{ "type": "Domain", "indicator": "baseuploads.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/baseuploads.com", "alexa": "http://www.alexa.com/siteinfo/baseuploads.com", "indicator": "baseuploads.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3753417568, "indicator": "baseuploads.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 19, "pulses": [ { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 179, "modified_text": "65 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c0cdc35112c5919563a334", "name": "Intel is bad awy", "description": "", "modified": "2025-03-29T20:01:20.482000", "created": "2025-02-27T20:40:35.539000", "tags": [ "sign", "github", "find", "view", "search", "strong", "code issues", "pull", "breadcrumbs", "damn", "star", "footer", "sha1", "helldown linux", "iocs helldown", "windows payload", "icon", "darkrace", "donex", "ransom", "defanged file", "hashes", "ipv4", "sha256", "c2 ip", "address", "plugin", "brazanbamboo c2", "panel", "archive file", "bha006", "telegram bot", "token", "chat id", "sha256 hashes", "iocs", "intermediary", "landing", "aitm server", "compromise note", "hashes payload", "loader", "dropper", "ips https", "urls https", "duoyi", "ioc url", "ipv4 address", "c2 server", "sample sha256", "remcos", "decrypted", "urls http", "payload", "amos stealer", "stealc c2", "rhadamanthys c2", "phishing urls", "google meet", "amos steaker", "html payload", "stealc payload", "md5 hashes", "sha1 hashes", "iocs zip", "lnk file", "msi file", "payload url", "eldorado", "linux", "service dll", "cheat engine", "c2 domain", "compromise", "urls", "iocs files", "network ip", "domain", "malware hash", "noopldr type1", "noopldr type2", "download url", "email addresses", "block", "ioc http", "iocs hash", "url https", "ghostgambit", "hidden rootkit", "gh0strat", "mekotio banking", "financial", "latin america", "detected", "zipmsi", "downloader", "ip address", "cobalt strike", "first seen", "seen", "pantegana", "tls certificate", "fingerprint", "samples", "trojanspy", "msi", "subdomains", "reddit", "wetransfer", "ioc hash", "file hashes", "ip addresses", "fake captcha", "html", "hta script", "lumma payload", "filehashsha256", "indicator type", "sha256 lnk", "ports", "first stage", "md5 file", "domains", "reddelta c2", "servers", "octoberdecember", "shortcut", "files", "solo airfield", "quoc", "bctt", "kongtuke", "mintsloader c2", "js download", "c2 http", "boinc c2", "c2 address", "analyzed", "file name", "na stark", "na majestic", "description", "trojanized", "beavertail", "anydesk module", "domain hosting", "first", "details", "monitor", "sites", "fake chrome", "payload host", "c2 https", "examples", "atomic stealer", "c2 servers", "cthulhu stealer", "server http", "l files", "original", "iocs malicious", "mirrowsimps", "defanged", "strike loaders", "plugx", "plugx c2", "sspiuacbypass", "malware", "malware c2", "filehashmd5", "site", "orgvgodpayment", "quite solsjoas", "ioc sha256", "similar sha256", "http", "url hundreds", "url samples", "filehash", "guidloader", "finaldraft elf", "type name", "reference", "finaldraft", "sha256 pfman", "pathloader", "atomic https", "systembc", "ghostsocks", "invisibleferret", "vant", "rspackcore", "monero", "sha256 hash", "code snippets", "psexec", "ituneshelper", "pscp", "sftp", "googleupdate", "meshagent", "ultravnc", "file", "bootkitty iocs", "phpsert", "phpsert variant", "createdump tool", "visual studio", "code", "server", "sql injection", "studio code", "ssh access", "hta file", "vbshower c2", "powershower c2", "cloud", "hta md5", "domain name", "links", "c http", "horns", "version", "version b", "version c", "version d", "version e", "burnsrat c", "a http", "github users", "shell commands", "vssadmin delete", "userprofile", "public", "registry keys", "phobos", "lettointago", "carljohnson1948", "samuelwhite1821", "file hash", "lockbit", "indicatortype", "data", "mlpea", "w32neshtad", "gmer", "neshta", "opswat oesis", "v4 removal" ], "references": [ "Bootkitty", "Glove-Stealer", "Fake Discount Sites Exploit Black Friday", "Helldown Ransomware", "HawkEye Malware", "PXA Stealer", "Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack", "BrazenBamboo", "SpyGlace", "RustyStealer and New Ymir Ransomware", "PyPI-AIOCPA", "Python NodeStealer", "romcom-exploits-firefox-and-windows", "Rockstar-Phishing", "Silent Skimmer Gets Loud (Again)", "SteelFox Trojan", "WezRat Malware", "Avast-Anti-Root-KIt", "Winos4.0 RAT", "APT36", "WolfsBane Backdoor", "APT-K-47", "Remcos RAT", "babbleloader", "Bitter APT", "UAC-0194\u2019s Exploitation of CVE-2024-43451 in Ukraine for Phishing", "CloudScout_ Evasive Panda scouting cloud services", "clickfix-tactic", "Akira Ransomware", "Bumblebee Malware", "ELDORADO RANSOMWARE", "Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan", "Demodex rootkit", "BugSleep Malware", "HotPage.exe (malware)", "Qilin Ransomware", "NOOPDOOR Malware", "Shadowroot Ransomware", "play ransomware", "MALLOX RANSOMWARE", "New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users", "ACR Stealer", "Suspicious Domains Exploiting the Recent CrowdStrike Outage!", "Gh0stGambit", "MEKOTIO BANKING