{ "type": "Domain", "indicator": "4umf.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/4umf.com", "alexa": "http://www.alexa.com/siteinfo/4umf.com", "indicator": "4umf.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4077346573, "indicator": "4umf.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69f486c411d421163131fe6f", "name": "2012: Malware Analysis Report", "description": "", "modified": "2026-05-01T10:56:04.377000", "created": "2026-05-01T10:56:04.377000", "tags": [], "references": [ "2012-01-04 - SpyEye Malware Borrows Zeus Trick to Mask Fraud.pdf", "2012-01-08 - Cold$eal- 'Situation is under control'.pdf", "2012-01-06 - Cracking Cold$eal 5.4.1 FWB++.pdf", "2012-01-06 - Cracking ColdSeal 5.4.1 FWB.pdf", "2012-02-15 - Merchant of Fraud Returns- Shylock Polymorphic Financial Malware Infections on the Rise.pdf", "2012-02-01 - TDL4 - Purple Haze (Pihar) Variant - sample and analysis.pdf", "2012-01-12 - Blackhole Ramnit - samples and analysis.pdf", "2012-03-16 - OSX-Imuler updated- still a threat on Mac OS X.pdf", "2012-03-26 - LUCKYCAT REDUX Inside an APT Campaign with Multiple Targets in India and Japan.pdf", "2012-03-06 - Virus Ukash Gendarmerie Absence twexx32.dll.pdf", "2012-04-05 - Darkshell DDOS Botnet Evolves With Variants.pdf", "2012-04-16 - Detailed Analysis Of Sykipot (Smartcard Proxy Variant).pdf", "2012-04-10 - OSX-FlashbackO sample and some domains.pdf", "2012-04-05 - China Hacked South Korea Over Missile Defense, U.S. Firm Says.pdf", "2012-04-10 - OSX-Flashback.O sample + some domains.pdf", "2012-04-12 - OSX-Flashback.K sample + Mac OS malware study set (30+ older samples).pdf", "2012-04-12 - OSX-Flashback.K sample and Mac OS malware study set (over 30 older samples).pdf", "2012-04-23 - BKDR_CYSXL.A.pdf", "2012-04-18 - DarkMegi rootkit - sample (distributed via Blackhole).pdf", "2012-05-31 - Flamer- A Recipe for Bluetoothache.pdf", "2012-06-06 - Tinba - Zusy - tiny banker trojan.pdf", "2012-06-04 - Small banking Trojan poses major risk.pdf", "2012-05-28 - The Flame- Questions and Answers.pdf", "2012-06-05 - Smartcard vulnerabilities in modern banking malware.pdf", "2012-06-09 - You dirty RAT! Part 1- DarkComet.pdf", "2012-06-21 - BlackShades in Syria.pdf", "2012-06-15 - You Dirty RAT! Part 2 \u2013 BlackShades NET.pdf", "2012-07-02 - Sykipot is back.pdf", "2012-06-24 - Medre.A - AutoCAD worm samples.pdf", "2012-06-21 - RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army.pdf", "2012-07-17 - Kaspersky Lab and Seculert Announce \u2018Madi,\u2019 a Newly Discovered Cyber-Espionage Campaign in the Middle East.pdf", "2012-07-17 - The Madi Attacks- Series of Social Engineering Campaigns.pdf", "2012-07-13 - Rovnix bootkit framework updated.pdf", "2012-07-26 - The Madi Campaign \u2013 Part II.pdf", "2012-07-22 - Xtreme RAT analysis.pdf", "2012-08-01 - \u201cRunForestRun\u201d, \u201cgootkit\u201d and random domain name generation.pdf", "2012-07-24 - New Apple Mac Trojan Called OSX-Crisis Discovered.pdf", "2012-07-17 - The Madi Campaign \u2013 Part I.pdf", "2012-08-01 - Inside the ICE IX bot, descendent of Zeus.pdf", "2012-08-10 - Gauss samples - Nation-state cyber-surveillance + Banking trojan.pdf", "2012-08-02 - Cridex Analysis using Volatility.pdf", "2012-08-17 - Shamoon or DistTrack.A samples.pdf", "2012-08-20 - Crisis for Windows Sneaks onto Virtual Machines.pdf", "2012-08-16 - Shamoon the Wiper \u2013 Copycats at Work.pdf", "2012-08-16 - The Shamoon Attacks.pdf", "2012-08-16 - Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel.pdf", "2012-08-22 - The first Trojan in history to steal Linux and Mac OS X passwords.pdf", "2012-08-30 - Troj-Binanen-B.pdf", "2012-09-18 - QassamCyberFighters's Pastebin.pdf", "2012-09-01 - URLZone reloaded- new evolution.pdf", "2012-09-28 - Dissecting 