{ "type": "Domain", "indicator": "502testing.tk", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/502testing.tk", "alexa": "http://www.alexa.com/siteinfo/502testing.tk", "indicator": "502testing.tk", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3835007058, "indicator": "502testing.tk", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "667af3df55de77efb0309afe", "name": "Norton's Elevated Cybersecurity Team at it's best - W11 PC - 01.18.24", "description": "Norton's Elevated Cybersecurity Team at it's best - W11 PC - 01.18.24\nRead: https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/summary for Summary of their 'elite team' & their efforts", "modified": "2024-08-30T17:04:50.688000", "created": "2024-06-25T16:44:15.585000", "tags": [ "please", "javascript" ], "references": [ "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/summary", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/graph" ], "public": 1, "adversary": "Norton Telus", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 857, "FileHash-MD5": 44, "FileHash-SHA1": 38, "FileHash-SHA256": 1942, "domain": 593, "hostname": 762 }, "indicator_count": 4236, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "597 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65bf9b680a31915bed66fe9b", "name": "Hacked Browser \u2022 DOS \u2022 Sinkholed", "description": "Ongoing attack against targeted individual.", "modified": "2024-03-05T13:02:33.380000", "created": "2024-02-04T14:12:56.167000", "tags": [ "whois record", "contacted", "ssl certificate", "referrer", "contacted urls", "historical ssl", "resolutions", "siblings domain", "threat roundup", "september", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "execution", "siblings", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "google safe", "creation date", "cpm network", "passive dns", "urls", "search", "expiration date", "name servers", "date", "showing", "unknown", "next", "http response", "final url", "ip address", "status code", "headers date", "files", "apple ios", "urls url", "apple", "password", "domains", "tmobile metro", "hacktool", "ursnif", "malware", "core", "tsara brashears", "copy", "tracker", "highly targeted", "sides with", "nanocore", "ransomexx", "quasar", "maui ransomware", "download", "relic", "monitoring", "installer", "cobalt strike", "phishing", "critical", "emotet", "exploit", "united", "win32upatre jan", "entries", "ipv4", "open", "trojan", "body", "artro", "status", "hostname", "cpm fun", "meta name", "malware stealer trojan evader", "cyber warfare", "urls http", "apple phone", "unlocker", "shell code", "script", "awful", "june", "service", "privateloader", "amadey", "powershell", "pe32 executable", "ms windows", "intel", "ms visual", "win32 dynamic", "link library", "win16 ne", "pe32 compiler", "exe32", "compiler", "vs2013", "info compiler", "products id", "vs2013 upd4", "upd4", "header intel", "name md5", "getcursor getdc" ], "references": [ "http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+", "CS IDS Rules: PROTOCOL-ICMP Destination Unreachable Host Unreachable", "CS IDS Rules: DS rules HIGH - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz", "CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst Matches rule SERVER-OTHER Squid HTTP Vary response header denial of service attempt Unique rule identifier: This rule belongs to a private collection.", "CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst", "CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "AndroidOverlayMalware - MOB-S0012", "display_name": "AndroidOverlayMalware - MOB-S0012", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Maui Ransomware", "display_name": "Maui Ransomware", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Worm:Win32/Mimail.9c74f1f3", "display_name": "Worm:Win32/Mimail.9c74f1f3", "target": "/malware/Worm:Win32/Mimail.9c74f1f3" }, { "id": "Win32.Virlock.Gen.1", "display_name": "Win32.Virlock.Gen.1", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 49, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1301, "FileHash-SHA1": 717, "FileHash-SHA256": 1520, "URL": 1249, "domain": 564, "hostname": 931, "email": 6, "CVE": 2, "FilePath": 1 }, "indicator_count": 6291, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "775 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65bf9b6b83552213615b08b6", "name": "Hacked Browser \u2022 DOS \u2022 Sinkholed", "description": "Ongoing attack against targeted individual.", "modified": "2024-03-05T13:02:33.380000", "created": "2024-02-04T14:12:59.815000", "tags": [ "whois record", "contacted", "ssl certificate", "referrer", "contacted urls", "historical ssl", "resolutions", "siblings domain", "threat roundup", "september", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "execution", "siblings", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "google safe", "creation date", "cpm network", "passive dns", "urls", "search", "expiration date", "name servers", "date", "showing", "unknown", "next", "http response", "final url", "ip address", "status code", "headers date", "files", "apple ios", "urls url", "apple", "password", "domains", "tmobile metro", "hacktool", "ursnif", "malware", "core", "tsara brashears", "copy", "tracker", "highly targeted", "sides with", "nanocore", "ransomexx", "quasar", "maui ransomware", "download", "relic", "monitoring", "installer", "cobalt strike", "phishing", "critical", "emotet", "exploit", "united", "win32upatre jan", "entries", "ipv4", "open", "trojan", "body", "artro", "status", "hostname", "cpm fun", "meta name", "malware stealer trojan evader", "cyber warfare", "urls http", "apple phone", "unlocker", "shell code", "script", "awful", "june", "service", "privateloader", "amadey", "powershell", "pe32 executable", "ms windows", "intel", "ms visual", "win32 dynamic", "link library", "win16 ne", "pe32 compiler", "exe32", "compiler", "vs2013", "info compiler", "products id", "vs2013 upd4", "upd4", "header intel", "name md5", "getcursor getdc" ], "references": [ "http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+", "CS IDS Rules: PROTOCOL-ICMP Destination Unreachable Host Unreachable", "CS IDS Rules: DS rules HIGH - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz", "CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst Matches rule SERVER-OTHER Squid HTTP Vary response header denial of service attempt Unique rule identifier: This rule belongs to a private collection.", "CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst", "CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "AndroidOverlayMalware - MOB-S0012", "display_name": "AndroidOverlayMalware - MOB-S0012", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Maui Ransomware", "display_name": "Maui Ransomware", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Worm:Win32/Mimail.9c74f1f3", "display_name": "Worm:Win32/Mimail.9c74f1f3", "target": "/malware/Worm:Win32/Mimail.9c74f1f3" }, { "id": "Win32.Virlock.Gen.1", "display_name": "Win32.Virlock.Gen.1", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 46, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1301, "FileHash-SHA1": 717, "FileHash-SHA256": 1520, "URL": 1249, "domain": 564, "hostname": 931, "email": 6, "CVE": 2, "FilePath": 1 }, "indicator_count": 6291, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "775 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c09e6935e446f36ee67d16", "name": "Hacked Browser \u2022 DOS \u2022 Sinkholed", "description": "", "modified": "2024-03-05T13:02:33.380000", "created": "2024-02-05T08:38:01.689000", "tags": [ "whois record", "contacted", "ssl certificate", "referrer", "contacted urls", "historical ssl", "resolutions", "siblings domain", "threat roundup", "september", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "execution", "siblings", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "google safe", "creation date", "cpm network", "passive dns", "urls", "search", "expiration date", "name servers", "date", "showing", "unknown", "next", "http response", "final url", "ip address", "status code", "headers date", "files", "apple ios", "urls url", "apple", "password", "domains", "tmobile metro", "hacktool", "ursnif", "malware", "core", "tsara brashears", "copy", "tracker", "highly targeted", "sides with", "nanocore", "ransomexx", "quasar", "maui ransomware", "download", "relic", "monitoring", "installer", "cobalt strike", "phishing", "critical", "emotet", "exploit", "united", "win32upatre jan", "entries", "ipv4", "open", "trojan", "body", "artro", "status", "hostname", "cpm fun", "meta name", "malware stealer trojan evader", "cyber warfare", "urls http", "apple phone", "unlocker", "shell code", "script", "awful", "june", "service", "privateloader", "amadey", "powershell", "pe32 executable", "ms windows", "intel", "ms visual", "win32 dynamic", "link library", "win16 ne", "pe32 compiler", "exe32", "compiler", "vs2013", "info compiler", "products id", "vs2013 upd4", "upd4", "header intel", "name md5", "getcursor getdc" ], "references": [ "http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+", "CS IDS Rules: PROTOCOL-ICMP