{ "type": "Domain", "indicator": "agricularly.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/agricularly.com", "alexa": "http://www.alexa.com/siteinfo/agricularly.com", "indicator": "agricularly.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2205220556, "indicator": "agricularly.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 15, "pulses": [ { "id": "69a977c1b075eacfdbaca28a", "name": "Fake Tech Support Delivers Havoc Command & Control", "description": "A sophisticated cyber attack campaign combines social engineering and advanced malware techniques. Attackers pose as IT support to gain initial access, then deploy a modified version of the Havoc C2 framework. The malware uses DLL sideloading, indirect syscalls, and custom loaders to evade detection. After compromising the initial system, the attackers rapidly move laterally, establishing persistence through scheduled tasks and legitimate remote monitoring tools. The campaign demonstrates a blend of human-centric initial access methods and advanced technical evasion techniques, highlighting the need for comprehensive security measures spanning user awareness and technical controls.", "modified": "2026-03-06T08:40:35.510000", "created": "2026-03-05T12:32:01.346000", "tags": [ "havoc demon", "havoc", "social engineering", "havoc c2", "syscalls", "dll sideloading", "remote monitoring tools", "evasion techniques", "lateral movement" ], "references": [ "https://www.huntress.com/blog/fake-tech-support-havoc-command-control" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Havoc Demon", "display_name": "Havoc Demon", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021.002", "name": "SMB/Windows Admin Shares", "display_name": "T1021.002 - SMB/Windows Admin Shares" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1021.001", "name": "Remote Desktop Protocol", "display_name": "T1021.001 - Remote Desktop Protocol" }, { "id": "T1569.002", "name": "Service Execution", "display_name": "T1569.002 - Service Execution" }, { "id": "T1055.001", "name": "Dynamic-link Library Injection", "display_name": "T1055.001 - Dynamic-link Library Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 7, "domain": 6 }, "indicator_count": 15, "is_author": false, "is_subscribing": null, "subscriber_count": 386670, "modified_text": "87 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bbb27ef79369f1b24cd171", "name": "EbeeMar2026 Pt2", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-04-18T08:06:12.483000", "created": "2026-03-19T08:23:26.711000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "bitcoinaddress" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "Gentlemen Ransomware, Ruby Jumper, Moonrise RAT, Dust Specter, NoEscape, Ransom House, Steaelite", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 93, "FileHash-MD5": 157, "FileHash-SHA1": 150, "FileHash-SHA256": 268, "CVE": 5, "domain": 135, "email": 1, "hostname": 42 }, "indicator_count": 851, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bc04acbe4a8aaec1b67e95", "name": "Payload_Delivery | Mar 20, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 20, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-19T14:14:04.504000", "created": "2026-03-19T14:14:04.504000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 389, "URL": 361, "hostname": 824, "FileHash-MD5": 57, "FileHash-SHA256": 85, "FileHash-SHA1": 49 }, "indicator_count": 1765, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "73 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bab2adaa1bf4df291f7430", "name": "Payload_Delivery | Mar 19, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 19, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T14:11:57.508000", "created": "2026-03-18T14:11:57.508000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 312, "hostname": 683, "domain": 330, "FileHash-SHA256": 82, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1605, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "74 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ba385644f1345d4c73440b", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T05:29:58.148000", "created": "2026-03-18T05:29:58.148000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 688, "URL": 303, "domain": 319, "FileHash-SHA256": 62, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1570, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b9fa97daa9c965ebf2445d", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T01:06:31.439000", "created": "2026-03-18T01:06:31.439000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 135, "FileHash-SHA1": 36, "FileHash-SHA256": 37, "hostname": 475, "domain": 195, "URL": 171 }, "indicator_count": 