{ "type": "Domain", "indicator": "beamtree.com.au", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/beamtree.com.au", "alexa": "http://www.alexa.com/siteinfo/beamtree.com.au", "indicator": "beamtree.com.au", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4092088548, "indicator": "beamtree.com.au", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "68adee67c08cd025b05c2ab0", "name": "Collection of Collections - Updated - Malicious Certificates & University of Alberta DataBreach - 09.15.25.25", "description": "This Pulse is an attempt to aggregate all known certificates from all sources.\n\nEncrypted Communication: The malware uses Bitcoin and Ethereum addresses for communication, allowing it to receive commands and exfiltrate data securely.\nEvasion Techniques: The malware generates long and unusual domain parts using Domain Generation Algorithms to evade detection and establish communication with its C2 server.\nData Exfiltration: The malware can exfiltrate data to cloud storage services, enabling the threat actor to steal sensitive information from the compromised system.\nRemote Access: The malware leverages bidirectional communication and system binary proxy execution techniques to enable remote access and control over the infected system.\nIngress Tool Transfer: The malware downloads executable files from URLs, indicating its ability to download additional malicious payloads or updates to enhance its capabilities.", "modified": "2025-10-16T05:02:02.452000", "created": "2025-08-26T17:27:01.650000", "tags": [ "http", "https", "kgs0", "kls0", "Malcerts", "Certificates", "Alberta", "GovAB", "UAlberta", "Speader" ], "references": [ "https://www.virustotal.com/graph/embed/g0cfdc207f7d14c9a9173c2f9b804dd92b17706ef2a8c41dba3e0af36353cd70b?theme=dark", "https://viz.greynoise.io/ip/analysis/408b56e2-1932-4975-b348-5a8a7c5991d4", "https://report.netcraft.com/submission/ATkcJjvq2iKUQhELceQs7q4WVU76Q8QG - Submitted IPv4s to Netcraft 08.29.25", "https://www.filescan.io/uploads/68b261771c81c34281d8af6d/reports/44924eb0-000d-42ad-944e-36bf849a406d/overview", "https://www.virustotal.com/gui/file/19ec86ce10a716e8e63804239052c96cfa0a7fb66c2820bda2e66358f622525c/community", "Added some URLs from FSio Report to URLScan" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Netherlands", "Aruba", "Panama", "Poland", "Ukraine", "United Kingdom of Great Britain and Northern Ireland", "Anguilla", "United Arab Emirates", "Ireland", "Tanzania, United Republic of", "Philippines", "Japan", "Guatemala", "Mexico", "Bahamas", "Barbados", "Georgia", "Slovakia", "Sint Maarten (Dutch part)", "Kenya" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government", "Technology", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1639, "FileHash-MD5": 1481, "FileHash-SHA1": 1421, "FileHash-SHA256": 5969, "domain": 707, "hostname": 2311, "email": 5, "CIDR": 13 }, "indicator_count": 13546, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6875cbb7f546e86006afa0ea", "name": "Ransomware attack ConnectCare Alberta - 07.12.25", "description": "On 07.12.25 ConnectCare Alberta experienced what was initially thought to be an outtage or downtime. Further analysis of data captured in realtime reveals this to not be the case. Healthcare Provider and patient services were disrupted across multiple zone in the Province of Alberta. Other organizations impacted include: The Government of Alberta, The Alberta NDP, The Alberta UCP, The University of Alberta, both Alberta Health Services & Covenant Health, Telus Communications, United Nurses of Alberta, Alberta Physicians Association, Treaty 8 FNA & Confederacy of Treaty Six, in addition to the City of Edmonton.\nGraph:", "modified": "2025-08-14T03:03:45.057000", "created": "2025-07-15T03:32:07.251000", "tags": [ "entity", "Alberta", "Alberta Health Services", "Covenent Health", "Alberta NDP", "Treaty 6", "Treaty 7", "Treaty 8", "UAlberta", "Connect Care", "Telus", "Rogers", "City of Edmonton", "Edmonton Police Services", "United Nurses of Alberta", "Alberta Medical Association", "EduRoam", "DGA", "Alberta Doctors", "University of Calgary", "Alberta UCP", "Ministry of Advanced Education", "Ministry of Health", "Ministry of Tech & Innovation", "Ransomware", "Botnet" ], "references": [ "https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs", "https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Government", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 41, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 122, "FileHash-SHA1": 123, "FileHash-SHA256": 931, "URL": 60, "domain": 58, "email": 2, "hostname": 812 }, "indicator_count": 2108, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "292 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68768fee832e9d7358e7ec77", "name": "IT4US Ransom clone", "description": "", "modified": "2025-08-14T03:03:45.057000", "created": "2025-07-15T17:29:18.363000", "tags": [ "entity", "Alberta", "Alberta Health Services", "Covenent Health", "Alberta NDP", "Treaty 6", "Treaty 7", "Treaty 8", "UAlberta", "Connect Care", "Telus", "Rogers", "City of Edmonton", "Edmonton Police Services", "United Nurses of Alberta", "Alberta Medical Association", "EduRoam", "DGA", "Alberta Doctors", "University of Calgary", "Alberta UCP", "Ministry of Advanced Education", "Ministry of Health", "Ministry of Tech & Innovation", "Ransomware", "Botnet" ], "references": [ "https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs", "https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Government", "Education" ], "TLP": "white", "cloned_from": "6875cbb7f546e86006afa0ea", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Dougline", "id": "350513", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 122, "FileHash-SHA1": 123, "FileHash-SHA256": 931, "URL": 60, "domain": 58, "email": 2, "hostname": 812 }, "indicator_count": 2108, "is_author": false, "is_subscribing": null, "subscriber_count": 2, "modified_text": "292 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Added some URLs from FSio Report to URLScan", "https://www.virustotal.com/gui/file/19ec86ce10a716e8e63804239052c96cfa0a7fb66c2820bda2e66358f622525c/community", "https://www.virustotal.com/graph/embed/g0cfdc207f7d14c9a9173c2f9b804dd92b17706ef2a8c41dba3e0af36353cd70b?theme=dark", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs", "https://www.filescan.io/uploads/68b261771c81c34281d8af6d/reports/44924eb0-000d-42ad-944e-36bf849a406d/overview", "https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649", "https://report.netcraft.com/submission/ATkcJjvq2iKUQhELceQs7q4WVU76Q8QG - Submitted IPv4s to Netcraft 08.29.25", "https://viz.greynoise.io/ip/analysis/408b56e2-1932-4975-b348-5a8a7c5991d4", "https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Technology", "Government", "Education", "Healthcare", "Telecommunications" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "68adee67c08cd025b05c2ab0", "name": "Collection of Collections - Updated - Malicious Certificates & University of Alberta DataBreach - 09.15.25.25", "description": "This Pulse is an attempt to aggregate all known certificates from all sources.\n\nEncrypted Communication: The malware uses Bitcoin and Ethereum addresses for communication, allowing it to receive commands and exfiltrate data securely.\nEvasion Techniques: The malware generates long and unusual domain parts using Domain Generation Algorithms to evade detection and establish communication with its C2 server.\nData Exfiltration: The malware can exfiltrate data to cloud storage services, enabling the threat actor to steal sensitive information from the compromised system.\nRemote Access: The malware leverages bidirectional communication and system binary proxy execution techniques to enable remote access and control over the infected system.\nIngress Tool Transfer: The malware downloads executable files from URLs, indicating its ability to download additional malicious payloads or updates to enhance its capabilities.", "modified": "2025-10-16T05:02:02.452000", "created": "2025-08-26T17:27:01.650000", "tags": [ "http", "https", "kgs0", "kls0", "Malcerts", "Certificates", "Alberta", "GovAB", "UAlberta", "Speader" ], "references": [ "https://www.virustotal.com/graph/embed/g0cfdc207f7d14c9a9173c2f9b804dd92b17706ef2a8c41dba3e0af36353cd70b?theme=dark", "https://viz.greynoise.io/ip/analysis/408b56e2-1932-4975-b348-5a8a7c5991d4", "https://report.netcraft.com/submission/ATkcJjvq2iKUQhELceQs7q4WVU76Q8QG - Submitted IPv4s to Netcraft 08.29.25", "https://www.filescan.io/uploads/68b261771c81c34281d8af6d/reports/44924eb0-000d-42ad-944e-36bf849a406d/overview", "https://www.virustotal.com/gui/file/19ec86ce10a716e8e63804239052c96cfa0a7fb66c2820bda2e66358f622525c/community", "Added some URLs from FSio Report to URLScan" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Netherlands", "Aruba", "Panama", "Poland", "Ukraine", "United