{ "type": "Domain", "indicator": "ashesofcreation.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/ashesofcreation.com", "alexa": "http://www.alexa.com/siteinfo/ashesofcreation.com", "indicator": "ashesofcreation.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3894569865, "indicator": "ashesofcreation.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69fd98fba834ab33f7cfe50f", "name": "Telus Communications (Canadian ISP) clone Disable_Duck - relevant Ip shadows", "description": "", "modified": "2026-05-08T08:04:11.769000", "created": "2026-05-08T08:04:11.769000", "tags": [ "Telus" ], "references": [ "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/graph", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/iocs", "https://tria.ge/240428-tjsmrsbf4t", "https://www.virustotal.com/graph/embed/ga06a03c71a1848adb8e47517af7d1803f6bc8aa5dd4a480f921a7e9528da34df?theme=dark", "https://intelx.io/?s=telus.com", "https://lab.dynamite.ai/pcaps/319ab9c1-044c-4791-98b8-a134918cae63", "https://lab.dynamite.ai/pcaps/8c720f26-cf1b-4aed-bad5-da87f7f17977", "https://lab.dynamite.ai/pcaps/5beb5211-b3ce-4c11-8fa7-44eee039113a", "https://www.virustotal.com/graph/embed/ga408d14b97e346d788613eab3a11c80af28a15dda5334f9a93221e82d25545bb?theme=dark", "https://urlhaus.abuse.ch/feeds/asn/852/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Technology", "Telecommunications", "Education" ], "TLP": "green", "cloned_from": "662e72197adff2cced4acab5", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 283, "FileHash-SHA1": 283, "FileHash-SHA256": 366, "URL": 726, "domain": 564, "hostname": 523 }, "indicator_count": 2745, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69589dd49ec0010e69444d66", "name": "AgentTesla affecting a video game platform currently downed", "description": "DeadByDayLight.com is being crushed by malware attacks. I only researched one of the Trojans found. AgentTesla. I\u2019m definitely not a gamer, found it interesting the peripheral whilst researching. Research led link as it relates to related Pulse/a.", "modified": "2026-02-02T03:02:34.652000", "created": "2026-01-03T04:40:52.240000", "tags": [ "aaaa", "united", "present sep", "present aug", "present jun", "present jan", "ip address", "name servers", "iocs", "data upload", "extraction", "review iocs", "ada indicator", "find suggested", "type a", "passive dns", "urls", "domain", "address", "asn as16509", "trojandropper", "subid", "title error", "ipv4", "twitter", "win32", "servers", "hostname add", "url analysis", "ms windows", "pe32", "intel", "memcommit", "caption", "f im", "read c", "mozilla", "service", "write", "persistence", "execution", "malware", "next", "united states", "yara detections", "alerts", "analysis date", "suspicious ua", "nsisdl", "less see", "all ip", "contacted", "tech broism", "palantir" ], "references": [ "https://deadbydaylight.com", "Win.Trojan.Generic-9884244-0 , ALF:Trojan:MSIL/AgentTesla.KM", "IDS Detections: Observed Suspicious UA (NSISDL/1.2 (Mozilla)) Nullsoft Mozilla UA (NSISDL)", "Yara Detections: Nullsoft_NSIS", "Alerts: network_icmp antivm_generic_services persistence_autorun creates_largekey", "Alerts: creates_service dumped_buffer network_cnc_http network_http allocates_rwx", "Alerts: antivm_disk_size infostealer_browser creates_exe creates_shortcut", "Alerts: queries_programs uses_windows_utilities antivm_queries_computername", "Alerts: exe_appdata has_wmi antivm_network_adapters privilege_luid_check", "IP\u2019s Contacted 34.233.61.169 54.192.76.30 54.230.125.59", "Domains Contacted proxel.bytefence.com logs.bytefence.com", "Domains related/not