TROJAN", "TAG-100", "Fake game sites lead to information stealers", "Chrome Extensions Hijacked, 2.6 Million Users Impacted", "macOS Users Targeted by the New Variant of Banshee Infostealer", "Hundreds of fake Reddit sites push Lumma Stealer malware", "GamaCopy APT Group Mimicking GamaRedon", "InvisibleFerret Malware Leveraging Python for Targeted Attacks", "Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer", "REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors", "Phishing Campaigns Fuel Compiled AutoIt Malware Distribution", "The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads", "New Star Blizzard spear-phishing campaign targets WhatsApp accounts", "RansomHub Affiliate leverages Python-based backdoor", "Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques", "Advanced Evasion Techniques Used by NonEuclid RAT", "The Return of PlugX Malware with Fresh Tricks", "The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts", "Weaponized Software Targeting Chinese Organizations", "Threat Surge as Lumma Stealer Expands Its Reach", "Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain", "MintsLoader_Stealc", "North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks", "North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware", "Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques", "Salt Typhoon Target U.S. Telecom Networks", "SecTopRAT", "Stealers on the Rise", "Snake Keylogger", "AsyncRAT Reloaded", "The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation", "FatalRAT", "SystemBC RAT Poses New Risks to Linux System", "Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations", "FERRET Malware Targets macOS in Sophisticated North Korean Attacks", "Espionage Campaign Targeting South Asian Entities", "Astral Stealer Strikes Again Stealing More Than Just Your Cookies", "The New Ransomware Menace Vgod Gains Momentum", "Microsoft Advertisers Phished via Malicious Google Ads", "LegionLoader Malware Expands Global Reach", "NEW.txt", "From Stealers to Ransomware PureCrypter Delivers It All", "New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs", "FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux", "LockBit Ransomware Attack Leveraging Cobalt Strike", "Rspack_Compromised_Packages", "SmokeLoader", "Sock5Systemz-PROXY-AM", "solana-backdoor", "U.S. Organization in China Targeted by Attackers", "UAC-0185 attacks warned by CERT-UA", "BellaCpp", "bootkitty(logofail)", "Visual Studio Code Remote tunnels", "Cloud Atlas seen using a new tool in its attacks", "Christmas-Themed LNK Files Used for Malware Delivery", "DarkGate", "MirrorFace Campain", "horns-hooves", "Developers Targeted by New \u2018OtterCookie\u2019 Malware with Fake Job Offers", "NetSupport RAT and BurnsRAT", "Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery", "MUT-1244-GitHub", "Phobos ransomware", "Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data", "PUMAKIT", "OtterCookie used by Contagious Interview", "Ransomware-Lockbit3-IOCs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mekotio Banking", "display_name": "Mekotio Banking", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "MSI", "display_name": "MSI", "target": null }, { "id": "InvisibleFerret", "display_name": "InvisibleFerret", "target": null }, { "id": "Vant", "display_name": "Vant", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 84, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Badderawy", "id": "310597", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 950, "FileHash-SHA1": 847, "FileHash-SHA256": 1060, "hostname": 1158, "domain": 867, "URL": 813, "email": 77, "CIDR": 2, "CVE": 9 }, "indicator_count": 5783, "is_author": false, "is_subscribing": null, "subscriber_count": 27, "modified_text": "386 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "659072f784c47e7b812b36b5", "name": "APT36", "description": "AKA Transparent Tribe, ProjectM, Mythic Leopard, Earth Karkaddan, Copper Fieldstone, TMP.Lapis, C-Major.\n\nIOCs gathered from social media, other analysts, and individual research.", "modified": "2024-01-29T19:00:22.198000", "created": "2023-12-30T19:43:51.653000", "tags": [ "dem0", "pena", "whatsoevers3r" ], "references": [ "https://www.virustotal.com/gui/collection/56672e6bb7a1f5558d45fc15c5e1c0284ac3dbb180cb9527f069bbc2b125f091", "https://malpedia.caad.fkie.fraunhofer.de/actor/operation_c-major", "https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Transparent%20Tribe%2C%20APT%2036&n=1", "https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/", "https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations", "https://blog.talosintelligence.com/transparent-tribe-new-campaign/", "https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html" ], "public": 1, "adversary": "APT-C-36", "targeted_countries": [ "India" ], "malware_families": [ { "id": "Trojan:MSIL/CrimsonRAT", "display_name": "Trojan:MSIL/CrimsonRAT", "target": "/malware/Trojan:MSIL/CrimsonRAT" }, { "id": "Peppy - S0643", "display_name": "Peppy - S0643", "target": null }, { "id": "ObliqueRAT - S0644", "display_name": "ObliqueRAT - S0644", "target": null }, { "id": "DarkComet - S0334", "display_name": "DarkComet - S0334", "target": null }, { "id": "ALF:TrojanDownloader:MSIL/Njrat", "display_name": "ALF:TrojanDownloader:MSIL/Njrat", "target": null } ], "attack_ids": [ { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1587.003", "name": "Digital Certificates", "display_name": "T1587.003 - Digital Certificates" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" } ], "industries": [ "Government", "Education", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ajmeese7", "id": "218349", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_218349/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 57, "FileHash-MD5": 87, "FileHash-SHA1": 86, "FileHash-SHA256": 136, "domain": 43, "hostname": 6 }, "indicator_count": 415, "is_author": false, "is_subscribing": null, "subscriber_count": 53, "modified_text": "811 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65136801b819947835b4c635", "name": "InQuest - 26-09-2023", "description": "", "modified": "2023-10-26T23:03:16.623000", "created": "2023-09-26T23:23:45.591000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 385, "URL": 2202, "hostname": 280, "domain": 257, "FileHash-MD5": 123, "FileHash-SHA1": 135 }, "indicator_count": 3382, "is_author": false, "is_subscribing": null, "subscriber_count": 1602, "modified_text": "906 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6512166a08be3ef9b1320926", "name": "InQuest - 25-09-2023", "description": "", "modified": "2023-10-25T23:01:26.288000", "created": "2023-09-25T23:23:22.974000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 112, "URL": 2218, "hostname": 270, "domain": 245, "FileHash-SHA256": 377, "FileHash-SHA1": 135 }, "indicator_count": 3357, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "907 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510c4f1547dd8f6adb7b99e", "name": "InQuest - 24-09-2023", "description": "", "modified": "2023-10-24T23:02:23.686000", "created": "2023-09-24T23:23:29.606000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 108, "domain": 226, "URL": 2159, "hostname": 262, "FileHash-SHA256": 464, "FileHash-SHA1": 135 }, "indicator_count": 3354, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510a2dd9c7acab85a26f978", "name": "Phishing sites 2023-09-24", "description": "https://github.com/olbat/ut1-blacklists/blob/master/blacklists/phishing/domains", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:58:05.025000", "tags": [ "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "URL": 5, "domain": 37579, "hostname": 3238 }, "indicator_count": 40832, "is_author": false, "is_subscribing": null, "subscriber_count": 190, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650f744696a92abadc244360", "name": "InQuest - 23-09-2023", "description": "", "modified": "2023-10-23T23:04:57.873000", "created": "2023-09-23T23:27:02.068000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 505, "FileHash-MD5": 106, "hostname": 260, "URL": 2120, "domain": 216, "FileHash-SHA1": 135 }, "indicator_count": 3342, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "909 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650e23a7e388741f9cc337da", "name": "InQuest - 22-09-2023", "description": "", "modified": "2023-10-22T23:02:24.444000", "created": "2023-09-22T23:30:47.363000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 567, "FileHash-MD5": 105, "domain": 197, "URL": 2072, "hostname": 252, "FileHash-SHA1": 135 }, "indicator_count": 3328, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "910 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650cd0f6fb1cf9d2f00afa97", "name": "InQuest - 21-09-2023", "description": "", "modified": "2023-10-21T23:02:19.178000", "created": "2023-09-21T23:25:42.338000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 614, "FileHash-MD5": 87, "URL": 2018, "hostname": 246, "domain": 187, "FileHash-SHA1": 136 }, "indicator_count": 3288, "is_author": false, "is_subscribing": null, "subscriber_count": 1603, "modified_text": "911 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650b809877a79d4c6310b9b5", "name": "InQuest - 20-09-2023", "description": "", "modified": "2023-10-20T23:05:32.619000", "created": "2023-09-20T23:30:32.993000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 577, "FileHash-MD5": 85, "hostname": 246, "URL": 1982, "domain": 176, "FileHash-SHA1": 203 }, "indicator_count": 3269, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "912 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650a2f3e7daf7a8ac8e9d59c", "name": "InQuest - 19-09-2023", "description": "", "modified": "2023-10-19T23:00:47.834000", "created": "2023-09-19T23:31:10.598000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1994, "domain": 172, "hostname": 245, "FileHash-SHA256": 557, "FileHash-MD5": 82, "FileHash-SHA1": 203 }, "indicator_count": 3253, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "913 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6508dde4b872cc0a34fb85f6", "name": "InQuest - 18-09-2023", "description": "", "modified": "2023-10-18T23:03:17.365000", "created": "2023-09-18T23:31:48.978000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1992, "hostname": 248, "domain": 