{
  "type": "Domain",
  "indicator": "access995.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/access995.com",
    "alexa": "http://www.alexa.com/siteinfo/access995.com",
    "indicator": "access995.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 3782397838,
      "indicator": "access995.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 8,
      "pulses": [
        {
          "id": "69f30ef4033560d49d39ac55",
          "name": "VirusTotal report\n                    for executable.exe",
          "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
          "modified": "2026-05-30T09:04:01.553000",
          "created": "2026-04-30T08:12:36.771000",
          "tags": [
            "wifi password",
            "joe security",
            "nextron",
            "new run",
            "key pointing",
            "run key",
            "roth",
            "markus neis",
            "sander wiebing",
            "poudel",
            "public",
            "appdata"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1003",
              "name": "OS Credential Dumping",
              "display_name": "T1003 - OS Credential Dumping"
            },
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1218",
              "name": "Signed Binary Proxy Execution",
              "display_name": "T1218 - Signed Binary Proxy Execution"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1552",
              "name": "Unsecured Credentials",
              "display_name": "T1552 - Unsecured Credentials"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1069,
            "FileHash-SHA1": 868,
            "FileHash-SHA256": 2783,
            "URL": 764,
            "hostname": 756,
            "domain": 293,
            "email": 44,
            "CVE": 44
          },
          "indicator_count": 6621,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "22 hours ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "686df81130f94fff809dd8b7",
          "name": "T-Mobile Service- 23.185.0.2 - Mirai",
          "description": "",
          "modified": "2025-08-08T04:05:03.809000",
          "created": "2025-07-09T05:03:13.536000",
          "tags": [
            "germany unknown",
            "passive dns",
            "invalid url",
            "ipv4 add",
            "pulse pulses",
            "urls",
            "files",
            "reverse dns",
            "frankfurt",
            "main",
            "algorithm",
            "key identifier",
            "x509v3 subject",
            "v3 serial",
            "number",
            "cus olet",
            "encrypt cnr11",
            "validity",
            "public key",
            "info",
            "south korea",
            "united",
            "taiwan as3462",
            "as21928",
            "china as4134",
            "as4766 korea",
            "china as4837",
            "as9318 sk",
            "high",
            "as701 verizon",
            "malware",
            "copy",
            "name jim",
            "zemlin name",
            "letterman dr",
            "address bldg",
            "d ste",
            "date",
            "dnssec",
            "record value",
            "emails",
            "address",
            "date checked",
            "url hostname",
            "server response",
            "ip address",
            "google safe",
            "results jul",
            "present jul",
            "present showing",
            "entries related",
            "domains show",
            "present jun",
            "search",
            "enom",
            "creation date",
            "encrypt"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 6,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Q.Vashti",
            "id": "337942",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 178,
            "FileHash-SHA1": 180,
            "FileHash-SHA256": 2435,
            "hostname": 644,
            "domain": 603,
            "URL": 585,
            "email": 3
          },
          "indicator_count": 4628,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 143,
          "modified_text": "296 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65c4b7b44b63ea6ea0c503d8",
          "name": "Sabey targeting | Gains access to premier Denver Recording Studio",
          "description": "Intellectual property accessed and distributed. \nSabey and company have access, storage and at will control. Ransomware. Active threat. Likelihood of Pegasus abuse.. Critical alert. Reckless predatory type with motives, tools, knowledge, and colleagues continue cyberstalking and in person contact with SA survivor. Carelessly attacking systems of business and facilities target likely to use, This behavior puts others at risk.",
          "modified": "2024-03-09T10:04:19.572000",
          "created": "2024-02-08T11:15:00.329000",
          "tags": [
            "malware",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "report spam",
            "author",
            "cyber espionage",
            "studio created",
            "minutes ago",
            "white goldmax",
            "sibot",
            "goldfinder",
            "python",
            "indicator role",
            "title added",
            "active related",
            "pulses url",
            "entries",
            "url http",
            "pulses cve",
            "threat analyzer",
            "threat",
            "paste",
            "iocs",
            "analyze",
            "hostnames",
            "urls http",
            "sample",
            "urls https",
            "filehashsha1",
            "filehashmd5",
            "ipv4",
            "types of",
            "united kingdom",
            "united",
            "india",
            "china",
            "search",
            "pega type",
            "united states",
            "url https",
            "added active",
            "related pulses",
            "backdoor type",
            "discovery",
            "command",
            "all octoseek",
            "formbook",
            "goldmax",
            "ransomware",
            "njrat",
            "hacktool",
            "maui ransomware",
            "worm",
            "next",
            "type indicator",
            "role title",
            "go",
            "sabey",
            "tulach",
            "targeting tsara brashears",
            "utah",
            "whois record",