'Operation Ababil' - an OSINT Analysis.pdf", "2012-10-02 - Blackhole Exploit Kit \u2013 Rise and Evolution.pdf", "2012-09-06 - The Elderwood Project.pdf", "2012-09-19 - Blog Posts on Nitol.pdf", "2012-08-13 - Syrian Electronic Army.pdf", "2012-10-09 - BKDR_SARHUST.A.pdf", "2012-10-05 - Dark Comet 2- Electric Boogaloo.pdf", "2012-10-12 - New Multiplatform Backdoor Jacksbot Discovered.pdf", "2012-10-09 - SASFIS.pdf", "2012-10-13 - WORM_EMUDBOT.JP.pdf", "2012-10-07 - Cracking New PseudoRandom (runforestrun) Infector.pdf", "2012-11-01 - Tracking the 2012 Sasfis campaign.pdf", "2012-11-16 - Malware Targeting Windows 8 Uses Google Docs.pdf", "2012-11-13 - New variant of Mac Trojan discovered, targeting Tibet.pdf", "2012-11-14 - Group Photos.zip OSX-Revir - OSX-iMuler samples March 2012-November 2012.pdf", "2012-11-16 - Remote Administration Tool for Android devices.pdf", "2012-11-05 - Citadel- a cyber-criminal\u2019s ultimate weapon-.pdf", "2012-10-30 - JACKSBOT Has Some Dirty Tricks up Its Sleeves.pdf", "2012-11-27 - Threat Description- Troj-Ployx-A.pdf", "2012-11-22 - W32.Narilam \u2013 Business Database Sabotage.pdf", "2012-12-03 - Compromised library.pdf", "2012-11-25 - Parastoo Hacks IAEA.pdf", "2012-12-03 - New Mac Malware Found on Dalai Lama Related Website.pdf", "2012-11-28 - Shylock\u2019s New Trick- Evading Malware Researchers.pdf", "2012-11-29 - Inside view of Lyposit aka (for its friends) Lucky LOCKER.pdf", "2012-12-06 - Nov 2012 - W32.Narilam Sample.pdf", "2012-12-07 - Aug 2012 Backdoor.Wirenet - OSX and Linux.pdf", "2012-12-05 - The path to infection - Eye glance at the first line of -Russian Underground- - focused on Ransomware.pdf", "2012-12-07 - Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT.pdf", "2012-12-07 - Nov 2012 - Backdoor.W32.Makadocs Sample.pdf", "2012-12-12 - Analysis of VirTool-WinNT-Exforel.A rootkit.pdf", "2012-12-07 - Nov 2012 Worm Vobfus Samples.pdf", "2012-12-12 - Unpacking Dexter POS -Memory Dump Parsing- Malware.pdf", "2012-12-13 - The Dexter Malware- Getting Your Hands Dirty.pdf", "2012-11-29 - What\u2019s the Fuss with WORM_VOBFUS-.pdf", "2012-12-15 - Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1).pdf", "2012-12-19 - Win32-Spy.Ranbyus modifying Java code in RBS Ukraine systems.pdf", "2012-12-17 - Sample for Sanny - Win32.Daws in CVE-2012-0158 -ACEAN Regional Security Forum- targeting Russian companies.pdf", "2012-12-18 - Malicious Apache module used for content injection- Linux-Chapro.A.pdf", "2012-12-20 - Trojan.Stabuniq Found on Financial Institution Servers.pdf", "2012-12-15 - Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2).pdf", "2012-12-23 - Dec 2012 Dexter - POS Infostealer samples and information.pdf", "2012-12-24 - Dec 2012 Linux.Chapro - trojan Apache iframer.pdf", "2012-12-27 - Nitol botnet.pdf", "2012-12-21 - Infostealer Dexter Targets Checkout Systems.pdf", "2012-12-24 - Dec. 2012 Trojan.Stabuniq samples - financial infostealer trojan.pdf", "2012-12-29 - Attack and IE 0day Informations Used Against Council on Foreign Relations.pdf", "2012-12-26 - ZeroAccess - Sirefef Rootkit - 5 fresh samples.pdf", "Crypto -Dark Comet.pdf", "Cyberattack against Israeli and Palestinian targets.pdf", "Dark Comet.pdf", "IEXPL0RE RAT.pdf", "OSX SabPub.pdf", "Flamer C & C Server.pdf", "Ixeshe.pdf", "Shamoon.pdf", "Pest Control.pdf", "The elderwood project.pdf", "The Mirage Campaign.pdf", "The Sin Digoo Affair.pdf", "Trojan Taidoor.pdf", "Wicked Rose & NCPH Hacking Group.pdf", "Fin Fisher's Spy Kit.pdf", "LuckyCat Redux.pdf", "The Madi Infostealers.pdf", "The VOHO Campaign.pdf", "The taidoor campaign.pdf", "The HeartBeat APT Campaign.pdf", "Tibet Lurk.