Kingdom of Great Britain and Northern Ireland", "Anguilla", "United Arab Emirates", "Ireland", "Tanzania, United Republic of", "Philippines", "Japan", "Guatemala", "Mexico", "Bahamas", "Barbados", "Georgia", "Slovakia", "Sint Maarten (Dutch part)", "Kenya" ], "malware_families": [], "attack_ids": [], "industries": [ "Education", "Government", "Technology", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 2, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1639, "FileHash-MD5": 1481, "FileHash-SHA1": 1421, "FileHash-SHA256": 5969, "domain": 707, "hostname": 2311, "email": 5, "CIDR": 13 }, "indicator_count": 13546, "is_author": false, "is_subscribing": null, "subscriber_count": 133, "modified_text": "229 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6875cbb7f546e86006afa0ea", "name": "Ransomware attack ConnectCare Alberta - 07.12.25", "description": "On 07.12.25 ConnectCare Alberta experienced what was initially thought to be an outtage or downtime. Further analysis of data captured in realtime reveals this to not be the case. Healthcare Provider and patient services were disrupted across multiple zone in the Province of Alberta. Other organizations impacted include: The Government of Alberta, The Alberta NDP, The Alberta UCP, The University of Alberta, both Alberta Health Services & Covenant Health, Telus Communications, United Nurses of Alberta, Alberta Physicians Association, Treaty 8 FNA & Confederacy of Treaty Six, in addition to the City of Edmonton.\nGraph:", "modified": "2025-08-14T03:03:45.057000", "created": "2025-07-15T03:32:07.251000", "tags": [ "entity", "Alberta", "Alberta Health Services", "Covenent Health", "Alberta NDP", "Treaty 6", "Treaty 7", "Treaty 8", "UAlberta", "Connect Care", "Telus", "Rogers", "City of Edmonton", "Edmonton Police Services", "United Nurses of Alberta", "Alberta Medical Association", "EduRoam", "DGA", "Alberta Doctors", "University of Calgary", "Alberta UCP", "Ministry of Advanced Education", "Ministry of Health", "Ministry of Tech & Innovation", "Ransomware", "Botnet" ], "references": [ "https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs", "https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Government", "Education" ], "TLP": "white", "cloned_from": null, "export_count": 41, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 122, "FileHash-SHA1": 123, "FileHash-SHA256": 931, "URL": 60, "domain": 58, "email": 2, "hostname": 812 }, "indicator_count": 2108, "is_author": false, "is_subscribing": null, "subscriber_count": 131, "modified_text": "292 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68768fee832e9d7358e7ec77", "name": "IT4US Ransom clone", "description": "", "modified": "2025-08-14T03:03:45.057000", "created": "2025-07-15T17:29:18.363000", "tags": [ "entity", "Alberta", "Alberta Health Services", "Covenent Health", "Alberta NDP", "Treaty 6", "Treaty 7", "Treaty 8", "UAlberta", "Connect Care", "Telus", "Rogers", "City of Edmonton", "Edmonton Police Services", "United Nurses of Alberta", "Alberta Medical Association", "EduRoam", "DGA", "Alberta Doctors", "University of Calgary", "Alberta UCP", "Ministry of Advanced Education", "Ministry of Health", "Ministry of Tech & Innovation", "Ransomware", "Botnet" ], "references": [ "https://www.virustotal.com/graph/embed/gdef52451e74740eaabbbcc6db2209b722e6a17129ba94f4eb92fa176bcea66f7?theme=dark", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb", "https://www.virustotal.com/gui/collection/525d014c83ee92554cb6a88685ba822e147f30dbc797a18b6071081a109b7dcb/iocs", "https://viz.greynoise.io/analysis/16d9bc15-d3ed-4e71-9631-16742e511649" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada" ], "malware_families": [], "attack_ids": [], "industries": [ "Healthcare", "Government", "Education" ], "TLP": "white", "cloned_from": "6875cbb7f546e86006afa0ea", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Dougline", "id": "350513", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 122, "FileHash-SHA1": 123, "FileHash-SHA256": 931, "URL": 60, "domain": 58, "email": 2, "hostname": 812 }, "indicator_count": 2108, "is_author": false, "is_subscribing": null, "subscriber_count": 2, "modified_text": "292 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "beamtree.com.au", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "beamtree.com.au", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780445983.8924146 }