            "contacted",
            "ssl certificate",
            "referrer",
            "whois whois",
            "resolutions",
            "collections",
            "bundled",
            "execution",
            "lokibot",
            "tracer tool",
            "c2",
            "command and control",
            "sabey",
            "targeting",
            "hacking apple"
          ],
          "references": [
            "https://side3.com/ | webdisk.side3.com | (http://koshishmarketing.com/mo8igygw3uv/t4z68181/ | malware hosting)",
            "https://sabeydatacenters.com/",
            "sabeydatacenters.com",
            "4jslg.sabeydatacenters.com",
            "https://sabeydatacenters.com/",
            "ProflWiz.exe | 1993173153b9112833140c61f28232bd8af7df7a4891fa4796378a6647fe95e0",
            "https://tulach.cc/ |   [phishing | malware engineering]",
            "https://www.anyxxxtube.net/search-porn/tsara-brashears/  [ phishing | data collection | property theft | target]",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [password decryption]",
            "nr-data.net  [Apple Private Data Collection]"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [
            {
              "id": "Sibot",
              "display_name": "Sibot",
              "target": null
            },
            {
              "id": "GoldFinder",
              "display_name": "GoldFinder",
              "target": null
            },
            {
              "id": "Go",
              "display_name": "Go",
              "target": null
            },
            {
              "id": "NjRAT",
              "display_name": "NjRAT",
              "target": null
            },
            {
              "id": "HackTool",
              "display_name": "HackTool",
              "target": null
            },
            {
              "id": "Ransomware",
              "display_name": "Ransomware",
              "target": null
            },
            {
              "id": "Sabey",
              "display_name": "Sabey",
              "target": null
            },
            {
              "id": "Tulach",
              "display_name": "Tulach",
              "target": null
            },
            {
              "id": "Maui Ransomware",
              "display_name": "Maui Ransomware",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            },
            {
              "id": "T1012",
              "name": "Query Registry",
              "display_name": "T1012 - Query Registry"
            },
            {
              "id": "T1018",
              "name": "Remote System Discovery",
              "display_name": "T1018 - Remote System Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1033",
              "name": "System Owner/User Discovery",
              "display_name": "T1033 - System Owner/User Discovery"
            },
            {
              "id": "T1043",
              "name": "Commonly Used Port",
              "display_name": "T1043 - Commonly Used Port"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1094",
              "name": "Custom Command and Control Protocol",
              "display_name": "T1094 - Custom Command and Control Protocol"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1176",
              "name": "Browser Extensions",
              "display_name": "T1176 - Browser Extensions"
            },
            {
              "id": "T1215",
              "name": "Kernel Modules and Extensions",
              "display_name": "T1215 - Kernel Modules and Extensions"
            },
            {
              "id": "T1449",
              "name": "Exploit SS7 to Redirect Phone Calls/SMS",
              "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
            },
            {
              "id": "T1457",
              "name": "Malicious Media Content",
              "display_name": "T1457 - Malicious Media Content"
            },
            {
              "id": "T1491",
              "name": "Defacement",
              "display_name": "T1491 - Defacement"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1583",
              "name": "Acquire Infrastructure",
              "display_name": "T1583 - Acquire Infrastructure"
            },
            {
              "id": "TA0037",
              "name": "Command and Control",
              "display_name": "TA0037 - Command and Control"
            },
            {
              "id": "TA0011",
              "name": "Command and Control",
              "display_name": "TA0011 - Command and Control"
            }
          ],
          "industries": [
            "Entertainment",
            "Technology",
            "Telecommunications"
          ],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 24,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 422,
            "domain": 240,
            "hostname": 495,
            "CVE": 1,
            "FileHash-MD5": 75,
            "FileHash-SHA1": 73,
            "FileHash-SHA256": 843,
            "email": 2
          },
          "indicator_count": 2151,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "812 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6555ad88f1dd1cd731b34e44",
          "name": "SMTP_Threats_Phishing_Spam_Dom Spoof",
          "description": "SMTP_Threats_By_Helaly",
          "modified": "2024-02-09T06:01:24.942000",
          "created": "2023-11-16T05:50:00.432000",
          "tags": [
            "Email",
            "SMTP",
            "Phishing",
            "Spam"
          ],
          "references": [
            "SMTP_Threats.json"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "Saudi Arabia"
          ],
          "malware_families": [],
          "attack_ids": [],
          "industries": [
            "Education"
          ],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 37,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "Eslam-ElHelaly",
            "id": "259630",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 112,
            "domain": 689,
            "hostname": 130,
            "FileHash-SHA1": 2
          },
          "indicator_count": 933,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 65,
          "modified_text": "842 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6590412931fa8523e305795e",
          "name": "System Owner/User Discovery | Automobile CnC | HyunDAITX.COM",
          "description": "",