172, "FileHash-SHA256": 557, "FileHash-MD5": 82, "FileHash-SHA1": 203 }, "indicator_count": 3254, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "914 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65078d43297d9c8b2abca6ec", "name": "InQuest - 17-09-2023", "description": "", "modified": "2023-10-17T23:02:31.526000", "created": "2023-09-17T23:35:31.062000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 85, "FileHash-SHA256": 555, "URL": 1978, "domain": 165, "FileHash-SHA1": 203, "hostname": 259 }, "indicator_count": 3245, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "915 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650639f989cbbde5dc4ce00b", "name": "InQuest - 16-09-2023", "description": "", "modified": "2023-10-16T23:01:54.459000", "created": "2023-09-16T23:27:53.233000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 95, "URL": 1962, "FileHash-SHA256": 554, "FileHash-SHA1": 203, "hostname": 265, "domain": 156 }, "indicator_count": 3235, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "916 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6504e8e53b3763f429c2fe01", "name": "InQuest - 15-09-2023", "description": "", "modified": "2023-10-15T23:05:46.759000", "created": "2023-09-15T23:29:41.694000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 494, "FileHash-MD5": 112, "hostname": 287, "URL": 2112, "domain": 211, "FileHash-SHA1": 200 }, "indicator_count": 3416, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "917 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6504884da234c899dca177bf", "name": "APT36 Targeting Both Windows and Linux Systems with New ElizaRat", "description": "Zscaler is the world\u2019s largest security cloud platform and provides a range of solutions and solutions that ensure the most secure and secure data is connected to the network and users' devices.", "modified": "2023-10-15T16:01:21.957000", "created": "2023-09-15T16:37:33.964000", "tags": [ "apt36", "linux", "linux desktop", "elizarat", "india", "md5 hash", "pdf file", "linux payload", "google drive", "uuid", "june", "august", "format", "virustotal", "attack", "april", "execution", "poseidon", "hostinger asn", "windows" ], "references": [ "https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal" ], "public": 1, "adversary": "APT36", "targeted_countries": [ "India", "Pakistan" ], "malware_families": [ { "id": "Poseidon", "display_name": "Poseidon", "target": null }, { "id": "Hostinger ASN", "display_name": "Hostinger ASN", "target": null }, { "id": "Windows", "display_name": "Windows", "target": null }, { "id": "Linux", "display_name": "Linux", "target": null } ], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1564", "name": "Hide Artifacts", "display_name": "T1564 - Hide Artifacts" }, { "id": "T1567", "name": "Exfiltration Over Web Service", "display_name": "T1567 - Exfiltration Over Web Service" }, { "id": "T1127", "name": "Trusted Developer Utilities Proxy Execution", "display_name": "T1127 - Trusted Developer Utilities Proxy Execution" }, { "id": "T1134", "name": "Access Token Manipulation", "display_name": "T1134 - Access Token Manipulation" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" }, { "id": "T1113", "name": "Screen Capture", "display_name": "T1113 - Screen Capture" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1119", "name": "Automated Collection", "display_name": "T1119 - Automated Collection" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1033", "name": "System Owner/User Discovery", "display_name": "T1033 - System Owner/User Discovery" } ], "industries": [ "Government", "Defense", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 16, "FileHash-MD5": 22, "FileHash-SHA1": 3, "FileHash-SHA256": 3, "domain": 15 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 486, "modified_text": "917 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6503986036a14055d1beb99b", "name": "InQuest - 14-09-2023", "description": "", "modified": "2023-10-14T23:02:24.337000", "created": "2023-09-14T23:33:52.751000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 442, "FileHash-MD5": 112, "URL": 2054, "domain": 202, "hostname": 284, "FileHash-SHA1": 202 }, "indicator_count": 3296, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "918 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650246674ff888d6fba6e8f4", "name": "InQuest - 13-09-2023", "description": "", "modified": "2023-10-13T23:04:45.790000", "created": "2023-09-13T23:31:51.844000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1993, "domain": 193, "hostname": 280, "FileHash-SHA256": 435, "FileHash-SHA1": 202, "FileHash-MD5": 110 }, "indicator_count": 3213, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "919 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "HawkEye Malware", "Helldown Ransomware", "Cloud Atlas seen using a new tool in its attacks", "Sock5Systemz-PROXY-AM", "RansomHub Affiliate leverages Python-based backdoor", "PXA Stealer", "FERRET Malware Targets macOS in Sophisticated North Korean Attacks", "https://malpedia.caad.fkie.fraunhofer.de/actor/operation_c-major", "InvisibleFerret Malware Leveraging Python for Targeted