pulsed: video-lal.com/videos/tsara-brashears-dead-by-daylight.html", "gossamer-containers.washington.palantircloud.com \u2022", "sandboxes-ranunculus.palantirfedstart.com \u2022 eureka-bah-usgc-1.palantirfedstart.com \u2022", "http://2.palantirfedstart.com/ \u2022 http://authorium-docs-stg.palantirfedstart.com", "https://sandboxes-ranunculus.palantirfedstart.com/t", "http://lsauth-vault.palantirfedstart.com \u2022 http://mugwort-container-registry.palantirfedstart.com/", "https://containers-specterops-mckinley.palantirfedstart.com/", "https://mugwort-container-registry.palantirfedstart.com/ \u2022 https://ohrid-usgc-1.palantirfedstart.com", "https://authorium-docs-stg.palantirfedstart.com \u2022 https://chelan-containers.palantirfedstart.com", "https://containers-manuka-usgc-1.palantirfedstart.com \u2022 rizkly.palantirfedstart.com", "palantirfedstart.com \u2022 rizkly.palantirfedstart.com \u2022", "https://kalpak.palantirfedstart.com/ \u2022 https://lsauth-vault.palantirfedstart.com/", "primer-delta-endpoints-staging.palantirfedstart.com", "http://containers-manuka-usgc-1.palantirfedstart.com \u2022http://kalpak.palantirfedstart.com", "http://ohrid-usgc-1.palantirfedstart.com \u2022 http://sandboxes-ranunculus.palantirfedstart.com", "http://sundog-ge-traces.palantirfedstart.com \u2022 https://2.palantirfedstart.com/u" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Generic-9884244-0 ,", "display_name": "Win.Trojan.Generic-9884244-0 ,", "target": null }, { "id": "alf:Trojan:MSIL/AgentTesla.KM", "display_name": "alf:Trojan:MSIL/AgentTesla.KM", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4342, "domain": 767, "hostname": 1456, "FileHash-SHA256": 233, "FileHash-MD5": 99, "FileHash-SHA1": 63, "email": 3, "SSLCertFingerprint": 1 }, "indicator_count": 6964, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "119 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "662e72197adff2cced4acab5", "name": "Telus Communications (Canadian ISP)", "description": "IOCs associated with and/or collected from Telus Communications ISP\nAlso, please refer to other collections (Relevant Pulses in Group Pulse)", "modified": "2024-09-03T00:02:13.980000", "created": "2024-04-28T15:58:17.777000", "tags": [ "Telus" ], "references": [ "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/graph", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/iocs", "https://tria.ge/240428-tjsmrsbf4t", "https://www.virustotal.com/graph/embed/ga06a03c71a1848adb8e47517af7d1803f6bc8aa5dd4a480f921a7e9528da34df?theme=dark", "https://intelx.io/?s=telus.com", "https://lab.dynamite.ai/pcaps/319ab9c1-044c-4791-98b8-a134918cae63", "https://lab.dynamite.ai/pcaps/8c720f26-cf1b-4aed-bad5-da87f7f17977", "https://lab.dynamite.ai/pcaps/5beb5211-b3ce-4c11-8fa7-44eee039113a", "https://www.virustotal.com/graph/embed/ga408d14b97e346d788613eab3a11c80af28a15dda5334f9a93221e82d25545bb?theme=dark", "https://urlhaus.abuse.ch/feeds/asn/852/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Technology", "Telecommunications", "Education" ], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 283, "FileHash-SHA1": 283, "FileHash-SHA256": 366, "URL": 726, "domain": 564, "hostname": 523 }, "indicator_count": 2745, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "636 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Alerts: queries_programs uses_windows_utilities antivm_queries_computername", "https://lab.dynamite.ai/pcaps/5beb5211-b3ce-4c11-8fa7-44eee039113a", "https://containers-manuka-usgc-1.palantirfedstart.com \u2022 rizkly.palantirfedstart.com", "https://sandboxes-ranunculus.palantirfedstart.com/t", "Alerts: exe_appdata has_wmi antivm_network_adapters privilege_luid_check", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/graph", "https://mugwort-container-registry.palantirfedstart.com/ \u2022 https://ohrid-usgc-1.palantirfedstart.com", "http://2.palantirfedstart.com/ \u2022 http://authorium-docs-stg.palantirfedstart.com", "Alerts: network_icmp antivm_generic_services persistence_autorun creates_largekey", "https://authorium-docs-stg.palantirfedstart.com \u2022 https://chelan-containers.palantirfedstart.com", "https://tria.ge/240428-tjsmrsbf4t", "http://lsauth-vault.palantirfedstart.com \u2022 http://mugwort-container-registry.palantirfedstart.com/", "Yara Detections: Nullsoft_NSIS", "https://intelx.io/?s=telus.com", "gossamer-containers.washington.palantircloud.com \u2022", "https://urlhaus.abuse.ch/feeds/asn/852/", "https://kalpak.palantirfedstart.com/ \u2022 https://lsauth-vault.palantirfedstart.com/", "https://www.virustotal.com/graph/embed/ga408d14b97e346d788613eab3a11c80af28a15dda5334f9a93221e82d25545bb?theme=dark", "Win.Trojan.Generic-9884244-0 , ALF:Trojan:MSIL/AgentTesla.KM", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/iocs", "IP\u2019s Contacted 34.233.61.169 54.192.76.30 54.230.125.59", "http://sundog-ge-traces.palantirfedstart.com \u2022 https://2.palantirfedstart.com/u", "https://lab.dynamite.ai/pcaps/8c720f26-cf1b-4aed-bad5-da87f7f17977", "Alerts: creates_service dumped_buffer network_cnc_http network_http allocates_rwx", "http://containers-manuka-usgc-1.palantirfedstart.com \u2022http://kalpak.palantirfedstart.com", "https://deadbydaylight.com", "Domains related/not pulsed: video-lal.com/videos/tsara-brashears-dead-by-daylight.html", "primer-delta-endpoints-staging.palantirfedstart.com", "IDS Detections: Observed Suspicious UA (NSISDL/1.2 (Mozilla)) Nullsoft Mozilla UA (NSISDL)", "Alerts: antivm_disk_size infostealer_browser creates_exe creates_shortcut", "Domains Contacted proxel.bytefence.com logs.bytefence.com", "http://ohrid-usgc-1.palantirfedstart.com \u2022 http://sandboxes-ranunculus.palantirfedstart.com", "https://containers-specterops-mckinley.palantirfedstart.com/", "sandboxes-ranunculus.palantirfedstart.com \u2022 eureka-bah-usgc-1.palantirfedstart.com \u2022", "https://lab.dynamite.ai/pcaps/319ab9c1-044c-4791-98b8-a134918cae63", "palantirfedstart.com \u2022 rizkly.palantirfedstart.com \u2022", "https://www.virustotal.com/graph/embed/ga06a03c71a1848adb8e47517af7d1803f6bc8aa5dd4a480f921a7e9528da34df?theme=dark" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Win.trojan.generic-9884244-0 ,", "Alf:trojan:msil/agenttesla.km" ], "industries": [ "Government", "Technology", "Telecommunications", "Education" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69fd98fba834ab33f7cfe50f", "name": "Telus Communications (Canadian ISP) clone Disable_Duck - relevant Ip shadows", "description": "", "modified": "2026-05-08T08:04:11.769000", "created": "2026-05-08T08:04:11.769000", "tags": [ "Telus" ], "references": [ "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/graph", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/iocs", "https://tria.ge/240428-tjsmrsbf4t", "https://www.virustotal.com/graph/embed/ga06a03c71a1848adb8e47517af7d1803f6bc8aa5dd4a480f921a7e9528da34df?theme=dark", "https://intelx.io/?s=telus.com", "https://lab.dynamite.ai/pcaps/319ab9c1-044c-4791-98b8-a134918cae63", "https://lab.dynamite.ai/pcaps/8c720f26-cf1b-4aed-bad5-da87f7f17977", "https://lab.dynamite.ai/pcaps/5beb5211-b3ce-4c11-8fa7-44eee039113a", "https://www.virustotal.com/graph/embed/ga408d14b97e346d788613eab3a11c80af28a15dda5334f9a93221e82d25545bb?theme=dark", "https://urlhaus.abuse.ch/feeds/asn/852/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Technology", "Telecommunications", "Education" ], "TLP": "green", "cloned_from": "662e72197adff2cced4acab5", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 