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kikinumpav", "id": "385742", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 22, "IPv4": 422, "URL": 347, "domain": 373, "hostname": 452, "FileHash-MD5": 927, "FileHash-SHA1": 84, "FileHash-SHA256": 248, "CVE": 42, "IPv6": 1 }, "indicator_count": 2918, "is_author": false, "is_subscribing": null, "subscriber_count": 11, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685186035e5fb63846d29e45", "name": "Regarding Minority Report 2.0 | Aggresive Remote device tracking (multiple) | Network Rat", "description": "Abuse.\nWhy is so much of this in plain sight? .\nMalicious tactics abused by preemptive policing recently implemented by Tech Bros under current Trump administration.\nThee governing Cyber Defense / AI / Data collection firm. | foundry2-lbl.dvr.dn2.n-helix.com | \nhttp://foundry2-lbl.dvr.dn2.n-helix.com |\nhttps://foundry2-lbl.dvr.dn2.n-helix.com |\nhttps://nl.cyberriskalliance.com/assets/icons/twitter.png |\nhttps://axis.snxd.com/track/0\n| track.getbuilt.com | \nRelates to Denver female \u2018allegedly\u2019 injured \u2018in PT.\nA malicious prosecution case against alleged victim after a Detective brought \u2018MTI\u2019 case to controlled Denver DA was dismissed by judge. Injured victim paid a pathetic settlement; especially considering the seriousness of the response of the government. \nThis type\nof tracking silencing is critically dangerous. \nHosanna make no haste to rescue all\nof victims of civilian & victim targeting.\n*Crowdsourced", "modified": "2025-07-17T14:01:34.245000", "created": "2025-06-17T15:13:07.233000", "tags": [ "body", "cps https", "location", "urls server", "cloudfront", "united", "unknown aaaa", "search", "digital press", "moved", "digital culture", "ip address", "creation date", "record value", "entries", "date", "meta", "urls", "http", "passive dns", "unique", "pulse pulses", "related nids", "files location", "flag united", "showing", "rich content", "system", "cdn amazon", "amazons3 tls", "certificate", "redirects", "ua9385760744", "utc na", "utc google", "tag manager", "gk4vnlmd3b9", "server", "amazon", "net1832001", "net18160001", "address range", "cidr", "network name", "allocation type", "whois server", "entity amazon4", "handle", "present mar", "present feb", "unknown cname", "urls show", "date checked", "url hostname", "server response", "aaaa" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 48, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2075, "URL": 5471, "hostname": 1531, "domain": 1013, "FileHash-MD5": 55, "FileHash-SHA1": 53, "CVE": 1, "SSLCertFingerprint": 1, "email": 1, "CIDR": 2 }, "indicator_count": 10203, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "317 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685186983a4dd00c2b45b255", "name": "Source:\thttps://cloud.samsara.com/o/79639/flee", "description": "", "modified": "2025-07-17T14:01:34.245000", "created": "2025-06-17T15:15:36.505000", "tags": [ "body", "cps https", "location", "urls server", "cloudfront", "united", "unknown aaaa", "search", "digital press", "moved", "digital culture", "ip address", "creation date", "record value", "entries", "date", "meta", "urls", "http", "passive dns", "unique", "pulse pulses", "related nids", "files location", "flag united", "showing", "rich content", "system", "cdn amazon", "amazons3 tls", "certificate", "redirects", "ua9385760744", "utc na", "utc google", "tag manager", "gk4vnlmd3b9", "server", "amazon", "net1832001", "net18160001", "address range", "cidr", "network name", "allocation type", "whois server", "entity amazon4", "handle", "present mar", "present feb", "unknown cname", "urls show", "date checked", "url hostname", "server response", "aaaa" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "685186035e5fb63846d29e45", "export_count": 47, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2075, "URL": 