Attacks", "BrazenBamboo", "The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation", "https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal", "Hundreds of fake Reddit sites push Lumma Stealer malware", "LockBit Ransomware Attack Leveraging Cobalt Strike", "WolfsBane Backdoor", "SteelFox Trojan", "Fake Discount Sites Exploit Black Friday", "FatalRAT", "Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer", "ACR Stealer", "https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html", "play ransomware", "MALLOX RANSOMWARE", "MUT-1244-GitHub", "horns-hooves", "Silent Skimmer Gets Loud (Again)", "Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery", "https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Transparent%20Tribe%2C%20APT%2036&n=1", "Glove-Stealer", "The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads", "https://blog.talosintelligence.com/transparent-tribe-new-campaign/", "Chrome Extensions Hijacked, 2.6 Million Users Impacted", "HotPage.exe (malware)", "Developers Targeted by New \u2018OtterCookie\u2019 Malware with Fake Job Offers", "Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain", "Bitter APT", "Phobos ransomware", "RustyStealer and New Ymir Ransomware", "REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors", "Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan", "Suspicious Domains Exploiting the Recent CrowdStrike Outage!", "Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques", "romcom-exploits-firefox-and-windows", "BellaCpp", "PyPI-AIOCPA", "Akira Ransomware", "FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux", "Weaponized Software Targeting Chinese Organizations", "Microsoft Advertisers Phished via Malicious Google Ads", "babbleloader", "MEKOTIO BANKING TROJAN", "The Return of PlugX Malware with Fresh Tricks", "https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations", "ELDORADO RANSOMWARE", "https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/", "Advanced Evasion Techniques Used by NonEuclid RAT", "Espionage Campaign Targeting South Asian Entities", "MirrorFace Campain", "Avast-Anti-Root-KIt", "SecTopRAT", "Snake Keylogger", "SpyGlace", "Remcos RAT", "Threat Surge as Lumma Stealer Expands Its Reach", "MintsLoader_Stealc", "Salt Typhoon Target U.S. Telecom Networks", "AsyncRAT Reloaded", "Ransomware-Lockbit3-IOCs.csv", "New Star Blizzard spear-phishing campaign targets WhatsApp accounts", "Fake game sites lead to information stealers", "DarkGate", "NetSupport RAT and BurnsRAT", "New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs", "SystemBC RAT Poses New Risks to Linux System", "North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks", "PUMAKIT", "Qilin Ransomware", "BugSleep Malware", "TAG-100", "https://labs.inquest.net/iocdb", "Python NodeStealer", "Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack", "APT36", "Phishing Campaigns Fuel Compiled AutoIt Malware Distribution", "Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations", "Demodex rootkit", "solana-backdoor", "Christmas-Themed LNK Files Used for Malware Delivery", "NOOPDOOR Malware", "Rockstar-Phishing", "https://www.virustotal.com/gui/collection/56672e6bb7a1f5558d45fc15c5e1c0284ac3dbb180cb9527f069bbc2b125f091", "Gh0stGambit", "U.S. Organization in China Targeted by Attackers", "UAC-0194\u2019s Exploitation of CVE-2024-43451 in Ukraine for Phishing", "The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts", "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt", "APT-K-47", "clickfix-tactic", "SmokeLoader", "UAC-0185 attacks warned by CERT-UA", "The New Ransomware Menace Vgod Gains Momentum", "CloudScout_ Evasive Panda scouting cloud services", "Winos4.0 RAT", "Shadowroot Ransomware", "Visual Studio Code Remote tunnels", "Stealers on the Rise", "New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users", "Astral Stealer Strikes Again Stealing More Than Just Your Cookies", "LegionLoader Malware Expands Global Reach", "bootkitty(logofail)", "OtterCookie used by Contagious Interview", "Bumblebee Malware", "Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data", "WezRat Malware", "GamaCopy APT Group Mimicking GamaRedon", "macOS Users Targeted by the New Variant of Banshee Infostealer", "Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques", "Rspack_Compromised_Packages", "NEW.txt", "From Stealers to Ransomware PureCrypter Delivers It All", "Bootkitty", "North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "APT36", "APT-C-36" ], "malware_families": [ "Mekotio banking", "Darkcomet - s0334", "Obliquerat - s0644", "Peppy - s0643", "Alf:trojandownloader:msil/njrat", "Poseidon", "Msi", "Trojan:msil/crimsonrat", "Hostinger asn", "Linux", "Vant", "Windows", "Trojanspy", "Invisibleferret" ], "industries": [ "Government", "Education", "Defense" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 19, "pulses": [ { "id": "6783308fc0b6e2bd8dfb209c", "name": "TTC-CERT_blocklist_recommended", "description": "", "modified": "2026-02-14T00:03:07.406000", "created": "2025-01-12T03:01:35.075000", "tags": [], "references": [ "https://github.com/ttc-cert/TTC-CERT_blocklist_recommended/blob/master/domain_blocklist_recommended.