{
  "type": "SHA256",
  "indicator": "9466af2efe9b808d986780de8303cfe2fa4773c7e977dff6f0b393379a4ff5cc",
  "general": {
    "sections": [
      "general",
      "analysis"
    ],
    "type": "sha256",
    "type_title": "FileHash-SHA256",
    "indicator": "9466af2efe9b808d986780de8303cfe2fa4773c7e977dff6f0b393379a4ff5cc",
    "validation": [],
    "base_indicator": {
      "id": 9439,
      "indicator": "9466af2efe9b808d986780de8303cfe2fa4773c7e977dff6f0b393379a4ff5cc",
      "type": "FileHash-SHA256",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 1,
      "pulses": [
        {
          "id": "5570e11bb45ff53d3bcfbd76",
          "name": "KeyBase Keylogger Malware Family Exposed",
          "description": "In recent months, our team has been tracking a keylogger malware family named KeyBase that has been in the wild since February 2015. The malware comes equipped with a variety of features and can be purchased for $50 directly from the author. It has been deployed in attacks against organizations across many industries and is predominantly delivered via phishing emails.",
          "modified": "2015-06-04T23:37:11.800000",
          "created": "2015-06-04T23:36:59.714000",
          "tags": [
            "keybase",
            "keylogger",
            "python",
            "paloalto"
          ],
          "references": [
            "http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-family-exposed/"
          ],
          "public": 1,
          "adversary": null,
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 47,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "AlienVault",
            "id": "2",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png",
            "is_subscribed": true,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-SHA256": 320,
            "URL": 173
          },
          "indicator_count": 493,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 376756,
          "modified_text": "3967 days ago ",
          "is_modified": false,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "FileHash-SHA256",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-family-exposed/"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 1,
  "pulses": [
    {
      "id": "5570e11bb45ff53d3bcfbd76",
      "name": "KeyBase Keylogger Malware Family Exposed",
      "description": "In recent months, our team has been tracking a keylogger malware family named KeyBase that has been in the wild since February 2015. The malware comes equipped with a variety of features and can be purchased for $50 directly from the author. It has been deployed in attacks against organizations across many industries and is predominantly delivered via phishing emails.",
      "modified": "2015-06-04T23:37:11.800000",
      "created": "2015-06-04T23:36:59.714000",
      "tags": [
        "keybase",
        "keylogger",
        "python",
        "paloalto"
      ],
      "references": [
        "http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-family-exposed/"
      ],
      "public": 1,
      "adversary": null,
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 47,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "AlienVault",
        "id": "2",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png",
        "is_subscribed": true,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-SHA256": 320,
        "URL": 173
      },
      "indicator_count": 493,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 376756,
      "modified_text": "3967 days ago ",
      "is_modified": false,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "FileHash-SHA256",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "9466af2efe9b808d986780de8303cfe2fa4773c7e977dff6f0b393379a4ff5cc",
    "type": "Hash"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "9466af2efe9b808d986780de8303cfe2fa4773c7e977dff6f0b393379a4ff5cc",
    "found": false,
    "verdict": "clean",
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1776231589.2518525
}