{ "type": "MD5", "indicator": "2cb63b557c8e9ea189331ca4e8aa92bb", "general": { "sections": [ "general", "analysis" ], "type": "md5", "type_title": "FileHash-MD5", "indicator": "2cb63b557c8e9ea189331ca4e8aa92bb", "validation": [], "base_indicator": { "id": 3828953899, "indicator": "2cb63b557c8e9ea189331ca4e8aa92bb", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "665414d896b6de83775c691c", "name": "DOH SHA256 IOC", "description": "", "modified": "2024-08-26T04:16:30.720000", "created": "2024-05-27T05:06:32.697000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 545, "FileHash-SHA1": 545, "FileHash-SHA256": 2339 }, "indicator_count": 3429, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "643 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "65b23af0536e7729c9d04e55", "name": "Parrot TDS: A Persistent and Evolving Malware Campaign", "description": "A persistent and evolving malware campaign known as Parrot TDS has been active for more than four years, according to research carried out by Palo Alto Networks and its partner, the University of California, Los Angeles.", "modified": "2024-01-25T10:41:52.186000", "created": "2024-01-25T10:41:52.186000", "tags": [ "parrot tds", "javascript", "figure", "virustotal", "javascript code", "payload script", "palo alto", "networks", "unit", "august", "alliance", "canvas", "webassembly", "evolving", "tds", "v3", "v5", "v1", "v2" ], "references": [ "https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_v8176g40kstn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Evolving", "display_name": "Evolving", "target": null }, { "id": "JavaScript", "display_name": "JavaScript", "target": null }, { "id": "TDS", "display_name": "TDS", "target": null }, { "id": "V3", "display_name": "V3", "target": null }, { "id": "V5", "display_name": "V5", "target": null }, { "id": "V1", "display_name": "V1", "target": null }, { "id": "V2", "display_name": "V2", "target": null }, { "id": "Parrot TDS", "display_name": "Parrot TDS", "target": null } ], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 84, "FileHash-SHA256": 200 }, "indicator_count": 368, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "856 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "references": [ "https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_v8176g40kstn" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Evolving", "Javascript", "V1", "Tds", "V2", "V5", "Parrot tds", "V3" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "665414d896b6de83775c691c", "name": "DOH SHA256 IOC", "description": "", "modified": "2024-08-26T04:16:30.720000", "created": "2024-05-27T05:06:32.697000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "fueledbycoffeeDXB", "id": "272228", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 545, "FileHash-SHA1": 545, "FileHash-SHA256": 2339 }, "indicator_count": 3429, "is_author": false, "is_subscribing": null, "subscriber_count": 28, "modified_text": "643 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 }, { "id": "65b23af0536e7729c9d04e55", "name": "Parrot TDS: A Persistent and Evolving Malware Campaign", "description": "A persistent and evolving malware campaign known as Parrot TDS has been active for more than four years, according to research carried out by Palo Alto Networks and its partner, the University of California, Los Angeles.", "modified": "2024-01-25T10:41:52.186000", "created": "2024-01-25T10:41:52.186000", "tags": [ "parrot tds", "javascript", "figure", "virustotal", "javascript code", "payload script", "palo alto", "networks", "unit", "august", "alliance", "canvas", "webassembly", "evolving", "tds", "v3", "v5", "v1", "v2" ], "references": [ "https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/#post-132073-_v8176g40kstn" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Evolving", "display_name": "Evolving", "target": null }, { "id": "JavaScript", "display_name": "JavaScript", "target": null }, { "id": "TDS", "display_name": "TDS", "target": null }, { "id": "V3", "display_name": "V3", "target": null }, { "id": "V5", "display_name": "V5", "target": null }, { "id": "V1", "display_name": "V1", "target": null }, { "id": "V2", "display_name": "V2", "target": null }, { "id": "Parrot TDS", "display_name": "Parrot TDS", "target": null } ], "attack_ids": [ { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 84, "FileHash-SHA1": 84, "FileHash-SHA256": 200 }, "indicator_count": 368, "is_author": false, "is_subscribing": null, "subscriber_count": 863, "modified_text": "856 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-MD5", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "2cb63b557c8e9ea189331ca4e8aa92bb", "type": "Hash" }, "abuseipdb": null, "urlhaus": { "indicator": "2cb63b557c8e9ea189331ca4e8aa92bb", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780206244.9014127 }