Destination Unreachable Host Unreachable", "CS IDS Rules: DS rules HIGH - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz", "CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst Matches rule SERVER-OTHER Squid HTTP Vary response header denial of service attempt Unique rule identifier: This rule belongs to a private collection.", "CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst", "CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "AndroidOverlayMalware - MOB-S0012", "display_name": "AndroidOverlayMalware - MOB-S0012", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Maui Ransomware", "display_name": "Maui Ransomware", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Worm:Win32/Mimail.9c74f1f3", "display_name": "Worm:Win32/Mimail.9c74f1f3", "target": "/malware/Worm:Win32/Mimail.9c74f1f3" }, { "id": "Win32.Virlock.Gen.1", "display_name": "Win32.Virlock.Gen.1", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "65bf9b6b83552213615b08b6", "export_count": 44, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1301, "FileHash-SHA1": 717, "FileHash-SHA256": 1520, "URL": 1249, "domain": 564, "hostname": 931, "email": 6, "CVE": 2, "FilePath": 1 }, "indicator_count": 6291, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "775 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/summary", "http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+", "CS IDS Rules: DS rules HIGH - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs", "CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/graph", "CS IDS Rules: PROTOCOL-ICMP Destination Unreachable Host Unreachable", "CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst Matches rule SERVER-OTHER Squid HTTP Vary response header denial of service attempt Unique rule identifier: This rule belongs to a private collection.", "CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Norton Telus" ], "malware_families": [ "Win32.virlock.gen.1", "Amadey", "Relic", "Cobalt strike", "Artro", "Nanocore rat", "Ransomexx", "Hacktool", "Androidoverlaymalware - mob-s0012", "Emotet", "Maui ransomware", "Ursnif", "Worm:win32/mimail.9c74f1f3", "Quasar rat" ], "industries": [ "Telecommunications", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "667af3df55de77efb0309afe", "name": "Norton's Elevated Cybersecurity Team at it's best - W11 PC - 01.18.24", "description": "Norton's Elevated Cybersecurity Team at it's best - W11 PC - 01.18.24\nRead: https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/summary for Summary of their 'elite team' & their efforts", "modified": "2024-08-30T17:04:50.688000", "created": "2024-06-25T16:44:15.585000", "tags": [ "please", "javascript" ], "references": [ "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/summary", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/iocs", "https://www.virustotal.com/gui/collection/82dc29932b9184d02b037289fd4605c158e96a57f376b08a8b2b94e43d0ae18b/graph" ], "public": 1, "adversary": "Norton Telus", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Technology", "Telecommunications" ], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 857, "FileHash-MD5": 44, "FileHash-SHA1": 38, "FileHash-SHA256": 1942, "domain": 593, "hostname": 762 }, "indicator_count": 4236, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "597 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65bf9b680a31915bed66fe9b", "name": "Hacked Browser \u2022 DOS \u2022 Sinkholed", "description": "Ongoing attack against targeted individual.", "modified": "2024-03-05T13:02:33.380000", "created": "2024-02-04T14:12:56.167000", "tags": [ "whois record", "contacted", "ssl certificate", "referrer", "contacted urls", "historical ssl", "resolutions", "siblings domain", "threat roundup", "september", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "execution", "siblings", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "google safe", "creation date", "cpm network", "passive dns", "urls", "search", "expiration date", "name servers", "date", "showing", "unknown", "next", "http response", "final url", "ip address", "status code", "headers date", "files", "apple ios", "urls url", "apple", "password", "domains", "tmobile metro", "hacktool", "ursnif", "malware", "core", "tsara brashears", "copy", "tracker", "highly targeted", "sides with", "nanocore", "ransomexx", "quasar", "maui ransomware", "download", "relic", "monitoring", "installer", "cobalt strike", "phishing", "critical", "emotet", "exploit", "united", "win32upatre jan", "entries", "ipv4", "open", "trojan", "body", "artro", "status", "hostname", "cpm