5471, "hostname": 1531, "domain": 1013, "FileHash-MD5": 55, "FileHash-SHA1": 53, "CVE": 1, "SSLCertFingerprint": 1, "email": 1, "CIDR": 2 }, "indicator_count": 10203, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "317 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "2012-07-13 - Rovnix bootkit framework updated.pdf", "Pest Control.pdf", "Crypto -Dark Comet.pdf", "2012-09-06 - The Elderwood Project.pdf", "2012-12-18 - Malicious Apache module used for content injection- Linux-Chapro.A.pdf", "The Madi Infostealers.pdf", "2012-07-22 - Xtreme RAT analysis.pdf", "2012-08-01 - Inside the ICE IX bot, descendent of Zeus.pdf", "2012-02-01 - TDL4 - Purple Haze (Pihar) Variant - sample and analysis.pdf", "2012-08-16 - Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel.pdf", "2012-11-16 - Remote Administration Tool for Android devices.pdf", "2012-08-02 - Cridex Analysis using Volatility.pdf", "2012-12-26 - ZeroAccess - Sirefef Rootkit - 5 fresh samples.pdf", "2012-01-08 - Cold$eal- 'Situation is under control'.pdf", "2012-06-04 - Small banking Trojan poses major risk.pdf", "2012-11-22 - W32.Narilam \u2013 Business Database Sabotage.pdf", "2012-11-05 - Citadel- a cyber-criminal\u2019s ultimate weapon-.pdf", "2012-12-05 - The path to infection - Eye glance at the first line of -Russian Underground- - focused on Ransomware.pdf", "2012-12-15 - Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1).pdf", "2012-07-26 - The Madi Campaign \u2013 Part II.pdf", "2012-04-10 - OSX-Flashback.O sample + some domains.pdf", "2012-11-14 - Group Photos.zip OSX-Revir - OSX-iMuler samples March 2012-November 2012.pdf", "2012-12-06 - Nov 2012 - W32.Narilam Sample.pdf", "2012-09-01 - URLZone reloaded- new evolution.pdf", "2012-08-20 - Crisis for Windows Sneaks onto Virtual Machines.pdf", "2012-12-17 - Sample for Sanny - Win32.Daws in CVE-2012-0158 -ACEAN Regional Security Forum- targeting Russian companies.pdf", "2012-10-13 - WORM_EMUDBOT.JP.pdf", "2012-12-15 - Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2).pdf", "2012-04-10 - OSX-FlashbackO sample and some domains.pdf", "Trojan Taidoor.pdf", "2012-06-09 - You dirty RAT! Part 1- DarkComet.pdf", "LuckyCat Redux.pdf", "2012-04-18 - DarkMegi rootkit - sample (distributed via Blackhole).pdf", "2012-06-05 - Smartcard vulnerabilities in modern banking malware.pdf", "2012-10-07 - Cracking New PseudoRandom (runforestrun) Infector.pdf", "Fin Fisher's Spy Kit.pdf", "2012-09-19 - Blog Posts on Nitol.pdf", "2012-10-05 - Dark Comet 2- Electric Boogaloo.pdf", "2012-10-02 - Blackhole Exploit Kit \u2013 Rise and Evolution.pdf", "The HeartBeat APT Campaign.pdf", "2012-01-06 - Cracking ColdSeal 5.4.1 FWB.pdf", "2012-02-15 - Merchant of Fraud Returns- Shylock Polymorphic Financial Malware Infections on the Rise.pdf", "2012-07-02 - Sykipot is back.pdf", "2012-11-29 - Inside view of Lyposit aka (for its friends) Lucky LOCKER.pdf", "2012-12-07 - Nov 2012 Worm Vobfus Samples.pdf", "2012-11-29 - What\u2019s the Fuss with WORM_VOBFUS-.pdf", "2012-06-21 - BlackShades in Syria.pdf", "2012-06-21 - RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army.pdf", "2012-12-23 - Dec 2012 Dexter - POS Infostealer samples and information.pdf", "2012-08-22 - The first Trojan in history to steal Linux and Mac OS X passwords.pdf", "2012-06-24 - Medre.A - AutoCAD worm samples.pdf", "2012-11-28 - Shylock\u2019s New Trick- Evading Malware Researchers.pdf", "2012-07-17 - The Madi Attacks- Series of Social Engineering Campaigns.pdf", "2012-04-05 - Darkshell DDOS Botnet Evolves With Variants.pdf", "2012-11-13 - New variant of Mac Trojan discovered, targeting Tibet.pdf", "2012-12-03 - Compromised library.pdf", "2012-03-16 - OSX-Imuler updated- still a threat on Mac OS X.pdf", "2012-08-17 - Shamoon or DistTrack.A