283, "FileHash-SHA1": 283, "FileHash-SHA256": 366, "URL": 726, "domain": 564, "hostname": 523 }, "indicator_count": 2745, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69589dd49ec0010e69444d66", "name": "AgentTesla affecting a video game platform currently downed", "description": "DeadByDayLight.com is being crushed by malware attacks. I only researched one of the Trojans found. AgentTesla. I\u2019m definitely not a gamer, found it interesting the peripheral whilst researching. Research led link as it relates to related Pulse/a.", "modified": "2026-02-02T03:02:34.652000", "created": "2026-01-03T04:40:52.240000", "tags": [ "aaaa", "united", "present sep", "present aug", "present jun", "present jan", "ip address", "name servers", "iocs", "data upload", "extraction", "review iocs", "ada indicator", "find suggested", "type a", "passive dns", "urls", "domain", "address", "asn as16509", "trojandropper", "subid", "title error", "ipv4", "twitter", "win32", "servers", "hostname add", "url analysis", "ms windows", "pe32", "intel", "memcommit", "caption", "f im", "read c", "mozilla", "service", "write", "persistence", "execution", "malware", "next", "united states", "yara detections", "alerts", "analysis date", "suspicious ua", "nsisdl", "less see", "all ip", "contacted", "tech broism", "palantir" ], "references": [ "https://deadbydaylight.com", "Win.Trojan.Generic-9884244-0 , ALF:Trojan:MSIL/AgentTesla.KM", "IDS Detections: Observed Suspicious UA (NSISDL/1.2 (Mozilla)) Nullsoft Mozilla UA (NSISDL)", "Yara Detections: Nullsoft_NSIS", "Alerts: network_icmp antivm_generic_services persistence_autorun creates_largekey", "Alerts: creates_service dumped_buffer network_cnc_http network_http allocates_rwx", "Alerts: antivm_disk_size infostealer_browser creates_exe creates_shortcut", "Alerts: queries_programs uses_windows_utilities antivm_queries_computername", "Alerts: exe_appdata has_wmi antivm_network_adapters privilege_luid_check", "IP\u2019s Contacted 34.233.61.169 54.192.76.30 54.230.125.59", "Domains Contacted proxel.bytefence.com logs.bytefence.com", "Domains related/not pulsed: video-lal.com/videos/tsara-brashears-dead-by-daylight.html", "gossamer-containers.washington.palantircloud.com \u2022", "sandboxes-ranunculus.palantirfedstart.com \u2022 eureka-bah-usgc-1.palantirfedstart.com \u2022", "http://2.palantirfedstart.com/ \u2022 http://authorium-docs-stg.palantirfedstart.com", "https://sandboxes-ranunculus.palantirfedstart.com/t", "http://lsauth-vault.palantirfedstart.com \u2022 http://mugwort-container-registry.palantirfedstart.com/", "https://containers-specterops-mckinley.palantirfedstart.com/", "https://mugwort-container-registry.palantirfedstart.com/ \u2022 https://ohrid-usgc-1.palantirfedstart.com", "https://authorium-docs-stg.palantirfedstart.com \u2022 https://chelan-containers.palantirfedstart.com", "https://containers-manuka-usgc-1.palantirfedstart.com \u2022 rizkly.palantirfedstart.com", "palantirfedstart.com \u2022 rizkly.palantirfedstart.com \u2022", "https://kalpak.palantirfedstart.com/ \u2022 https://lsauth-vault.palantirfedstart.com/", "primer-delta-endpoints-staging.palantirfedstart.com", "http://containers-manuka-usgc-1.palantirfedstart.com \u2022http://kalpak.palantirfedstart.com", "http://ohrid-usgc-1.palantirfedstart.com \u2022 