          "modified": "2024-01-29T15:00:34.177000",
          "created": "2023-12-30T16:11:21.071000",
          "tags": [
            "remote cnc",
            "no expiration",
            "filehashsha256",
            "domain",
            "filehashsha1",
            "filehashmd5",
            "expiration",
            "iocs",
            "hostname",
            "ipv4",
            "scan endpoints",
            "next",
            "url http",
            "url https",
            "apple",
            "appleid",
            "icloud",
            "tsara brashears",
            "all octoseek",
            "create new",
            "pulse use",
            "pdf report",
            "debugger evasion",
            "evasive",
            "who's driving",
            "yaaa",
            "xobo",
            "writes data to a remote process",
            "widget",
            "win64",
            "waaa",
            "vt report",
            "ttl value",
            "uaaa",
            "united",
            "unknown",
            "urls url",
            "stealthyness",
            "critical",
            "accept",
            "address",
            "admin country",
            "baaa",
            "anti-detection",
            "as11042",
            "network ascii text",
            "network",
            "back",
            "black",
            "body length",
            "attack",
            "boolean",
            "silly",
            "bundled",
            "caaa",
            "caca",
            "caca4baaa",
            "cacf",
            "caea",
            "click",
            "close",
            "cobalt strike",
            "checkbox",
            "ck id",
            "ck matrix",
            "contacted",
            "copy",
            "creation date",
            "code",
            "comcast tmobile",
            "communicating",
            "contact",
            "historical ssl",
            "csc corporate",
            "date",
            "desktop",
            "dns replication",
            "domain related",
            "domains dropped",
            "elf wgetboat",
            "error",
            "execution",
            "factory",
            "false",
            "files",
            "final",
            "url",
            "first",
            "general",
            "getprocaddress",
            "green",
            "group",
            "headers",
            "hr rtd",
            "http response",
            "hybrid",
            "iana id",
            "id",
            "apple id",
            "import",
            "infor",
            "installation",
            "january",
            "kb body",
            "loader",
            "localappdata",
            "love",
            "major",
            "malicious",
            "metro",
            "mitre att",
            "model",
            "netlify",
            "netlify edge",
            "next",
            "trim",
            "null",
            "threat roundup",
            "tech email",
            "subdomains",
            "status code",
            "ssl certificate",
            "show technique span",
            "sha256",
            "serving ip",
            "open",
            "server",
            "override",
            "path",
            "pattern match",
            "payment",
            "pe resource",
            "persistence",
            "phonenumber",
            "record type",
            "referrer",
            "registrar abuse",
            "rust",
            "search"
          ],
          "references": [
            "HyunDAITX.COM | Remote CnC of vehicle systems, connected devices. Critical",
            "https://www.virustotal.com/gui/domain/hyundaitx.com/summary",
            "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621",
            "command_and_control 195.208.1.128 | 206.46.232.39",
            "drvtrd-widget.netlify.app/drivably-widget.js | drvtrd-widget.netlify.app/drivably.js | http://drvtrd-widget.netlify.app/drivably-widget.js",
            "https://www.virustotal.com/gui/url/87327571bc18df63df91ba61da25389eb32563074ccd640e2b15b2d38cf5b968/summary",
            "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621",
            "appleid.com, apple.com, icloud.com",
            "https://blackbook.drivably.com | blackboxpedals.com",
            "car hacking | phone hacking | remote access & system control of entire system",
            "http://watchhers.net/index.php - remote attacks",
            "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community",
            "pornhub.com - contextualizing, malvertizing, tagging, apple password crack",
            "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community",
            "simple investigation shows Brashears historical family vehicles listed.",
            "elonmuskisafailure.com - tracker (yt3.ggpht.com tracker)",
            "www.youtube.com/watch?v=GyuMozsVyYs -tracking Tsara Brashears' SongCulture Youtube",
            "T1622 - Debugger Evasion",
            "T1218 - System Binary Proxy Execution",
            "Creates a process in suspended mode (likely for process injection"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America"
          ],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "TA0011",
              "name": "Command and Control",
              "display_name": "TA0011 - Command and Control"
            },
            {
              "id": "T1546",
              "name": "Event Triggered Execution",
              "display_name": "T1546 - Event Triggered Execution"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1218",
              "name": "Signed Binary Proxy Execution",
              "display_name": "T1218 - Signed Binary Proxy Execution"
            },
            {
              "id": "T1114",
              "name": "Email Collection",
              "display_name": "T1114 - Email Collection"
            },
            {
              "id": "T1114.002",
              "name": "Remote Email Collection",
              "display_name": "T1114.002 - Remote Email Collection"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1408",
              "name": "Disguise Root/Jailbreak Indicators",
              "display_name": "T1408 - Disguise Root/Jailbreak Indicators"
            },
            {
              "id": "T1428",
              "name": "Exploit Enterprise Resources",
              "display_name": "T1428 - Exploit Enterprise Resources"