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 606, "URL": 4, "domain": 25122, "hostname": 25306 }, "indicator_count": 51038, "is_author": false, "is_subscribing": null, "subscriber_count": 179, "modified_text": "65 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c0cdc35112c5919563a334", "name": "Intel is bad awy", "description": "", "modified": "2025-03-29T20:01:20.482000", "created": "2025-02-27T20:40:35.539000", "tags": [ "sign", "github", "find", "view", "search", "strong", "code issues", "pull", "breadcrumbs", "damn", "star", "footer", "sha1", "helldown linux", "iocs helldown", "windows payload", "icon", "darkrace", "donex", "ransom", "defanged file", "hashes", "ipv4", "sha256", "c2 ip", "address", "plugin", "brazanbamboo c2", "panel", "archive file", "bha006", "telegram bot", "token", "chat id", "sha256 hashes", "iocs", "intermediary", "landing", "aitm server", "compromise note", "hashes payload", "loader", "dropper", "ips https", "urls https", "duoyi", "ioc url", "ipv4 address", "c2 server", "sample sha256", "remcos", "decrypted", "urls http", "payload", "amos stealer", "stealc c2", "rhadamanthys c2", "phishing urls", "google meet", "amos steaker", "html payload", "stealc payload", "md5 hashes", "sha1 hashes", "iocs zip", "lnk file", "msi file", "payload url", "eldorado", "linux", "service dll", "cheat engine", "c2 domain", "compromise", "urls", "iocs files", "network ip", "domain", "malware hash", "noopldr type1", "noopldr type2", "download url", "email addresses", "block", "ioc http", "iocs hash", "url https", "ghostgambit", "hidden rootkit", "gh0strat", "mekotio banking", "financial", "latin america", "detected", "zipmsi", "downloader", "ip address", "cobalt strike", "first seen", "seen", "pantegana", "tls certificate", "fingerprint", "samples", "trojanspy", "msi", "subdomains", "reddit", "wetransfer", "ioc hash", "file hashes", "ip addresses", "fake captcha", "html", "hta script", "lumma payload", "filehashsha256", "indicator type", "sha256 lnk", "ports", "first stage", "md5 file", "domains", "reddelta c2", "servers", "octoberdecember", "shortcut", "files", "solo airfield", "quoc", "bctt", "kongtuke", "mintsloader c2", "js download", "c2 http", "boinc c2", "c2 address", "analyzed", "file name", "na stark", "na majestic", "description", "trojanized", "beavertail", "anydesk module", "domain hosting", "first", "details", "monitor", "sites", "fake chrome", "payload host", "c2 https", "examples", "atomic stealer", "c2 servers", "cthulhu stealer", "server http", "l files", "original", "iocs malicious", "mirrowsimps", "defanged", "strike loaders", "plugx", "plugx c2", "sspiuacbypass", "malware", "malware c2", "filehashmd5", "site", "orgvgodpayment", "quite solsjoas", "ioc sha256", "similar sha256", "http", "url hundreds", "url samples", "filehash", "guidloader", "finaldraft elf", "type name", "reference", "finaldraft", "sha256 pfman", "pathloader", "atomic https", "systembc", "ghostsocks", "invisibleferret", "vant", "rspackcore", "monero", "sha256 hash", "code snippets", "psexec", "ituneshelper", "pscp", "sftp", "googleupdate", "meshagent", "ultravnc", "file", "bootkitty iocs", "phpsert", "phpsert variant", "createdump tool", "visual studio", "code", "server", "sql injection", "studio code", "ssh access", "hta file", "vbshower c2", "powershower c2", "cloud", "hta md5", "domain name", "links", "c http", "horns", "version", "version b", "version c", "version d", "version e", "burnsrat c", "a http", "github users", "shell commands", "vssadmin delete", "userprofile", "public", "registry keys", "phobos", "lettointago", "carljohnson1948", "samuelwhite1821", "file hash", "lockbit", "indicatortype", "data", "mlpea", "w32neshtad", "gmer", "neshta", "opswat oesis", "v4 removal" ], "references": [ "Bootkitty", "Glove-Stealer", "Fake Discount Sites Exploit Black Friday", "Helldown Ransomware", "HawkEye Malware", "PXA Stealer", "Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack", "BrazenBamboo", "SpyGlace", "RustyStealer and New Ymir Ransomware", "PyPI-AIOCPA", "Python NodeStealer", "romcom-exploits-firefox-and-windows", "Rockstar-Phishing", "Silent Skimmer Gets Loud (Again)", "SteelFox Trojan", "WezRat Malware", "Avast-Anti-Root-KIt", "Winos4.0 RAT", "APT36", "WolfsBane Backdoor", "APT-K-47", "Remcos RAT", "babbleloader", "Bitter APT", "UAC-0194\u2019s Exploitation of CVE-2024-43451 in Ukraine for Phishing", "CloudScout_ Evasive Panda scouting cloud services", "clickfix-tactic", "Akira Ransomware", "Bumblebee Malware", "ELDORADO RANSOMWARE", "Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan", "Demodex rootkit", "BugSleep Malware", "HotPage.exe (malware)", "Qilin Ransomware", "NOOPDOOR Malware", "Shadowroot Ransomware", "play ransomware", "MALLOX RANSOMWARE", "New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users", "ACR Stealer", "Suspicious Domains Exploiting the Recent CrowdStrike Outage!", "Gh0stGambit", "MEKOTIO BANKING TROJAN", "TAG-100", "Fake game sites lead to information stealers", "Chrome Extensions Hijacked, 2.6 Million Users Impacted", "macOS Users Targeted by the New Variant of Banshee Infostealer", "Hundreds of fake Reddit sites