1049, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b9f5691d38f59cdf69547c", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T00:44:25.826000", "created": "2026-03-18T00:44:25.826000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 133, "FileHash-SHA1": 34, "FileHash-SHA256": 36, "hostname": 479, "domain": 196, "URL": 171 }, "indicator_count": 1049, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b95fe710a461d00bb58879", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-17T14:06:31.046000", "created": "2026-03-17T14:06:31.046000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 550, "domain": 200, "URL": 178, "FileHash-MD5": 100, "FileHash-SHA256": 3 }, "indicator_count": 1031, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b808a8ecd284c2cc585c14", "name": "Payload_Delivery | Mar 17, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 17, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-16T13:42:00.175000", "created": "2026-03-16T13:42:00.175000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 918, "domain": 396, "FileHash-SHA256": 99, "URL": 367, "FileHash-MD5": 155, "FileHash-SHA1": 49 }, "indicator_count": 1984, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6bc121a952c45ee50b80f", "name": "Payload_Delivery | Mar 16, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 16, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-15T14:02:58.591000", "created": "2026-03-15T14:02:58.591000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 330, "hostname": 1031, "domain": 363, "FileHash-SHA256": 64, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1986, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "77 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b56a84f14760edc6870528", "name": "Payload_Delivery | Mar 15, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 15, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-14T14:02:44.275000", "created": "2026-03-14T14:02:44.275000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1171, "domain": 366, "URL": 300, "FileHash-MD5": 115, "FileHash-SHA256": 33, "FileHash-SHA1": 14 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "78 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b41a97bb607b6513f81335", "name": "Payload_Delivery | Mar 14, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 14, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-13T14:09:27.029000", "created": "2026-03-13T14:09:27.029000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 268, "hostname": 1133, "domain": 333, "FileHash-SHA256": 64, "FileHash-MD5": 151, "FileHash-SHA1": 50 }, "indicator_count": 1999, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "79 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69acdda8d9ced6066512f0f4", "name": "Fake Tech Support Delivers Havoc Command & Control", "description": "", "modified": "2026-03-08T02:23:36.727000", "created": "2026-03-08T02:23:36.727000", "tags": [ "havoc demon", "havoc", "social engineering", "havoc c2", "syscalls", "dll sideloading", "remote monitoring tools", "evasion techniques", "lateral movement" ], "references": [ "https://www.huntress.com/blog/fake-tech-support-havoc-command-control" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Havoc Demon", "display_name": "Havoc Demon", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021.002", "name": "SMB/Windows Admin Shares", "display_name": "T1021.002 - SMB/Windows Admin Shares" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1021.001", "name": "Remote Desktop Protocol", "display_name": "T1021.001 - Remote Desktop Protocol" }, { "id": "T1569.002", "name": "Service Execution", "display_name": "T1569.002 - Service Execution" }, { "id": "T1055.001", "name": "Dynamic-link Library Injection", "display_name": "T1055.001 - Dynamic-link Library Injection" } ], "industries": [], "TLP": "white", "cloned_from": "69a977c1b075eacfdbaca28a", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 7, "domain": 6 }, "indicator_count": 15, "is_author": false, "is_subscribing": null, "subscriber_count": 277, "modified_text": "85 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aaa8706bef2973fda89e49", "name": "IOC - Exorcising Demons: Fake Tech Support Delivers Havoc Command & Control", "description": "Fake tech support scams are nothing new, but the payloads they deliver are getting a serious upgrade. What once ended with a $300 gift card purchase now ends with a modified Havoc C2 framework burrowed into your environment, leveraging indirect syscalls to dodge EDR and registry-based fallback C2s that stock Havoc doesn't even ship with.", "modified": "2026-03-06T10:12:00.210000", "created": "2026-03-06T10:12:00.210000", "tags": [ "havoc c2", "loader", "havoc" ], "references": [ "https://www.huntress.com/blog/fake-tech-support-havoc-command-control" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 