            },
            {
              "id": "T1422",
              "name": "System Network Configuration Discovery",
              "display_name": "T1422 - System Network Configuration Discovery"
            },
            {
              "id": "T1421",
              "name": "System Network Connections Discovery",
              "display_name": "T1421 - System Network Connections Discovery"
            },
            {
              "id": "T1427",
              "name": "Attack PC via USB Connection",
              "display_name": "T1427 - Attack PC via USB Connection"
            },
            {
              "id": "T1429",
              "name": "Capture Audio",
              "display_name": "T1429 - Capture Audio"
            },
            {
              "id": "T1210",
              "name": "Exploitation of Remote Services",
              "display_name": "T1210 - Exploitation of Remote Services"
            },
            {
              "id": "T1213",
              "name": "Data from Information Repositories",
              "display_name": "T1213 - Data from Information Repositories"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1033",
              "name": "System Owner/User Discovery",
              "display_name": "T1033 - System Owner/User Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "TA0030",
              "name": "Defense Evasion",
              "display_name": "TA0030 - Defense Evasion"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 22,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 1,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 184,
            "FileHash-SHA1": 177,
            "FileHash-SHA256": 1078,
            "URL": 318,
            "domain": 511,
            "email": 4,
            "hostname": 520
          },
          "indicator_count": 2792,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 223,
          "modified_text": "852 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6552d60aae6e1b3c22455088",
          "name": "Hive 0065",
          "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
          "modified": "2023-12-13T16:00:45.799000",
          "created": "2023-11-14T02:06:02.329000",
          "tags": [
            "united",
            "as8075",
            "creation date",
            "unknown",
            "search",
            "entries",
            "asnone country",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "related domains",
            "show",
            "domain related",
            "xbox",
            "whois record",
            "contacted",
            "whois whois",
            "ssl certificate",
            "communicating",
            "referrer",
            "execution",
            "historical ssl",
            "bundled",
            "family",
            "lolkek",
            "formbook",
            "skynet",
            "lockbit",
            "ursnif",
            "attack",
            "core"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 4276,
            "email": 3,
            "hostname": 2288,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 49,
            "FileHash-SHA256": 2756,
            "URL": 8696,
            "CVE": 1
          },
          "indicator_count": 18120,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 226,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6552d6f5f56d2e9cd9e18a30",
          "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
          "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
          "modified": "2023-12-13T16:00:45.799000",
          "created": "2023-11-14T02:09:57.370000",
          "tags": [
            "united",
            "as8075",
            "creation date",
            "unknown",
            "search",
            "entries",
            "asnone country",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "related domains",
            "show",
            "domain related",
            "xbox",
            "whois record",
            "contacted",
            "whois whois",
            "ssl certificate",
            "communicating",
            "referrer",
            "execution",
            "historical ssl",
            "bundled",
            "family",
            "lolkek",
            "formbook",
            "skynet",
            "lockbit",
            "ursnif",
            "attack",
            "core"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 4276,
            "email": 3,
            "hostname": 2288,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 49,
            "FileHash-SHA256": 2756,
            "URL": 8696,
            "CVE": 1
          },
          "indicator_count": 18120,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 225,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568b00198f82af2e88d463",
          "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
          "description": "",
          "modified": "2023-12-13T16:00:45.799000",
          "created": "2023-11-16T21:34:56.016000",
          "tags": [
            "united",
            "as8075",
            "creation date",
            "unknown",
            "search",
            "entries",
            "asnone country",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "related domains",
            "show",
            "domain related",
            "xbox",
            "whois record",
            "contacted",
            "whois whois",
            "ssl certificate",
            "communicating",
            "referrer",
            "execution",
            "historical ssl",
            "bundled",
            "family",
            "lolkek",
            "formbook",
            "skynet",
            "lockbit",
            "ursnif",
            "attack",
            "core"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": "6552d6f5f56d2e9cd9e18a30",
          "export_count": 21,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 4276,
            "email": 3,
            "hostname": 2288,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 49,
            "FileHash-SHA256": 2756,
            "URL": 8696,
            "CVE": 1
          },
          "indicator_count": 18120,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 231,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "https://sabeydatacenters.com/",
        "https://www.anyxxxtube.net/search-porn/tsara-brashears/  [ phishing | data collection | property theft | target]",
