmmmm", "been", "guardio", "password", "sponsored get", "me api", "out dashboard", "october", "recommended", "actions", "adobe breach", "levelblue", "alienvault", "enter", "otx platform", "electronic", "adobe ecb", "unix", "usenet", "said", "stanford", "msdos", "lisp", "sail", "teco", "hacker", "term", "stack", "core", "hack", "flame", "worm", "uucp", "acronym", "crunch", "shell", "advent", "close", "choke", "crash", "demon", "phase", "eris", "glitch", "hello", "trash", "open", "nanobot", "magic", "cracker", "blast", "burn", "cray", "bogus", "bounce", "meta", "copyleft", "dragon", "phantom", "mango", "iron", "waldo", "funky", "grovel", "rogue", "life", "back", "slime", "knight", "spin", "chad", "cookie", "empire", "discord", "flytrap", "june", "problem", "mutter", "tick", "storm", "music", "trivial", "push", "window", "drives", "jack", "yoyo", "general", "dirty", "ping", "benchmark", "shift", "blazer", "false", "damage", "horror", "tron", "anchor", "download", "snoopy", "enterprise", "mind", "epsilon", "chaos", "beep", "ding", "finger", "parody", "fool", "footprint", "lightning", "grep", "grok", "orig", "hair", "february", "razor", "hook", "this", "green", "warner", "lexer", "code", "blank", "mars", "bach", "xenon", "mensa", "police", "nethack", "mark", "path", "silly", "nuke", "find", "panic", "patch", "compiler", "friday", "prowler", "drop", "school", "beast", "rape", "comment", "simple", "small", "infinity", "terminal", "wallpaper", "zero", "zombie", "loader", "diablo", "wormhole", "write", "anime", "google", "creek", "save saved", "palo alto", "reviews google", "reviews", "rate", "review", "adobe creek", "wabbit", "multics", "gedanken", "file", "jargon file", "english", "next", "previous", "steele1983", "writing style", "format", "bill", "april", "explorer", "chon", "loud", "swedish", "philadelphia", "postscript", "jonl", "system", "pdp10", "uncle gaylord", "el camino", "bits", "bugs", "error", "losers", "alphabet", "alpha", "venus", "star", "period", "delta", "shoe", "galileo", "movie", "coke", "ravs", "murphy", "beethoven", "never", "generator", "august", "ginger", "hacked", "tech", "energy", "abagnale", "main official", "publications", "tips", "list", "privacy guard", "partner", "3 notable", "hacks", "frauds", "algorithm", "key identifier", "x509v3 subject", "thumbprint", "v3 serial", "number", "cus ogoogle", "trust", "cnwr3 validity", "subject public" ], "references": [ "https://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach/", "https://haveibeenpwned.com/breach/Adobe", "https://magic-cookie.co.uk/jargon/jarg211/jargon.htm#:~:text=terminate%20a%20conversation.%20Typical%20examples%20involve%20WIN%2C,flame.%22%20%22Boy%2C%20what%20a%20bagbiter!%20Chomp%2C%20chomp!%22", "https://www.google.com/viewer/place?mid=/m/0805kv4&sa=X&ved=2ahUKEwifwpDL186TAxVWlYkEHfhkM8wQqdYPegQIBhAG", "https://www.netmeister.org/news/jargon.html", "http://xahlee.info/comp/the_jargon_file.html" ], "public": 1, "adversary": "Woopie", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "\u2019m", "display_name": "\u2019m", "target": null }, { "id": "Hummmmmm", "display_name": "Hummmmmm", "target": null }, { "id": "WABBIT", "display_name": "WABBIT", "target": null }, { "id": "MULTICS", "display_name": "MULTICS", "target": null }, { "id": "GEDANKEN", "display_name": "GEDANKEN", "target": null }, { "id": "Usenet", "display_name": "Usenet", "target": null } ], "attack_ids": [ { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Defense", "Gas" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "domain": 23, "hostname": 30, "email": 27, "FileHash-SHA256": 102, "FileHash-MD5": 2, "FileHash-SHA1": 36 }, "indicator_count": 311, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ce349a964f9f09f38babbc", "name": "Facebook Warns Users After Adobe Breach – Krebs on Security", "description": "The following is a guide to key key information found in the 2013 Adobe data leak, as well as the key details of key passwords and other key data, which were leaked to the public and shared online.