http://sandboxes-ranunculus.palantirfedstart.com", "http://sundog-ge-traces.palantirfedstart.com \u2022 https://2.palantirfedstart.com/u" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Win.Trojan.Generic-9884244-0 ,", "display_name": "Win.Trojan.Generic-9884244-0 ,", "target": null }, { "id": "alf:Trojan:MSIL/AgentTesla.KM", "display_name": "alf:Trojan:MSIL/AgentTesla.KM", "target": null } ], "attack_ids": [ { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1005", "name": "Data from Local System", "display_name": "T1005 - Data from Local System" }, { "id": "T1007", "name": "System Service Discovery", "display_name": "T1007 - System Service Discovery" }, { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1023", "name": "Shortcut Modification", "display_name": "T1023 - Shortcut Modification" }, { "id": "T1031", "name": "Modify Existing Service", "display_name": "T1031 - Modify Existing Service" }, { "id": "T1047", "name": "Windows Management Instrumentation", "display_name": "T1047 - Windows Management Instrumentation" }, { "id": "T1053", "name": "Scheduled Task/Job", "display_name": "T1053 - Scheduled Task/Job" }, { "id": "T1060", "name": "Registry Run Keys / Startup Folder", "display_name": "T1060 - Registry Run Keys / Startup Folder" }, { "id": "T1081", "name": "Credentials in Files", "display_name": "T1081 - Credentials in Files" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Q.Vashti", "id": "337942", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 4342, "domain": 767, "hostname": 1456, "FileHash-SHA256": 233, "FileHash-MD5": 99, "FileHash-SHA1": 63, "email": 3, "SSLCertFingerprint": 1 }, "indicator_count": 6964, "is_author": false, "is_subscribing": null, "subscriber_count": 141, "modified_text": "119 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "662e72197adff2cced4acab5", "name": "Telus Communications (Canadian ISP)", "description": "IOCs associated with and/or collected from Telus Communications ISP\nAlso, please refer to other collections (Relevant Pulses in Group Pulse)", "modified": "2024-09-03T00:02:13.980000", "created": "2024-04-28T15:58:17.777000", "tags": [ "Telus" ], "references": [ "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/graph", "https://www.virustotal.com/gui/collection/9220d9375ebb4289fdbc4a7aac232b75a5c1b01e5e27edd965982bc6fe28f0e2/iocs", "https://tria.ge/240428-tjsmrsbf4t", "https://www.virustotal.com/graph/embed/ga06a03c71a1848adb8e47517af7d1803f6bc8aa5dd4a480f921a7e9528da34df?theme=dark", "https://intelx.io/?s=telus.com", "https://lab.dynamite.ai/pcaps/319ab9c1-044c-4791-98b8-a134918cae63", "https://lab.dynamite.ai/pcaps/8c720f26-cf1b-4aed-bad5-da87f7f17977", "https://lab.dynamite.ai/pcaps/5beb5211-b3ce-4c11-8fa7-44eee039113a", "https://www.virustotal.com/graph/embed/ga408d14b97e346d788613eab3a11c80af28a15dda5334f9a93221e82d25545bb?theme=dark", "https://urlhaus.abuse.ch/feeds/asn/852/" ], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" } ], "industries": [ "Government", "Technology", "Telecommunications", "Education" ], "TLP": "green", "cloned_from": null, "export_count": 27, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 3, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 283, "FileHash-SHA1": 283, "FileHash-SHA256": 366, "URL": 726, "domain": 564, "hostname": 523 }, "indicator_count": 2745, "is_author": false, "is_subscribing": null, "subscriber_count": 132, "modified_text": "636 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "ashesofcreation.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "ashesofcreation.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780304550.1372437 }