{ "type": "Domain", "indicator": "bootstrapcmd.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/bootstrapcmd.com", "alexa": "http://www.alexa.com/siteinfo/bootstrapcmd.com", "indicator": "bootstrapcmd.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4294802178, "indicator": "bootstrapcmd.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 9, "pulses": [ { "id": "6a01e41379ed91db249a1a72", "name": "Payload_Delivery | May 12, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: May 12, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-11T14:13:39.794000", "created": "2026-05-11T14:13:39.794000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1417, "domain": 254, "URL": 300, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1982, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a00929b34beb0782b7b3f5f", "name": "Payload_Delivery | May 11, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: May 11, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-10T14:13:47.781000", "created": "2026-05-10T14:13:47.781000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1355, "domain": 256, "URL": 310, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1932, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ff4102335d91fa7ffacc11", "name": "Payload_Delivery | May 10, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: May 10, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-09T14:13:22.843000", "created": "2026-05-09T14:13:22.843000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1216, "FileHash-SHA256": 4, "domain": 239, "URL": 290, "FileHash-MD5": 1 }, "indicator_count": 1750, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "21 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fdef88fff79da0f6d1f25b", "name": "Payload_Delivery | May 9, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 9, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-08T14:13:28.740000", "created": "2026-05-08T14:13:28.740000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1446, "URL": 282, "domain": 240, "FileHash-SHA256": 15, "FileHash-MD5": 1 }, "indicator_count": 1984, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc9e0c609651dedbe3856c", "name": "Payload_Delivery | May 8, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 8, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-07T14:13:32.765000", "created": "2026-05-07T14:13:32.765000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1385, "URL": 323, "domain": 265, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1984, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb4c822830158c9d78e2bc", "name": "Payload_Delivery | May 7, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 7, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-06T14:13:22.327000", "created": "2026-05-06T14:13:22.327000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1407, "URL": 312, "domain": 255, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1985, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9fb1b0b44d965fc9f6ab0", "name": "Payload_Delivery | May 6, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 6, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-05T14:13:47.708000", "created": "2026-05-05T14:13:47.708000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 1354, "FileHash-SHA256": 6, "URL": 317, "FileHash-MD5": 1 }, "indicator_count": 1989, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1f8041acb7d71607578f3", "name": "CAPE Sandbox", "description": "<>", "modified": "2026-05-05T05:03:36.423000", "created": "2026-04-05T05:49:56.708000", "tags": [ "verisign", "verisign class", "display driver", "verisign trust", "network o", "pulses", "code signing", "mon feb", "public primary", "digital id", "class", "win32 exe", "pe32", "ms windows", "icons library", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "status", "issuer verisign", "ca valid", "from", "valid", "valid usage", "algorithm", "thumbprint", "ca status", "g5 valid", "verisign status", "valid issuer", "client auth", "hash", "cf b8", "b7 b4", "a8 f0", "ab c5", "bb f6", "f7 a3", "name verisign", "g5 issuer", "microsoft code", "valid from", "thumbprint md5", "serial number", "ec f2", "init", "copyright", "product monitor", "original name", "file version", "word document", "file v2", "document", "outlook", "settings", "generic ole2", "multistream", "compound", "time stamping", "signer", "g4 issuer", "symantec time", "stamping", "g2 valid", "open xml", "zip archive", "word microsoft", "office open", "xml format", "open packaging", "cf f4", "c8 fe", "digicert sha2", "assured id" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 54, "FileHash-SHA256": 1900, "URL": 684, "hostname": 657, "domain": 387 }, "indicator_count": 3753, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1f8066431fee3647fa5ff", "name": "CAPE Sandbox", "description": "<>", "modified": "2026-05-05T05:03:36.423000", "created": "2026-04-05T05:49:58.156000", "tags": [ "verisign", "verisign class", "display driver", "verisign trust", "network o", "pulses", "code signing", "mon feb", "public primary", "digital id", "class", "win32 exe", "pe32", "ms windows", "icons library", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "status", "issuer verisign", "ca valid", "from", "valid", "valid usage", "algorithm", "thumbprint", "ca status", "g5 valid", "verisign status", "valid issuer", "client auth", "hash", "cf b8", "b7 b4", "a8 f0", "ab c5", "bb f6", "f7 a3", "name verisign", "g5 issuer", "microsoft code", "valid from", "thumbprint md5", "serial number", "ec f2", "init", "copyright", "product monitor", "original name", "file version", "word document", "file v2", "document", "outlook", "settings", "generic ole2", "multistream", "compound", "time stamping", "signer", "g4 issuer", "symantec time", "stamping", "g2 valid", "open xml", "zip archive", "word microsoft", "office open", "xml format", "open packaging", "cf f4", "c8 fe", "digicert sha2", "assured id" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 54, "FileHash-SHA256": 1900, "URL": 684, "hostname": 657, "domain": 387, "CVE": 6 }, "indicator_count": 3759, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://ltna.com.au/cyber" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 9, "pulses": [ { "id": "6a01e41379ed91db249a1a72", "name": "Payload_Delivery | May 12, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: May 12, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-11T14:13:39.794000", "created": "2026-05-11T14:13:39.794000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1417, "domain": 254, "URL": 300, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1982, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "19 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a00929b34beb0782b7b3f5f", "name": "Payload_Delivery | May 11, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: May 11, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-10T14:13:47.781000", "created": "2026-05-10T14:13:47.781000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1355, "domain": 256, "URL": 310, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1932, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "20 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69ff4102335d91fa7ffacc11", "name": "Payload_Delivery | May 10, 2026 | Part 2/2", "description": "Payload_Delivery indicators. Date: May 10, 2026. Part 2/2. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-09T14:13:22.843000", "created": "2026-05-09T14:13:22.843000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1216, "FileHash-SHA256": 4, "domain": 239, "URL": 290, "FileHash-MD5": 1 }, "indicator_count": 1750, "is_author": false, "is_subscribing": null, "subscriber_count": 91, "modified_text": "21 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fdef88fff79da0f6d1f25b", "name": "Payload_Delivery | May 9, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 9, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-08T14:13:28.740000", "created": "2026-05-08T14:13:28.740000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1446, "URL": 282, "domain": 240, "FileHash-SHA256": 15, "FileHash-MD5": 1 }, "indicator_count": 1984, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "22 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fc9e0c609651dedbe3856c", "name": "Payload_Delivery | May 8, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 8, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-07T14:13:32.765000", "created": "2026-05-07T14:13:32.765000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1385, "URL": 323, "domain": 265, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1984, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69fb4c822830158c9d78e2bc", "name": "Payload_Delivery | May 7, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 7, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-06T14:13:22.327000", "created": "2026-05-06T14:13:22.327000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1407, "URL": 312, "domain": 255, "FileHash-SHA256": 10, "FileHash-MD5": 1 }, "indicator_count": 1985, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "24 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69f9fb1b0b44d965fc9f6ab0", "name": "Payload_Delivery | May 6, 2026 | Part 1/3", "description": "Payload_Delivery indicators. Date: May 6, 2026. Part 1/3. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-05-05T14:13:47.708000", "created": "2026-05-05T14:13:47.708000", "tags": [ "payload_delivery" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 311, "hostname": 1354, "FileHash-SHA256": 6, "URL": 317, "FileHash-MD5": 1 }, "indicator_count": 1989, "is_author": false, "is_subscribing": null, "subscriber_count": 92, "modified_text": "25 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1f8041acb7d71607578f3", "name": "CAPE Sandbox", "description": "<>", "modified": "2026-05-05T05:03:36.423000", "created": "2026-04-05T05:49:56.708000", "tags": [ "verisign", "verisign class", "display driver", "verisign trust", "network o", "pulses", "code signing", "mon feb", "public primary", "digital id", "class", "win32 exe", "pe32", "ms windows", "icons library", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "status", "issuer verisign", "ca valid", "from", "valid", "valid usage", "algorithm", "thumbprint", "ca status", "g5 valid", "verisign status", "valid issuer", "client auth", "hash", "cf b8", "b7 b4", "a8 f0", "ab c5", "bb f6", "f7 a3", "name verisign", "g5 issuer", "microsoft code", "valid from", "thumbprint md5", "serial number", "ec f2", "init", "copyright", "product monitor", "original name", "file version", "word document", "file v2", "document", "outlook", "settings", "generic ole2", "multistream", "compound", "time stamping", "signer", "g4 issuer", "symantec time", "stamping", "g2 valid", "open xml", "zip archive", "word microsoft", "office open", "xml format", "open packaging", "cf f4", "c8 fe", "digicert sha2", "assured id" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 54, "FileHash-SHA256": 1900, "URL": 684, "hostname": 657, "domain": 387 }, "indicator_count": 3753, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69d1f8066431fee3647fa5ff", "name": "CAPE Sandbox", "description": "<>", "modified": "2026-05-05T05:03:36.423000", "created": "2026-04-05T05:49:58.156000", "tags": [ "verisign", "verisign class", "display driver", "verisign trust", "network o", "pulses", "code signing", "mon feb", "public primary", "digital id", "class", "win32 exe", "pe32", "ms windows", "icons library", "os2 executable", "generic windos", "executable", "dos executable", "pe64 compiler", "ltcgc", "status", "issuer verisign", "ca valid", "from", "valid", "valid usage", "algorithm", "thumbprint", "ca status", "g5 valid", "verisign status", "valid issuer", "client auth", "hash", "cf b8", "b7 b4", "a8 f0", "ab c5", "bb f6", "f7 a3", "name verisign", "g5 issuer", "microsoft code", "valid from", "thumbprint md5", "serial number", "ec f2", "init", "copyright", "product monitor", "original name", "file version", "word document", "file v2", "document", "outlook", "settings", "generic ole2", "multistream", "compound", "time stamping", "signer", "g4 issuer", "symantec time", "stamping", "g2 valid", "open xml", "zip archive", "word microsoft", "office open", "xml format", "open packaging", "cf f4", "c8 fe", "digicert sha2", "assured id" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1046", "name": "Network Service Scanning", "display_name": "T1046 - Network Service Scanning" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 71, "FileHash-SHA1": 54, "FileHash-SHA256": 1900, "URL": 684, "hostname": 657, "domain": 387, "CVE": 6 }, "indicator_count": 3759, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "25 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "bootstrapcmd.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "bootstrapcmd.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780180143.4805706 }