samples.pdf", "2012-12-24 - Dec. 2012 Trojan.Stabuniq samples - financial infostealer trojan.pdf", "Shamoon.pdf", "2012-12-27 - Nitol botnet.pdf", "The taidoor campaign.pdf", "Cyberattack against Israeli and Palestinian targets.pdf", "2012-06-15 - You Dirty RAT! Part 2 \u2013 BlackShades NET.pdf", "2012-01-06 - Cracking Cold$eal 5.4.1 FWB++.pdf", "The Mirage Campaign.pdf", "2012-07-17 - Kaspersky Lab and Seculert Announce \u2018Madi,\u2019 a Newly Discovered Cyber-Espionage Campaign in the Middle East.pdf", "2012-11-01 - Tracking the 2012 Sasfis campaign.pdf", "2012-12-29 - Attack and IE 0day Informations Used Against Council on Foreign Relations.pdf", "2012-12-07 - Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT.pdf", "2012-08-13 - Syrian Electronic Army.pdf", "The elderwood project.pdf", "2012-12-24 - Dec 2012 Linux.Chapro - trojan Apache iframer.pdf", "2012-08-10 - Gauss samples - Nation-state cyber-surveillance + Banking trojan.pdf", "2012-10-09 - SASFIS.pdf", "2012-12-12 - Analysis of VirTool-WinNT-Exforel.A rootkit.pdf", "2012-09-18 - QassamCyberFighters's Pastebin.pdf", "2012-01-12 - Blackhole Ramnit - samples and analysis.pdf", "2012-08-01 - \u201cRunForestRun\u201d, \u201cgootkit\u201d and random domain name generation.pdf", "Flamer C & C Server.pdf", "2012-05-28 - The Flame- Questions and Answers.pdf", "OSX SabPub.pdf", "2012-03-26 - LUCKYCAT REDUX Inside an APT Campaign with Multiple Targets in India and Japan.pdf", "2012-05-31 - Flamer- A Recipe for Bluetoothache.pdf", "2012-12-13 - The Dexter Malware- Getting Your Hands Dirty.pdf", "2012-07-24 - New Apple Mac Trojan Called OSX-Crisis Discovered.pdf", "Tibet Lurk.pdf", "2012-09-28 - Dissecting 'Operation Ababil' - an OSINT Analysis.pdf", "2012-06-06 - Tinba - Zusy - tiny banker trojan.pdf", "2012-10-30 - JACKSBOT Has Some Dirty Tricks up Its Sleeves.pdf", "2012-10-09 - BKDR_SARHUST.A.pdf", "2012-12-03 - New Mac Malware Found on Dalai Lama Related Website.pdf", "2012-12-07 - Aug 2012 Backdoor.Wirenet - OSX and Linux.pdf", "2012-04-05 - China Hacked South Korea Over Missile Defense, U.S. Firm Says.pdf", "Ixeshe.pdf", "2012-03-06 - Virus Ukash Gendarmerie Absence twexx32.dll.pdf", "2012-11-25 - Parastoo Hacks IAEA.pdf", "2012-08-16 - Shamoon the Wiper \u2013 Copycats at Work.pdf", "2012-11-16 - Malware Targeting Windows 8 Uses Google Docs.pdf", "2012-12-19 - Win32-Spy.Ranbyus modifying Java code in RBS Ukraine systems.pdf", "2012-12-12 - Unpacking Dexter POS -Memory Dump Parsing- Malware.pdf", "2012-12-20 - Trojan.Stabuniq Found on Financial Institution Servers.pdf", "2012-07-17 - The Madi Campaign \u2013 Part I.pdf", "2012-04-12 - OSX-Flashback.K sample + Mac OS malware study set (30+ older samples).pdf", "2012-08-16 - The Shamoon Attacks.pdf", "2012-11-27 - Threat Description- Troj-Ployx-A.pdf", "The VOHO Campaign.pdf", "2012-04-16 - Detailed Analysis Of Sykipot (Smartcard Proxy Variant).pdf", "2012-04-12 - OSX-Flashback.K sample and Mac OS malware study set (over 30 older samples).pdf", "2012-12-21 - Infostealer Dexter Targets Checkout Systems.pdf", "IEXPL0RE RAT.pdf", "2012-10-12 - New Multiplatform Backdoor Jacksbot Discovered.pdf", "2012-12-07 - Nov 2012 - Backdoor.W32.Makadocs Sample.pdf", "Wicked Rose & NCPH Hacking Group.pdf", "2012-04-23 - BKDR_CYSXL.A.pdf", "Dark Comet.pdf", "2012-01-04 - SpyEye Malware Borrows Zeus Trick to Mask Fraud.pdf", "2012-08-30 - Troj-Binanen-B.pdf", "The Sin Digoo Affair.