push Lumma Stealer malware", "GamaCopy APT Group Mimicking GamaRedon", "InvisibleFerret Malware Leveraging Python for Targeted Attacks", "Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer", "REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors", "Phishing Campaigns Fuel Compiled AutoIt Malware Distribution", "The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads", "New Star Blizzard spear-phishing campaign targets WhatsApp accounts", "RansomHub Affiliate leverages Python-based backdoor", "Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques", "Advanced Evasion Techniques Used by NonEuclid RAT", "The Return of PlugX Malware with Fresh Tricks", "The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts", "Weaponized Software Targeting Chinese Organizations", "Threat Surge as Lumma Stealer Expands Its Reach", "Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain", "MintsLoader_Stealc", "North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks", "North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware", "Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques", "Salt Typhoon Target U.S. Telecom Networks", "SecTopRAT", "Stealers on the Rise", "Snake Keylogger", "AsyncRAT Reloaded", "The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation", "FatalRAT", "SystemBC RAT Poses New Risks to Linux System", "Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations", "FERRET Malware Targets macOS in Sophisticated North Korean Attacks", "Espionage Campaign Targeting South Asian Entities", "Astral Stealer Strikes Again Stealing More Than Just Your Cookies", "The New Ransomware Menace Vgod Gains Momentum", "Microsoft Advertisers Phished via Malicious Google Ads", "LegionLoader Malware Expands Global Reach", "NEW.txt", "From Stealers to Ransomware PureCrypter Delivers It All", "New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs", "FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux", "LockBit Ransomware Attack Leveraging Cobalt Strike", "Rspack_Compromised_Packages", "SmokeLoader", "Sock5Systemz-PROXY-AM", "solana-backdoor", "U.S. Organization in China Targeted by Attackers", "UAC-0185 attacks warned by CERT-UA", "BellaCpp", "bootkitty(logofail)", "Visual Studio Code Remote tunnels", "Cloud Atlas seen using a new tool in its attacks", "Christmas-Themed LNK Files Used for Malware Delivery", "DarkGate", "MirrorFace Campain", "horns-hooves", "Developers Targeted by New \u2018OtterCookie\u2019 Malware with Fake Job Offers", "NetSupport RAT and BurnsRAT", "Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery", "MUT-1244-GitHub", "Phobos ransomware", "Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data", "PUMAKIT", "OtterCookie used by Contagious Interview", "Ransomware-Lockbit3-IOCs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mekotio Banking", "display_name": "Mekotio Banking", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "MSI", "display_name": "MSI", "target": null }, { "id": "InvisibleFerret", "display_name": "InvisibleFerret", "target": null }, { "id": "Vant", "display_name": "Vant", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 84, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Badderawy", "id": "310597", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 950, "FileHash-SHA1": 847, "FileHash-SHA256": 1060, "hostname": 1158, "domain": 867, "URL": 813, "email": 77, "CIDR": 2, "CVE": 9 }, "indicator_count": 5783, "is_author": false, "is_subscribing": null, "subscriber_count": 27, "modified_text": "386 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "659072f784c47e7b812b36b5", "name": "APT36", "description": "AKA Transparent Tribe, ProjectM, Mythic Leopard, Earth Karkaddan, Copper Fieldstone, TMP.Lapis, C-Major.\n\nIOCs gathered from social media, other analysts, and individual research.", "modified": "2024-01-29T19:00:22.198000", "created": "2023-12-30T19:43:51.653000", "tags": [ "dem0", "pena", "whatsoevers3r" ], "references": [ "https://www.virustotal.com/gui/collection/56672e6bb7a1f5558d45fc15c5e1c0284ac3dbb180cb9527f069bbc2b125f091", "https://malpedia.caad.fkie.fraunhofer.de/actor/operation_c-major", "https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Transparent%20Tribe%2C%20APT%2036&n=1", "https://www.welivesecurity.com/2023/03/07/love-scam-espionage-transparent-tribe-lures-indian-pakistani-officials/", "https://www.zscaler.com/blogs/security-research/apt-36-uses-new-ttps-and-new-tools-target-indian-governmental-organizations", "https://blog.talosintelligence.com/transparent-tribe-new-campaign/", "https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html" ], "public": 1, "adversary": "APT-C-36", "targeted_countries": [ "India" ], "malware_families": [ { "id": "Trojan:MSIL/CrimsonRAT", "display_name": "Trojan:MSIL/CrimsonRAT", "target": "/malware/Trojan:MSIL/CrimsonRAT" }, { "id": "Peppy - S0643", "display_name": "Peppy - S0643", "target": null }, { "id": "ObliqueRAT - S0644", "display_name": "ObliqueRAT - S0644", "target": null }, { "id": "DarkComet - S0334", "display_name": "DarkComet - S0334", "target": null }, { "id": "ALF:TrojanDownloader:MSIL/Njrat", "display_name": "ALF:TrojanDownloader:MSIL/Njrat", "target": null } ], "attack_ids": [ { "id": "T1584.001", "name": "Domains", "display_name": "T1584.001 - Domains" }, { "id": "T1583.001", "name": "Domains", "display_name": "T1583.001 - Domains" }, { "id": "T1059.005", "name": "Visual Basic", "display_name": "T1059.005 - Visual Basic" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1608.004", "name": "Drive-by Target", "display_name": "T1608.004 - Drive-by Target" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1568", "name": "Dynamic Resolution", "display_name": "T1568 - Dynamic Resolution" }, { "id": "T1203", "name": "Exploitation for Client Execution", "display_name": "T1203 - Exploitation for Client Execution" }, { "id": "T1036.005", "name": "Match Legitimate Name or Location", "display_name": "T1036.005 - Match Legitimate Name or Location" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" }, { "id": "T1587.003", "name": "Digital Certificates", "display_name": "T1587.003 - Digital Certificates" }, { "id": "T1564.001", "name": "Hidden Files and Directories", "display_name": "T1564.001 - Hidden Files and Directories" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" } ], "industries": [ "Government", "Education", "Defense" ], "TLP": "white", "cloned_from": null, "export_count": 21, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ajmeese7", "id": "218349", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_218349/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 57, "FileHash-MD5": 87, "FileHash-SHA1": 86, "FileHash-SHA256": 136, "domain": 43, "hostname": 6 }, "indicator_count": 415, "is_author": false, "is_subscribing": null, "subscriber_count": 53, "modified_text": "811 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65136801b819947835b4c635", "name": "InQuest - 26-09-2023", "description": "", "modified": "2023-10-26T23:03:16.623000", "created": "2023-09-26T23:23:45.591000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 385, "URL": 2202, "hostname": 280, "domain": 257, "FileHash-MD5": 123, "FileHash-SHA1": 135 }, "indicator_count": 3382, "is_author": false, "is_subscribing": null, "subscriber_count": 1602, "modified_text": "906 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6512166a08be3ef9b1320926", "name": "InQuest - 25-09-2023", "description": "", "modified": "2023-10-25T23:01:26.288000", "created": "2023-09-25T23:23:22.974000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 112, "URL": 2218, "hostname": 270, "domain": 245, "FileHash-SHA256": 377, "FileHash-SHA1": 135 }, "indicator_count": 3357, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "907 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510c4f1547dd8f6adb7b99e", "name": "InQuest - 24-09-2023", "description": "", "modified": "2023-10-24T23:02:23.686000", "created": "2023-09-24T23:23:29.606000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 108, "domain": 226, "URL": 2159, "hostname": 262, "FileHash-SHA256": 464, "FileHash-SHA1": 135 }, "indicator_count": 3354, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6510a2dd9c7acab85a26f978", "name": "Phishing sites 2023-09-24", "description": "https://github.com/olbat/ut1-blacklists/blob/master/blacklists/phishing/domains", "modified": "2023-10-24T20:02:37.137000", "created": "2023-09-24T20:58:05.025000", "tags": [ "phishing" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "France" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "URL": 5, "domain": 37579, "hostname": 3238 }, "indicator_count": 40832, "is_author": false, "is_subscribing": null, "subscriber_count": 190, "modified_text": "908 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650f744696a92abadc244360", "name": "InQuest - 23-09-2023", "description": "", "modified": "2023-10-23T23:04:57.873000", "created": "2023-09-23T23:27:02.068000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 505, "FileHash-MD5": 106, "hostname": 260, "URL": 2120, "domain": 216, "FileHash-SHA1": 135 }, "indicator_count": 3342, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "909 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650e23a7e388741f9cc337da", "name": "InQuest - 22-09-2023", "description": "", "modified": "2023-10-22T23:02:24.444000", "created": "2023-09-22T23:30:47.363000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 567, "FileHash-MD5": 105, "domain": 197, "URL": 2072, "hostname": 252, "FileHash-SHA1": 135 }, "indicator_count": 3328, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "910 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "650cd0f6fb1cf9d2f00afa97", "name": "InQuest - 21-09-2023", "description": "", "modified": "2023-10-21T23:02:19.178000", "created": "2023-09-21T23:25:42.338000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 614, "FileHash-MD5": 87, "URL": 2018, "hostname": 246, "domain": 187, "FileHash-SHA1": 136 }, "indicator_count": 3288, "is_author": false, "is_subscribing": null, "subscriber_count": 1603, "modified_text": "911 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "baseuploads.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "baseuploads.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776673782.072228 }