7, "domain": 6 }, "indicator_count": 13, "is_author": false, "is_subscribing": null, "subscriber_count": 137, "modified_text": "87 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69aa2fab382a01da3eb53921", "name": "AVault Clone Support Sites see my support site reference as well- vulnerable folks exploited", "description": "", "modified": "2026-03-06T05:11:04.663000", "created": "2026-03-06T01:36:43.133000", "tags": [ "havoc demon", "havoc", "social engineering", "havoc c2", "syscalls", "dll sideloading", "remote monitoring tools", "evasion techniques", "lateral movement" ], "references": [ "https://www.huntress.com/blog/fake-tech-support-havoc-command-control" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Havoc Demon", "display_name": "Havoc Demon", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021.002", "name": "SMB/Windows Admin Shares", "display_name": "T1021.002 - SMB/Windows Admin Shares" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1021.001", "name": "Remote Desktop Protocol", "display_name": "T1021.001 - Remote Desktop Protocol" }, { "id": "T1569.002", "name": "Service Execution", "display_name": "T1569.002 - Service Execution" }, { "id": "T1055.001", "name": "Dynamic-link Library Injection", "display_name": "T1055.001 - Dynamic-link Library Injection" } ], "industries": [], "TLP": "white", "cloned_from": "69a977c1b075eacfdbaca28a", "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 12, "FileHash-SHA1": 12, "FileHash-SHA256": 30, "domain": 18, "hostname": 1 }, "indicator_count": 73, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "87 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "IOCs.2026.2.csv", "https://ltna.com.au/cyber", "https://www.huntress.com/blog/fake-tech-support-havoc-command-control" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Havoc demon", "Havoc" ], "industries": [] }, "other": { "adversary": [ "Gentlemen Ransomware, Ruby Jumper, Moonrise RAT, Dust Specter, NoEscape, Ransom House, Steaelite" ], "malware_families": [ "Havoc demon", "Havoc" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 15, "pulses": [ { "id": "69a977c1b075eacfdbaca28a", "name": "Fake Tech Support Delivers Havoc Command & Control", "description": "A sophisticated cyber attack campaign combines social engineering and advanced malware techniques. Attackers pose as IT support to gain initial access, then deploy a modified version of the Havoc C2 framework. The malware uses DLL sideloading, indirect syscalls, and custom loaders to evade detection. After compromising the initial system, the attackers rapidly move laterally, establishing persistence through scheduled tasks and legitimate remote monitoring tools. The campaign demonstrates a blend of human-centric initial access methods and advanced technical evasion techniques, highlighting the need for comprehensive security measures spanning user awareness and technical controls.", "modified": "2026-03-06T08:40:35.510000", "created": "2026-03-05T12:32:01.346000", "tags": [ "havoc demon", "havoc", "social engineering", "havoc c2", "syscalls", "dll sideloading", "remote monitoring tools", "evasion techniques", "lateral movement" ], "references": [ "https://www.huntress.com/blog/fake-tech-support-havoc-command-control" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Havoc", "display_name": "Havoc", "target": null }, { "id": "Havoc Demon", "display_name": "Havoc Demon", "target": null } ], "attack_ids": [ { "id": "T1053.005", "name": "Scheduled Task", "display_name": "T1053.005 - Scheduled Task" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1021.002", "name": "SMB/Windows Admin Shares", "display_name": "T1021.002 - SMB/Windows Admin Shares" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1072", "name": "Software Deployment Tools", "display_name": "T1072 - Software Deployment Tools" }, { "id": "T1078", "name": "Valid Accounts", "display_name": "T1078 - Valid Accounts" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1059.003", "name": "Windows Command Shell", "display_name": "T1059.003 - Windows Command Shell" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1018", "name": "Remote System Discovery", "display_name": "T1018 - Remote System Discovery" }, { "id": "T1574.002", "name": "DLL Side-Loading", "display_name": "T1574.002 - DLL Side-Loading" }, { "id": "T1021.001", "name": "Remote Desktop Protocol", "display_name": "T1021.001 - Remote Desktop Protocol" }, { "id": "T1569.002", "name": "Service Execution", "display_name": "T1569.002 - Service Execution" }, { "id": "T1055.001", "name": "Dynamic-link Library Injection", "display_name": "T1055.001 - Dynamic-link Library Injection" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 7, "domain": 6 }, "indicator_count": 