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69f486c411d421163131fe6f", "name": "2012: Malware Analysis Report", "description": "", "modified": "2026-05-01T10:56:04.377000", "created": "2026-05-01T10:56:04.377000", "tags": [], "references": [ "2012-01-04 - SpyEye Malware Borrows Zeus Trick to Mask Fraud.pdf", "2012-01-08 - Cold$eal- 'Situation is under control'.pdf", "2012-01-06 - Cracking Cold$eal 5.4.1 FWB++.pdf", "2012-01-06 - Cracking ColdSeal 5.4.1 FWB.pdf", "2012-02-15 - Merchant of Fraud Returns- Shylock Polymorphic Financial Malware Infections on the Rise.pdf", "2012-02-01 - TDL4 - Purple Haze (Pihar) Variant - sample and analysis.pdf", "2012-01-12 - Blackhole Ramnit - samples and analysis.pdf", "2012-03-16 - OSX-Imuler updated- still a threat on Mac OS X.pdf", "2012-03-26 - LUCKYCAT REDUX Inside an APT Campaign with Multiple Targets in India and Japan.pdf", "2012-03-06 - Virus Ukash Gendarmerie Absence twexx32.dll.pdf", "2012-04-05 - Darkshell DDOS Botnet Evolves With Variants.pdf", "2012-04-16 - Detailed Analysis Of Sykipot (Smartcard Proxy Variant).pdf", "2012-04-10 - OSX-FlashbackO sample and some domains.pdf", "2012-04-05 - China Hacked South Korea Over Missile Defense, U.S. Firm Says.pdf", "2012-04-10 - OSX-Flashback.O sample + some domains.pdf", "2012-04-12 - OSX-Flashback.K sample + Mac OS malware study set (30+ older samples).pdf", "2012-04-12 - OSX-Flashback.K sample and Mac OS malware study set (over 30 older samples).pdf", "2012-04-23 - BKDR_CYSXL.A.pdf", "2012-04-18 - DarkMegi rootkit - sample (distributed via Blackhole).pdf", "2012-05-31 - Flamer- A Recipe for Bluetoothache.pdf", "2012-06-06 - Tinba - Zusy - tiny banker trojan.pdf", "2012-06-04 - Small banking Trojan poses major risk.pdf", "2012-05-28 - The Flame- Questions and Answers.pdf", "2012-06-05 - Smartcard vulnerabilities in modern banking malware.pdf", "2012-06-09 - You dirty RAT! Part 1- DarkComet.pdf", "2012-06-21 - BlackShades in Syria.pdf", "2012-06-15 - You Dirty RAT! Part 2 \u2013 BlackShades NET.pdf", "2012-07-02 - Sykipot is back.pdf", "2012-06-24 - Medre.A - AutoCAD worm samples.pdf", "2012-06-21 - RAT samples from Syrian Targeted attacks - Blackshades RAT, XTreme RAT, Dark Comet RAT used by Syrian Electronic Army.pdf", "2012-07-17 - Kaspersky Lab and Seculert Announce \u2018Madi,\u2019 a Newly Discovered Cyber-Espionage Campaign in the Middle East.pdf", "2012-07-17 - The Madi Attacks- Series of Social Engineering Campaigns.pdf", "2012-07-13 - Rovnix bootkit framework updated.pdf", "2012-07-26 - The Madi Campaign \u2013 Part II.pdf", "2012-07-22 - Xtreme RAT analysis.pdf", "2012-08-01 - \u201cRunForestRun\u201d, \u201cgootkit\u201d and random domain name generation.pdf", "2012-07-24 - New Apple Mac Trojan Called OSX-Crisis Discovered.pdf", "2012-07-17 - The Madi Campaign \u2013 Part I.pdf", "2012-08-01 - Inside the ICE IX bot, descendent of Zeus.pdf", "2012-08-10 - Gauss samples - Nation-state cyber-surveillance + Banking trojan.pdf", "2012-08-02 - Cridex Analysis using Volatility.pdf", "2012-08-17 - Shamoon or DistTrack.A samples.pdf", "2012-08-20 - Crisis for Windows Sneaks onto Virtual Machines.pdf", "2012-08-16 - Shamoon the Wiper \u2013 Copycats at Work.pdf", "2012-08-16 - The Shamoon Attacks.pdf", "2012-08-16 - Inside Upas Kit (1.0.1.1) aka Rombrast C&C - Botnet Control Panel.pdf", "2012-08-22 - The first Trojan in history to steal Linux and Mac OS X passwords.pdf", "2012-08-30 - Troj-Binanen-B.pdf", "2012-09-18 - QassamCyberFighters's Pastebin.pdf", "2012-09-01 - URLZone reloaded- new evolution.pdf", "2012-09-28 - Dissecting 'Operation Ababil' - an OSINT Analysis.pdf", "2012-10-02 - Blackhole Exploit Kit \u2013 Rise and Evolution.pdf", "2012-09-06 - The Elderwood Project.pdf", "2012-09-19 - Blog Posts on Nitol.pdf", "2012-08-13 - Syrian Electronic Army.pdf", "2012-10-09 - BKDR_SARHUST.A.pdf", "2012-10-05 - Dark Comet 2- Electric Boogaloo.pdf", "2012-10-12 - New Multiplatform Backdoor Jacksbot Discovered.pdf", "2012-10-09 - SASFIS.pdf", "2012-10-13 - WORM_EMUDBOT.JP.pdf", "2012-10-07 - Cracking New PseudoRandom (runforestrun) Infector.pdf", "2012-11-01 - Tracking the 2012 Sasfis campaign.pdf", "2012-11-16 - Malware Targeting Windows 8 Uses Google Docs.pdf", "2012-11-13 - New variant of Mac Trojan discovered, targeting Tibet.pdf", "2012-11-14 - Group Photos.zip OSX-Revir - OSX-iMuler samples March 2012-November 2012.pdf", "2012-11-16 - Remote Administration Tool for Android devices.pdf", "2012-11-05 - Citadel- a cyber-criminal\u2019s ultimate weapon-.pdf", "2012-10-30 - JACKSBOT Has Some Dirty Tricks up Its Sleeves.pdf", "2012-11-27 - Threat Description- Troj-Ployx-A.pdf", "2012-11-22 - W32.Narilam \u2013 Business Database Sabotage.pdf", "2012-12-03 - Compromised library.pdf", "2012-11-25 - Parastoo Hacks IAEA.pdf", "2012-12-03 - New Mac Malware Found on Dalai Lama Related Website.pdf", "2012-11-28 - Shylock\u2019s New Trick- Evading Malware Researchers.pdf", "2012-11-29 - Inside view of Lyposit aka (for its friends) Lucky LOCKER.pdf", "2012-12-06 - Nov 2012 - W32.Narilam Sample.pdf", "2012-12-07 - Aug 2012 Backdoor.Wirenet - OSX and Linux.pdf", "2012-12-05 - The path to infection - Eye glance at the first line of -Russian Underground- - focused on Ransomware.pdf", "2012-12-07 - Aug 2012 W32.Crisis and OSX.Crisis - JAR file Samples - APT.pdf", "2012-12-07 - Nov 2012 - Backdoor.W32.Makadocs Sample.pdf", "2012-12-12 - Analysis of VirTool-WinNT-Exforel.A rootkit.pdf", "2012-12-07 - Nov 2012 Worm Vobfus Samples.pdf", "2012-12-12 - Unpacking Dexter POS -Memory Dump Parsing- Malware.pdf", "2012-12-13 - The Dexter Malware- Getting Your Hands Dirty.pdf", "2012-11-29 - What\u2019s the Fuss with WORM_VOBFUS-.pdf", "2012-12-15 - Disclosure of another 0day malware - Initial Dropper and Downloader (Part 1).pdf", "2012-12-19 - Win32-Spy.Ranbyus modifying Java code in RBS Ukraine systems.pdf", "2012-12-17 - Sample for Sanny - Win32.Daws in CVE-2012-0158 -ACEAN Regional Security Forum- targeting Russian companies.pdf", "2012-12-18 - Malicious Apache module used for content injection- Linux-Chapro.A.pdf", "2012-12-20 - Trojan.Stabuniq Found on Financial Institution Servers.pdf", "2012-12-15 - Disclosure of another 0day malware - Analysis of 2nd Dropper and 3rd Dropper (Part 2).pdf", "2012-12-23 - Dec 2012 Dexter - POS Infostealer samples and information.pdf", "2012-12-24 - Dec 2012 Linux.Chapro - trojan Apache iframer.pdf", "2012-12-27 - Nitol botnet.pdf", "2012-12-21 - Infostealer Dexter Targets Checkout Systems.pdf", "2012-12-24 - Dec. 2012 Trojan.Stabuniq samples - financial infostealer trojan.pdf", "2012-12-29 - Attack and IE 0day Informations Used Against Council on Foreign Relations.pdf", "2012-12-26 - ZeroAccess - Sirefef Rootkit - 5 fresh samples.pdf", "Crypto -Dark Comet.pdf", "Cyberattack against Israeli and Palestinian targets.pdf", "Dark Comet.pdf", "IEXPL0RE RAT.pdf", "OSX SabPub.pdf", "Flamer C & C Server.pdf", "Ixeshe.pdf", "Shamoon.pdf", "Pest Control.pdf", "The elderwood project.pdf", "The Mirage Campaign.pdf", "The Sin Digoo Affair.pdf", "Trojan Taidoor.pdf", "Wicked Rose & NCPH Hacking Group.pdf", "Fin Fisher's Spy Kit.pdf", "LuckyCat Redux.pdf", "The Madi Infostealers.pdf", "The VOHO Campaign.pdf", "The taidoor campaign.pdf", "The HeartBeat APT Campaign.pdf", "Tibet Lurk.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "kikinumpav", "id": "385742", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "email": 22, "IPv4": 422, "URL": 347, "domain": 373, "hostname": 452, "FileHash-MD5": 927, "FileHash-SHA1": 84, "FileHash-SHA256": 248, "CVE": 42, "IPv6": 1 }, "indicator_count": 2918, "is_author": false, "is_subscribing": null, "subscriber_count": 11, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685186035e5fb63846d29e45", "name": "Regarding Minority Report 2.0 | Aggresive Remote device tracking (multiple) | Network Rat", "description": "Abuse.