        "T1218 - System Binary Proxy Execution",
        "pornhub.com - contextualizing, malvertizing, tagging, apple password crack",
        "HyunDAITX.COM | Remote CnC of vehicle systems, connected devices. Critical",
        "https://www.virustotal.com/gui/domain/hyundaitx.com/summary",
        "command_and_control 195.208.1.128 | 206.46.232.39",
        "www.youtube.com/watch?v=GyuMozsVyYs -tracking Tsara Brashears' SongCulture Youtube",
        "https://side3.com/ | webdisk.side3.com | (http://koshishmarketing.com/mo8igygw3uv/t4z68181/ | malware hosting)",
        "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621",
        "https://blackbook.drivably.com | blackboxpedals.com",
        "car hacking | phone hacking | remote access & system control of entire system",
        "nr-data.net  [Apple Private Data Collection]",
        "https://www.virustotal.com/gui/url/87327571bc18df63df91ba61da25389eb32563074ccd640e2b15b2d38cf5b968/summary",
        "sabeydatacenters.com",
        "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community",
        "T1622 - Debugger Evasion",
        "https://tulach.cc/ |   [phishing | malware engineering]",
        "4jslg.sabeydatacenters.com",
        "Creates a process in suspended mode (likely for process injection",
        "appleid.com, apple.com, icloud.com",
        "ProflWiz.exe | 1993173153b9112833140c61f28232bd8af7df7a4891fa4796378a6647fe95e0",
        "elonmuskisafailure.com - tracker (yt3.ggpht.com tracker)",
        "drvtrd-widget.netlify.app/drivably-widget.js | drvtrd-widget.netlify.app/drivably.js | http://drvtrd-widget.netlify.app/drivably-widget.js",
        "SMTP_Threats.json",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [password decryption]",
        "simple investigation shows Brashears historical family vehicles listed.",
        "http://watchhers.net/index.php - remote attacks"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [
            "Go",
            "Hacktool",
            "Njrat",
            "Sibot",
            "Maui ransomware",
            "Sabey",
            "Ransomware",
            "Goldfinder",
            "Tulach"
          ],
          "industries": [
            "Education",
            "Telecommunications",
            "Entertainment",
            "Technology"
          ]
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 8,
  "pulses": [
    {
      "id": "69f30ef4033560d49d39ac55",
      "name": "VirusTotal report\n                    for executable.exe",
      "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
      "modified": "2026-05-30T09:04:01.553000",
      "created": "2026-04-30T08:12:36.771000",
      "tags": [
        "wifi password",
        "joe security",
        "nextron",
        "new run",
        "key pointing",
        "run key",
        "roth",
        "markus neis",
        "sander wiebing",
        "poudel",
        "public",
        "appdata"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1003",
          "name": "OS Credential Dumping",
          "display_name": "T1003 - OS Credential Dumping"
        },
        {
          "id": "T1005",
          "name": "Data from Local System",
          "display_name": "T1005 - Data from Local System"
        },
        {
          "id": "T1010",
          "name": "Application Window Discovery",
          "display_name": "T1010 - Application Window Discovery"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1218",
          "name": "Signed Binary Proxy Execution",
          "display_name": "T1218 - Signed Binary Proxy Execution"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1552",
          "name": "Unsecured Credentials",
          "display_name": "T1552 - Unsecured Credentials"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1069,
        "FileHash-SHA1": 868,
        "FileHash-SHA256": 2783,
        "URL": 764,
        "hostname": 756,
        "domain": 293,
        "email": 44,
        "CVE": 44
      },
      "indicator_count": 6621,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "22 hours ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "686df81130f94fff809dd8b7",
      "name": "T-Mobile Service- 23.185.0.2 - Mirai",
      "description": "",
      "modified": "2025-08-08T04:05:03.809000",
      "created": "2025-07-09T05:03:13.536000",
      "tags": [
        "germany unknown",
        "passive dns",
        "invalid url",
        "ipv4 add",
        "pulse pulses",
        "urls",
        "files",
        "reverse dns",
        "frankfurt",
        "main",
        "algorithm",
        "key identifier",
        "x509v3 subject",
        "v3 serial",
        "number",
        "cus olet",
        "encrypt cnr11",
        "validity",
        "public key",
        "info",
        "south korea",
        "united",
        "taiwan as3462",
        "as21928",
        "china as4134",
        "as4766 korea",
        "china as4837",
        "as9318 sk",
        "high",
        "as701 verizon",
        "malware",
        "copy",
        "name jim",
        "zemlin name",
        "letterman dr",
        "address bldg",
        "d ste",
        "date",
        "dnssec",
        "record value",
        "emails",
        "address",
        "date checked",
        "url hostname",
        "server response",
        "ip address",
        "google safe",
        "results jul",
        "present jul",
        "present showing",
        "entries related",
        "domains show",
        "present jun",
        "search",
        "enom",
        "creation date",
        "encrypt"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 6,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Q.Vashti",
        "id": "337942",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 178,
        "FileHash-SHA1": 180,
        "FileHash-SHA256": 2435,
        "hostname": 644,
        "domain": 603,
        "URL": 585,
        "email": 3
      },
      "indicator_count": 4628,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 143,
      "modified_text": "296 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65c4b7b44b63ea6ea0c503d8",
      "name": "Sabey targeting | Gains access to premier Denver Recording Studio",
      "description": "Intellectual property accessed and distributed. \nSabey and company have access, storage and at will control. Ransomware. Active threat. Likelihood of Pegasus abuse.. Critical alert. Reckless predatory type with motives, tools, knowledge, and colleagues continue cyberstalking and in person contact with SA survivor. Carelessly attacking systems of business and facilities target likely to use, This behavior puts others at risk.",