- they clue was in the oa oa (auth) / or oa (adobe office) - more to come.", "modified": "2026-05-02T00:08:01.198000", "created": "2026-04-02T09:19:22.046000", "tags": [ "graham cluley", "adobe", "factors", "codebook", "2 list", "ecb mode", "triple des", "key strings", "facebook", "nancarrow", "adobe data", "jay nancarrow", "paul ducklin", "sophos", "adobe account", "update", "sunday", "woopie", "\u2019m", "hummmmmm", "been", "guardio", "password", "sponsored get", "me api", "out dashboard", "october", "recommended", "actions", "adobe breach", "levelblue", "alienvault", "enter", "otx platform", "electronic", "adobe ecb", "unix", "usenet", "said", "stanford", "msdos", "lisp", "sail", "teco", "hacker", "term", "stack", "core", "hack", "flame", "worm", "uucp", "acronym", "crunch", "shell", "advent", "close", "choke", "crash", "demon", "phase", "eris", "glitch", "hello", "trash", "open", "nanobot", "magic", "cracker", "blast", "burn", "cray", "bogus", "bounce", "meta", "copyleft", "dragon", "phantom", "mango", "iron", "waldo", "funky", "grovel", "rogue", "life", "back", "slime", "knight", "spin", "chad", "cookie", "empire", "discord", "flytrap", "june", "problem", "mutter", "tick", "storm", "music", "trivial", "push", "window", "drives", "jack", "yoyo", "general", "dirty", "ping", "benchmark", "shift", "blazer", "false", "damage", "horror", "tron", "anchor", "download", "snoopy", "enterprise", "mind", "epsilon", "chaos", "beep", "ding", "finger", "parody", "fool", "footprint", "lightning", "grep", "grok", "orig", "hair", "february", "razor", "hook", "this", "green", "warner", "lexer", "code", "blank", "mars", "bach", "xenon", "mensa", "police", "nethack", "mark", "path", "silly", "nuke", "find", "panic", "patch", "compiler", "friday", "prowler", "drop", "school", "beast", "rape", "comment", "simple", "small", "infinity", "terminal", "wallpaper", "zero", "zombie", "loader", "diablo", "wormhole", "write", "anime", "google", "creek", "save saved", "palo alto", "reviews google", "reviews", "rate", "review", "adobe creek", "wabbit", "multics", "gedanken", "file", "jargon file", "english", "next", "previous", "steele1983", "writing style", "format", "bill", "april", "explorer", "chon", "loud", "swedish", "philadelphia", "postscript", "jonl", "system", "pdp10", "uncle gaylord", "el camino", "bits", "bugs", "error", "losers", "alphabet", "alpha", "venus", "star", "period", "delta", "shoe", "galileo", "movie", "coke", "ravs", "murphy", "beethoven", "never", "generator", "august", "ginger", "hacked", "tech", "energy", "abagnale", "main official", "publications", "tips", "list", "privacy guard", "partner", "3 notable", "hacks", "frauds", "algorithm", "key identifier", "x509v3 subject", "thumbprint", "v3 serial", "number", "cus ogoogle", "trust", "cnwr3 validity", "subject public" ], "references": [ "https://krebsonsecurity.com/2013/11/facebook-warns-users-after-adobe-breach/", "https://haveibeenpwned.com/breach/Adobe", "https://magic-cookie.co.uk/jargon/jarg211/jargon.htm#:~:text=terminate%20a%20conversation.%20Typical%20examples%20involve%20WIN%2C,flame.%22%20%22Boy%2C%20what%20a%20bagbiter!%20Chomp%2C%20chomp!%22", "https://www.google.com/viewer/place?mid=/m/0805kv4&sa=X&ved=2ahUKEwifwpDL186TAxVWlYkEHfhkM8wQqdYPegQIBhAG", "https://www.netmeister.org/news/jargon.html", "http://xahlee.info/comp/the_jargon_file.html" ], "public": 1, "adversary": "Woopie", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "\u2019m", "display_name": "\u2019m", "target": null }, { "id": "Hummmmmm", "display_name": "Hummmmmm", "target": null }, { "id": "WABBIT", "display_name": "WABBIT", "target": null }, { "id": "MULTICS", "display_name": "MULTICS", "target": null }, { "id": "GEDANKEN", "display_name": "GEDANKEN", "target": null }, { "id": "Usenet", "display_name": "Usenet", "target": null } ], "attack_ids": [ { "id": "T1531", "name": "Account Access Removal", "display_name": "T1531 - Account Access Removal" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1115", "name": "Clipboard Data", "display_name": "T1115 - Clipboard Data" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1496", "name": "Resource Hijacking", "display_name": "T1496 - Resource Hijacking" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" } ], "industries": [ "Defense", "Gas" ], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 91, "domain": 23, "hostname": 30, "email": 27, "FileHash-SHA256": 102, "FileHash-MD5": 2, "FileHash-SHA1": 36 }, "indicator_count": 311, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "32 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "0a.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "0a.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780445796.496423 }