fun", "meta name", "malware stealer trojan evader", "cyber warfare", "urls http", "apple phone", "unlocker", "shell code", "script", "awful", "june", "service", "privateloader", "amadey", "powershell", "pe32 executable", "ms windows", "intel", "ms visual", "win32 dynamic", "link library", "win16 ne", "pe32 compiler", "exe32", "compiler", "vs2013", "info compiler", "products id", "vs2013 upd4", "upd4", "header intel", "name md5", "getcursor getdc" ], "references": [ "http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+", "CS IDS Rules: PROTOCOL-ICMP Destination Unreachable Host Unreachable", "CS IDS Rules: DS rules HIGH - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz", "CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst Matches rule SERVER-OTHER Squid HTTP Vary response header denial of service attempt Unique rule identifier: This rule belongs to a private collection.", "CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst", "CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "AndroidOverlayMalware - MOB-S0012", "display_name": "AndroidOverlayMalware - MOB-S0012", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Maui Ransomware", "display_name": "Maui Ransomware", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Worm:Win32/Mimail.9c74f1f3", "display_name": "Worm:Win32/Mimail.9c74f1f3", "target": "/malware/Worm:Win32/Mimail.9c74f1f3" }, { "id": "Win32.Virlock.Gen.1", "display_name": "Win32.Virlock.Gen.1", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 49, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1301, "FileHash-SHA1": 717, "FileHash-SHA256": 1520, "URL": 1249, "domain": 564, "hostname": 931, "email": 6, "CVE": 2, "FilePath": 1 }, "indicator_count": 6291, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "775 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65bf9b6b83552213615b08b6", "name": "Hacked Browser \u2022 DOS \u2022 Sinkholed", "description": "Ongoing attack against targeted individual.", "modified": "2024-03-05T13:02:33.380000", "created": "2024-02-04T14:12:59.815000", "tags": [ "whois record", "contacted", "ssl certificate", "referrer", "contacted urls", "historical ssl", "resolutions", "siblings domain", "threat roundup", "september", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "execution", "siblings", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "google safe", "creation date", "cpm network", "passive dns", "urls", "search", "expiration date", "name servers", "date", "showing", "unknown", "next", "http response", "final url", "ip address", "status code", "headers date", "files", "apple ios", "urls url", "apple", "password", "domains", "tmobile metro", "hacktool", "ursnif", "malware", "core", "tsara brashears", "copy", "tracker", "highly targeted", "sides with", "nanocore", "ransomexx", "quasar", "maui ransomware", "download", "relic", "monitoring", "installer", "cobalt strike", "phishing", "critical", "emotet", "exploit", "united", "win32upatre jan", "entries", "ipv4", "open", "trojan", "body", "artro", "status", "hostname", "cpm fun", "meta name", "malware stealer trojan evader", "cyber warfare", "urls http", "apple phone", "unlocker", "shell code", "script", "awful", "june", "service", "privateloader", "amadey", "powershell", "pe32 executable", "ms windows", "intel", "ms visual", "win32 dynamic", "link library", "win16 ne", "pe32 compiler", "exe32", "compiler", "vs2013", "info compiler", "products id", "vs2013 upd4", "upd4", "header intel", "name md5", "getcursor getdc" ], "references": [ "http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+", "CS IDS Rules: PROTOCOL-ICMP Destination Unreachable Host Unreachable", "CS IDS Rules: DS rules HIGH - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz", "CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst Matches rule SERVER-OTHER Squid HTTP Vary response header denial of service attempt Unique rule identifier: This rule belongs to a private collection.", "CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst", "CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "AndroidOverlayMalware - MOB-S0012", "display_name": "AndroidOverlayMalware - MOB-S0012", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Maui Ransomware", "display_name": "Maui Ransomware", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Worm:Win32/Mimail.9c74f1f3", "display_name": "Worm:Win32/Mimail.9c74f1f3", "target": "/malware/Worm:Win32/Mimail.9c74f1f3" }, { "id": "Win32.Virlock.Gen.1", "display_name": "Win32.Virlock.Gen.1", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 46, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1301, "FileHash-SHA1": 717, "FileHash-SHA256": 1520, "URL": 1249, "domain": 564, "hostname": 931, "email": 6, "CVE": 2, "FilePath": 1 }, "indicator_count": 6291, "is_author": false, "is_subscribing": null, "subscriber_count": 219, "modified_text": "775 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65c09e6935e446f36ee67d16", "name": "Hacked Browser \u2022 DOS \u2022 Sinkholed", "description": "", "modified": "2024-03-05T13:02:33.380000", "created": "2024-02-05T08:38:01.689000", "tags": [ "whois record", "contacted", "ssl certificate", "referrer", "contacted urls", "historical ssl", "resolutions", "siblings domain", "threat roundup", "september", "threat report", "ip summary", "url summary", "summary", "sample", "samples", "detection list", "blacklist", "execution", "siblings", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "related pulses", "none related", "tags none", "file type", "google safe", "creation date", "cpm network", "passive dns", "urls", "search", "expiration date", "name servers", "date", "showing", "unknown", "next", "http response", "final url", "ip address", "status code", "headers date", "files", "apple ios", "urls url", "apple", "password", "domains", "tmobile metro", "hacktool", "ursnif", "malware", "core", "tsara brashears", "copy", "tracker", "highly targeted", "sides with", "nanocore", "ransomexx", "quasar", "maui ransomware", "download", "relic", "monitoring", "installer", "cobalt strike", "phishing", "critical", "emotet", "exploit", "united", "win32upatre jan", "entries", "ipv4", "open", "trojan", "body", "artro", "status", "hostname", "cpm fun", "meta name", "malware stealer trojan evader", "cyber warfare", "urls http", "apple phone", "unlocker", "shell code", "script", "awful", "june", "service", "privateloader", "amadey", "powershell", "pe32 executable", "ms windows", "intel", "ms visual", "win32 dynamic", "link library", "win16 ne", "pe32 compiler", "exe32", "compiler", "vs2013", "info compiler", "products id", "vs2013 upd4", "upd4", "header intel", "name md5", "getcursor getdc" ], "references": [ "http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+", "CS IDS Rules: PROTOCOL-ICMP Destination Unreachable Host Unreachable", "CS IDS Rules: DS rules HIGH - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz", "CS IDS Rules: ET MALWARE Possible Zeus GameOver/FluBot Related DGA NXDOMAIN Responses Matches rule ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst Matches rule SERVER-OTHER Squid HTTP Vary response header denial of service attempt Unique rule identifier: This rule belongs to a private collection.", "CS IDS Rules: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst", "CS IDS Rules: SERVER-OTHER Squid HTTP Vary response header denial of service attempt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HackTool", "display_name": "HackTool", "target": null }, { "id": "AndroidOverlayMalware - MOB-S0012", "display_name": "AndroidOverlayMalware - MOB-S0012", "target": null }, { "id": "Quasar RAT", "display_name": "Quasar RAT", "target": null }, { "id": "Nanocore RAT", "display_name": "Nanocore RAT", "target": null }, { "id": "RansomEXX", "display_name": "RansomEXX", "target": null }, { "id": "Emotet", "display_name": "Emotet", "target": null }, { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null }, { "id": "Maui Ransomware", "display_name": "Maui Ransomware", "target": null }, { "id": "Ursnif", "display_name": "Ursnif", "target": null }, { "id": "Artro", "display_name": "Artro", "target": null }, { "id": "Relic", "display_name": "Relic", "target": null }, { "id": "Worm:Win32/Mimail.9c74f1f3", "display_name": "Worm:Win32/Mimail.9c74f1f3", "target": "/malware/Worm:Win32/Mimail.9c74f1f3" }, { "id": "Win32.Virlock.Gen.1", "display_name": "Win32.Virlock.Gen.1", "target": null }, { "id": "AMADEY", "display_name": "AMADEY", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "65bf9b6b83552213615b08b6", "export_count": 44, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1301, "FileHash-SHA1": 717, "FileHash-SHA256": 1520, "URL": 1249, "domain": 564, "hostname": 931, "email": 6, "CVE": 2, "FilePath": 1 }, "indicator_count": 6291, "is_author": false, "is_subscribing": null, "subscriber_count": 227, "modified_text": "775 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "502testing.tk", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "502testing.tk", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776647671.219867 }