      "modified": "2024-03-09T10:04:19.572000",
      "created": "2024-02-08T11:15:00.329000",
      "tags": [
        "malware",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "report spam",
        "author",
        "cyber espionage",
        "studio created",
        "minutes ago",
        "white goldmax",
        "sibot",
        "goldfinder",
        "python",
        "indicator role",
        "title added",
        "active related",
        "pulses url",
        "entries",
        "url http",
        "pulses cve",
        "threat analyzer",
        "threat",
        "paste",
        "iocs",
        "analyze",
        "hostnames",
        "urls http",
        "sample",
        "urls https",
        "filehashsha1",
        "filehashmd5",
        "ipv4",
        "types of",
        "united kingdom",
        "united",
        "india",
        "china",
        "search",
        "pega type",
        "united states",
        "url https",
        "added active",
        "related pulses",
        "backdoor type",
        "discovery",
        "command",
        "all octoseek",
        "formbook",
        "goldmax",
        "ransomware",
        "njrat",
        "hacktool",
        "maui ransomware",
        "worm",
        "next",
        "type indicator",
        "role title",
        "go",
        "sabey",
        "tulach",
        "targeting tsara brashears",
        "utah",
        "whois record",
        "contacted",
        "ssl certificate",
        "referrer",
        "whois whois",
        "resolutions",
        "collections",
        "bundled",
        "execution",
        "lokibot",
        "tracer tool",
        "c2",
        "command and control",
        "sabey",
        "targeting",
        "hacking apple"
      ],
      "references": [
        "https://side3.com/ | webdisk.side3.com | (http://koshishmarketing.com/mo8igygw3uv/t4z68181/ | malware hosting)",
        "https://sabeydatacenters.com/",
        "sabeydatacenters.com",
        "4jslg.sabeydatacenters.com",
        "https://sabeydatacenters.com/",
        "ProflWiz.exe | 1993173153b9112833140c61f28232bd8af7df7a4891fa4796378a6647fe95e0",
        "https://tulach.cc/ |   [phishing | malware engineering]",
        "https://www.anyxxxtube.net/search-porn/tsara-brashears/  [ phishing | data collection | property theft | target]",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian [password decryption]",
        "nr-data.net  [Apple Private Data Collection]"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America"
      ],
      "malware_families": [
        {
          "id": "Sibot",
          "display_name": "Sibot",
          "target": null
        },
        {
          "id": "GoldFinder",
          "display_name": "GoldFinder",
          "target": null
        },
        {
          "id": "Go",
          "display_name": "Go",
          "target": null
        },
        {
          "id": "NjRAT",
          "display_name": "NjRAT",
          "target": null
        },
        {
          "id": "HackTool",
          "display_name": "HackTool",
          "target": null
        },
        {
          "id": "Ransomware",
          "display_name": "Ransomware",
          "target": null
        },
        {
          "id": "Sabey",
          "display_name": "Sabey",
          "target": null
        },
        {
          "id": "Tulach",
          "display_name": "Tulach",
          "target": null
        },
        {
          "id": "Maui Ransomware",
          "display_name": "Maui Ransomware",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        },
        {
          "id": "T1012",
          "name": "Query Registry",
          "display_name": "T1012 - Query Registry"
        },
        {
          "id": "T1018",
          "name": "Remote System Discovery",
          "display_name": "T1018 - Remote System Discovery"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1033",
          "name": "System Owner/User Discovery",
          "display_name": "T1033 - System Owner/User Discovery"
        },
        {
          "id": "T1043",
          "name": "Commonly Used Port",
          "display_name": "T1043 - Commonly Used Port"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1094",
          "name": "Custom Command and Control Protocol",
          "display_name": "T1094 - Custom Command and Control Protocol"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1176",
          "name": "Browser Extensions",
          "display_name": "T1176 - Browser Extensions"
        },
        {
          "id": "T1215",
          "name": "Kernel Modules and Extensions",
          "display_name": "T1215 - Kernel Modules and Extensions"
        },
        {
          "id": "T1449",
          "name": "Exploit SS7 to Redirect Phone Calls/SMS",
          "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS"
        },
        {
          "id": "T1457",
          "name": "Malicious Media Content",
          "display_name": "T1457 - Malicious Media Content"
        },
        {
          "id": "T1491",
          "name": "Defacement",
          "display_name": "T1491 - Defacement"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1583",
          "name": "Acquire Infrastructure",
          "display_name": "T1583 - Acquire Infrastructure"
        },
        {
          "id": "TA0037",
          "name": "Command and Control",
          "display_name": "TA0037 - Command and Control"
        },
        {
          "id": "TA0011",
          "name": "Command and Control",
          "display_name": "TA0011 - Command and Control"
        }
      ],
      "industries": [
        "Entertainment",
        "Technology",
        "Telecommunications"
      ],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 24,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 422,
        "domain": 240,
        "hostname": 495,
        "CVE": 1,
        "FileHash-MD5": 75,
        "FileHash-SHA1": 73,
        "FileHash-SHA256": 843,
        "email": 2
      },
      "indicator_count": 2151,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "812 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6555ad88f1dd1cd731b34e44",
      "name": "SMTP_Threats_Phishing_Spam_Dom Spoof",
      "description": "SMTP_Threats_By_Helaly",