15, "is_author": false, "is_subscribing": null, "subscriber_count": 386670, "modified_text": "87 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bbb27ef79369f1b24cd171", "name": "EbeeMar2026 Pt2", "description": "Multiple APT/threat actors, Malware and Campaigns", "modified": "2026-04-18T08:06:12.483000", "created": "2026-03-19T08:23:26.711000", "tags": [ "filehashsha256", "filehashsha1", "filehashmd5", "bitcoinaddress" ], "references": [ "IOCs.2026.2.csv" ], "public": 1, "adversary": "Gentlemen Ransomware, Ruby Jumper, Moonrise RAT, Dust Specter, NoEscape, Ransom House, Steaelite", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 93, "FileHash-MD5": 157, "FileHash-SHA1": 150, "FileHash-SHA256": 268, "CVE": 5, "domain": 135, "email": 1, "hostname": 42 }, "indicator_count": 851, "is_author": false, "is_subscribing": null, "subscriber_count": 41, "modified_text": "44 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bc04acbe4a8aaec1b67e95", "name": "Payload_Delivery | Mar 20, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 20, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-19T14:14:04.504000", "created": "2026-03-19T14:14:04.504000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 389, "URL": 361, "hostname": 824, "FileHash-MD5": 57, "FileHash-SHA256": 85, "FileHash-SHA1": 49 }, "indicator_count": 1765, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "73 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69bab2adaa1bf4df291f7430", "name": "Payload_Delivery | Mar 19, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 19, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T14:11:57.508000", "created": "2026-03-18T14:11:57.508000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 312, "hostname": 683, "domain": 330, "FileHash-SHA256": 82, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1605, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "74 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ba385644f1345d4c73440b", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T05:29:58.148000", "created": "2026-03-18T05:29:58.148000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 688, "URL": 303, "domain": 319, "FileHash-SHA256": 62, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1570, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b9fa97daa9c965ebf2445d", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T01:06:31.439000", "created": "2026-03-18T01:06:31.439000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 135, "FileHash-SHA1": 36, "FileHash-SHA256": 37, "hostname": 475, "domain": 195, "URL": 171 }, "indicator_count": 1049, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b9f5691d38f59cdf69547c", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-18T00:44:25.826000", "created": "2026-03-18T00:44:25.826000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 133, "FileHash-SHA1": 34, "FileHash-SHA256": 36, "hostname": 479, "domain": 196, "URL": 171 }, "indicator_count": 1049, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b95fe710a461d00bb58879", "name": "Payload_Delivery | Mar 18, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: Mar 18, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-17T14:06:31.046000", "created": "2026-03-17T14:06:31.046000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 550, "domain": 200, "URL": 178, "FileHash-MD5": 100, "FileHash-SHA256": 3 }, "indicator_count": 1031, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "75 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b808a8ecd284c2cc585c14", "name": "Payload_Delivery | Mar 17, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 17, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-16T13:42:00.175000", "created": "2026-03-16T13:42:00.175000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 918, "domain": 396, "FileHash-SHA256": 99, "URL": 367, "FileHash-MD5": 155, "FileHash-SHA1": 49 }, "indicator_count": 1984, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "76 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69b6bc121a952c45ee50b80f", "name": "Payload_Delivery | Mar 16, 2026 | Part 1/2", "description": "Payload_Delivery indicators. Date: Mar 16, 2026. Part 1/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-03-15T14:02:58.591000", "created": "2026-03-15T14:02:58.591000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 330, "hostname": 1031, "domain": 363, "FileHash-SHA256": 64, "FileHash-MD5": 149, "FileHash-SHA1": 49 }, "indicator_count": 1986, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "77 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "agricularly.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "agricularly.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780319487.7035012 }