\nWhy is so much of this in plain sight? .\nMalicious tactics abused by preemptive policing recently implemented by Tech Bros under current Trump administration.\nThee governing Cyber Defense / AI / Data collection firm. | foundry2-lbl.dvr.dn2.n-helix.com | \nhttp://foundry2-lbl.dvr.dn2.n-helix.com |\nhttps://foundry2-lbl.dvr.dn2.n-helix.com |\nhttps://nl.cyberriskalliance.com/assets/icons/twitter.png |\nhttps://axis.snxd.com/track/0\n| track.getbuilt.com | \nRelates to Denver female \u2018allegedly\u2019 injured \u2018in PT.\nA malicious prosecution case against alleged victim after a Detective brought \u2018MTI\u2019 case to controlled Denver DA was dismissed by judge. Injured victim paid a pathetic settlement; especially considering the seriousness of the response of the government. \nThis type\nof tracking silencing is critically dangerous. \nHosanna make no haste to rescue all\nof victims of civilian & victim targeting.\n*Crowdsourced", "modified": "2025-07-17T14:01:34.245000", "created": "2025-06-17T15:13:07.233000", "tags": [ "body", "cps https", "location", "urls server", "cloudfront", "united", "unknown aaaa", "search", "digital press", "moved", "digital culture", "ip address", "creation date", "record value", "entries", "date", "meta", "urls", "http", "passive dns", "unique", "pulse pulses", "related nids", "files location", "flag united", "showing", "rich content", "system", "cdn amazon", "amazons3 tls", "certificate", "redirects", "ua9385760744", "utc na", "utc google", "tag manager", "gk4vnlmd3b9", "server", "amazon", "net1832001", "net18160001", "address range", "cidr", "network name", "allocation type", "whois server", "entity amazon4", "handle", "present mar", "present feb", "unknown cname", "urls show", "date checked", "url hostname", "server response", "aaaa" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 48, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2075, "URL": 5471, "hostname": 1531, "domain": 1013, "FileHash-MD5": 55, "FileHash-SHA1": 53, "CVE": 1, "SSLCertFingerprint": 1, "email": 1, "CIDR": 2 }, "indicator_count": 10203, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "317 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "685186983a4dd00c2b45b255", "name": "Source:\thttps://cloud.samsara.com/o/79639/flee", "description": "", "modified": "2025-07-17T14:01:34.245000", "created": "2025-06-17T15:15:36.505000", "tags": [ "body", "cps https", "location", "urls server", "cloudfront", "united", "unknown aaaa", "search", "digital press", "moved", "digital culture", "ip address", "creation date", "record value", "entries", "date", "meta", "urls", "http", "passive dns", "unique", "pulse pulses", "related nids", "files location", "flag united", "showing", "rich content", "system", "cdn amazon", "amazons3 tls", "certificate", "redirects", "ua9385760744", "utc na", "utc google", "tag manager", "gk4vnlmd3b9", "server", "amazon", "net1832001", "net18160001", "address range", "cidr", "network name", "allocation type", "whois server", "entity amazon4", "handle", "present mar", "present feb", "unknown cname", "urls show", "date checked", "url hostname", "server response", "aaaa" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "685186035e5fb63846d29e45", "export_count": 47, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 2075, "URL": 5471, "hostname": 1531, "domain": 1013, "FileHash-MD5": 55, "FileHash-SHA1": 53, "CVE": 1, "SSLCertFingerprint": 1, "email": 1, "CIDR": 2 }, "indicator_count": 10203, "is_author": false, "is_subscribing": null, "subscriber_count": 143, "modified_text": "317 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "4umf.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "4umf.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780221922.3796763 }