      "modified": "2024-02-09T06:01:24.942000",
      "created": "2023-11-16T05:50:00.432000",
      "tags": [
        "Email",
        "SMTP",
        "Phishing",
        "Spam"
      ],
      "references": [
        "SMTP_Threats.json"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "Saudi Arabia"
      ],
      "malware_families": [],
      "attack_ids": [],
      "industries": [
        "Education"
      ],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 37,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "Eslam-ElHelaly",
        "id": "259630",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 112,
        "domain": 689,
        "hostname": 130,
        "FileHash-SHA1": 2
      },
      "indicator_count": 933,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 65,
      "modified_text": "842 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6590412931fa8523e305795e",
      "name": "System Owner/User Discovery | Automobile CnC | HyunDAITX.COM",
      "description": "",
      "modified": "2024-01-29T15:00:34.177000",
      "created": "2023-12-30T16:11:21.071000",
      "tags": [
        "remote cnc",
        "no expiration",
        "filehashsha256",
        "domain",
        "filehashsha1",
        "filehashmd5",
        "expiration",
        "iocs",
        "hostname",
        "ipv4",
        "scan endpoints",
        "next",
        "url http",
        "url https",
        "apple",
        "appleid",
        "icloud",
        "tsara brashears",
        "all octoseek",
        "create new",
        "pulse use",
        "pdf report",
        "debugger evasion",
        "evasive",
        "who's driving",
        "yaaa",
        "xobo",
        "writes data to a remote process",
        "widget",
        "win64",
        "waaa",
        "vt report",
        "ttl value",
        "uaaa",
        "united",
        "unknown",
        "urls url",
        "stealthyness",
        "critical",
        "accept",
        "address",
        "admin country",
        "baaa",
        "anti-detection",
        "as11042",
        "network ascii text",
        "network",
        "back",
        "black",
        "body length",
        "attack",
        "boolean",
        "silly",
        "bundled",
        "caaa",
        "caca",
        "caca4baaa",
        "cacf",
        "caea",
        "click",
        "close",
        "cobalt strike",
        "checkbox",
        "ck id",
        "ck matrix",
        "contacted",
        "copy",
        "creation date",
        "code",
        "comcast tmobile",
        "communicating",
        "contact",
        "historical ssl",
        "csc corporate",
        "date",
        "desktop",
        "dns replication",
        "domain related",
        "domains dropped",
        "elf wgetboat",
        "error",
        "execution",
        "factory",
        "false",
        "files",
        "final",
        "url",
        "first",
        "general",
        "getprocaddress",
        "green",
        "group",
        "headers",
        "hr rtd",
        "http response",
        "hybrid",
        "iana id",
        "id",
        "apple id",
        "import",
        "infor",
        "installation",
        "january",
        "kb body",
        "loader",
        "localappdata",
        "love",
        "major",
        "malicious",
        "metro",
        "mitre att",
        "model",
        "netlify",
        "netlify edge",
        "next",
        "trim",
        "null",
        "threat roundup",
        "tech email",
        "subdomains",
        "status code",
        "ssl certificate",
        "show technique span",
        "sha256",
        "serving ip",
        "open",
        "server",
        "override",
        "path",
        "pattern match",
        "payment",
        "pe resource",
        "persistence",
        "phonenumber",
        "record type",
        "referrer",
        "registrar abuse",
        "rust",
        "search"
      ],
      "references": [
        "HyunDAITX.COM | Remote CnC of vehicle systems, connected devices. Critical",
        "https://www.virustotal.com/gui/domain/hyundaitx.com/summary",
        "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621",
        "command_and_control 195.208.1.128 | 206.46.232.39",
        "drvtrd-widget.netlify.app/drivably-widget.js | drvtrd-widget.netlify.app/drivably.js | http://drvtrd-widget.netlify.app/drivably-widget.js",
        "https://www.virustotal.com/gui/url/87327571bc18df63df91ba61da25389eb32563074ccd640e2b15b2d38cf5b968/summary",
        "https://hybrid-analysis.com/sample/235ae35db42acacf6bb9dbab1ca6392f67a60680275ec03f86866b7867db651f/65901471e396520cb3032621",
        "appleid.com, apple.com, icloud.com",
        "https://blackbook.drivably.com | blackboxpedals.com",
        "car hacking | phone hacking | remote access & system control of entire system",
        "http://watchhers.net/index.php - remote attacks",
        "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community",
        "pornhub.com - contextualizing, malvertizing, tagging, apple password crack",
        "https://www.virustotal.com/gui/url/105e81bb8b366deb8e6b8849a7c61ebcff181fbc2e48347f5476d9e42b361b37/community",
        "simple investigation shows Brashears historical family vehicles listed.",
        "elonmuskisafailure.com - tracker (yt3.ggpht.com tracker)",
        "www.youtube.com/watch?v=GyuMozsVyYs -tracking Tsara Brashears' SongCulture Youtube",
        "T1622 - Debugger Evasion",
        "T1218 - System Binary Proxy Execution",
        "Creates a process in suspended mode (likely for process injection"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America"
      ],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "TA0011",
          "name": "Command and Control",
          "display_name": "TA0011 - Command and Control"
        },
        {
          "id": "T1546",
          "name": "Event Triggered Execution",
          "display_name": "T1546 - Event Triggered Execution"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1218",
          "name": "Signed Binary Proxy Execution",
          "display_name": "T1218 - Signed Binary Proxy Execution"
        },
        {
          "id": "T1114",
          "name": "Email Collection",
          "display_name": "T1114 - Email Collection"
        },
        {
          "id": "T1114.002",
          "name": "Remote Email Collection",
          "display_name": "T1114.002 - Remote Email Collection"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1408",
          "name": "Disguise Root/Jailbreak Indicators",
          "display_name": "T1408 - Disguise Root/Jailbreak Indicators"
        },
        {
          "id": "T1428",
          "name": "Exploit Enterprise Resources",
          "display_name": "T1428 - Exploit Enterprise Resources"
        },
        {
          "id": "T1422",
          "name": "System Network Configuration Discovery",
          "display_name": "T1422 - System Network Configuration Discovery"
        },
        {
          "id": "T1421",
          "name": "System Network Connections Discovery",
          "display_name": "T1421 - System Network Connections Discovery"
        },
        {
          "id": "T1427",
          "name": "Attack PC via USB Connection",
          "display_name": "T1427 - Attack PC via USB Connection"
        },
        {
          "id": "T1429",
          "name": "Capture Audio",
          "display_name": "T1429 - Capture Audio"
        },
        {
          "id": "T1210",
          "name": "Exploitation of Remote Services",
          "display_name": "T1210 - Exploitation of Remote Services"
        },
        {
          "id": "T1213",
          "name": "Data from Information Repositories",
          "display_name": "T1213 - Data from Information Repositories"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1033",
          "name": "System Owner/User Discovery",
          "display_name": "T1033 - System Owner/User Discovery"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1010",
          "name": "Application Window Discovery",
          "display_name": "T1010 - Application Window Discovery"
        },
        {
          "id": "T1005",
          "name": "Data from Local System",
          "display_name": "T1005 - Data from Local System"
        },
        {
          "id": "TA0030",
          "name": "Defense Evasion",
          "display_name": "TA0030 - Defense Evasion"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 22,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 1,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 184,
        "FileHash-SHA1": 177,
        "FileHash-SHA256": 1078,
        "URL": 318,
        "domain": 511,
        "email": 4,
        "hostname": 520
      },
      "indicator_count": 2792,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 223,
      "modified_text": "852 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6552d60aae6e1b3c22455088",
      "name": "Hive 0065",
      "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
      "modified": "2023-12-13T16:00:45.799000",
      "created": "2023-11-14T02:06:02.329000",
      "tags": [
        "united",
        "as8075",
        "creation date",
        "unknown",
        "search",
        "entries",
        "asnone country",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "related domains",
        "show",
        "domain related",
        "xbox",
        "whois record",
        "contacted",
        "whois whois",
        "ssl certificate",
        "communicating",
        "referrer",
        "execution",
        "historical ssl",
        "bundled",
        "family",
        "lolkek",
        "formbook",
        "skynet",
        "lockbit",
        "ursnif",
        "attack",
        "core"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 4276,
        "email": 3,
        "hostname": 2288,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 49,
        "FileHash-SHA256": 2756,
        "URL": 8696,
        "CVE": 1
      },
      "indicator_count": 18120,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 226,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6552d6f5f56d2e9cd9e18a30",
      "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
      "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
      "modified": "2023-12-13T16:00:45.799000",
      "created": "2023-11-14T02:09:57.370000",
      "tags": [
        "united",
        "as8075",
        "creation date",
        "unknown",
        "search",
        "entries",
        "asnone country",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "related domains",
        "show",
        "domain related",
        "xbox",
        "whois record",
        "contacted",
        "whois whois",
        "ssl certificate",
        "communicating",
        "referrer",
        "execution",
        "historical ssl",
        "bundled",
        "family",
        "lolkek",
        "formbook",
        "skynet",
        "lockbit",
        "ursnif",
        "attack",
        "core"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 4276,
        "email": 3,
        "hostname": 2288,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 49,
        "FileHash-SHA256": 2756,
        "URL": 8696,
        "CVE": 1
      },
      "indicator_count": 18120,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 225,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568b00198f82af2e88d463",
      "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
      "description": "",
      "modified": "2023-12-13T16:00:45.799000",
      "created": "2023-11-16T21:34:56.016000",
      "tags": [
        "united",
        "as8075",
        "creation date",
        "unknown",
        "search",
        "entries",
        "asnone country",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "related domains",
        "show",
        "domain related",
        "xbox",
        "whois record",
        "contacted",
        "whois whois",
        "ssl certificate",
        "communicating",
        "referrer",
        "execution",
        "historical ssl",
        "bundled",
        "family",
        "lolkek",
        "formbook",
        "skynet",
        "lockbit",
        "ursnif",
        "attack",
        "core"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": "6552d6f5f56d2e9cd9e18a30",
      "export_count": 21,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 4276,
        "email": 3,
        "hostname": 2288,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 49,
        "FileHash-SHA256": 2756,
        "URL": 8696,
        "CVE": 1
      },
      "indicator_count": 18120,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 231,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "access995.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "access995.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780213197.8742366
}