{ "type": "Domain", "indicator": "chiper.io", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/chiper.io", "alexa": "http://www.alexa.com/siteinfo/chiper.io", "indicator": "chiper.io", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 2897727693, "indicator": "chiper.io", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 14, "pulses": [ { "id": "659b0fd1ac7cb4d83834db1f", "name": "Botnet Command and Control Server | Malware Distribution Site", "description": "", "modified": "2024-02-06T20:02:52.205000", "created": "2024-01-07T20:55:45.006000", "tags": [ "passive dns", "urls", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "ip address", "related nids", "files location", "http response", "final url", "status code", "body", "httponly", "ssl certificate", "historical ssl", "whois record", "parent referrer", "whois whois", "communicating", "contacted", "contacted urls", "bundled", "pe resource", "dropped", "army", "machinename", "execution", "referrer", "malware distribution site", "phishing dropbox", "evasive", "banker", "dde", "dridex", "exploit", "dyre", "dyreza", "ransomware", "mydoom", "backdoor", "svg", "phising", "locky", "e-mail provider phishing", "spear phishing", "retefe", "defacement", "phishing development bank of singapore", "banjori", "suppobox", "zeus", "pony", "solar", "ransomware locky distribution site", "nymaim", "shade", "troldesh", "tvrat", "zbot", "elocky", "wisdomeyes", "kryptic", "sinkhole", "exploit", "worm", "backdoor", "injector", "botnet command and control server", "unknown", "domain", "creation date", "search", "date", "hostname", "next", "all search", "otx octoseek", "united", "as13335", "ipv4", "pulse submit", "url analysis", "iocs", "ioc search", "new ioc", "teams api", "contact", "files", "nxdomain", "win32", "meta", "wabot", "gmt contenttype", "dnssec", "name", "win32 exe", "detections file", "file size", "kb file", "domains", "registrar", "markmonitor inc", "status", "susp", "expiration date", "name servers", "domain related", "entries", "johnnsabey", "m. brian sabey", "mark sabey", "sabey data center", "utah", "http method", "http requests", "connect http", "get dns", "resolutions", "ip traffic", "problems", "alienvault part", "kgs0", "kls0", "schema abuse", "sneaky server", "iframe", "apple", "data collection" ], "references": [ "http://security.didici.cc/cve" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "virus.virlock/nabucur", "display_name": "virus.virlock/nabucur", "target": null }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "MyDoom", "display_name": "MyDoom", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Defacement", "display_name": "Defacement", "target": null }, { "id": "Banjori", "display_name": "Banjori", "target": null }, { "id": "Trojan.AvsEtecer", "display_name": "Trojan.AvsEtecer", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "Solar", "display_name": "Solar", "target": null }, { "id": "Nymaim", "display_name": "Nymaim", "target": null }, { "id": "TV RAT", "display_name": "TV RAT", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "Dyre", "display_name": "Dyre", "target": null }, { "id": "ELocky", "display_name": "ELocky", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Locky (Decryptor)", "display_name": "Locky (Decryptor)", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Gen:Variant.Strictor", "display_name": "Gen:Variant.Strictor", "target": null }, { "id": "Adware.BrowseFox", "display_name": "Adware.BrowseFox", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "MSIL_Kryptik.P.gen", "display_name": "MSIL_Kryptik.P.gen", "target": null }, { "id": "pykspa_v2_fake", "display_name": "pykspa_v2_fake", "target": null }, { "id": "Worm:Win32/Pykspa", "display_name": "Worm:Win32/Pykspa", "target": "/malware/Worm:Win32/Pykspa" }, { "id": "Pykspa", "display_name": "Pykspa", "target": null }, { "id": "TEL:Exploit:Win32/Sinkers", "display_name": "TEL:Exploit:Win32/Sinkers", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null } ], "attack_ids": [ { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1594", "name": "Search Victim-Owned Websites", "display_name": "T1594 - Search Victim-Owned Websites" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1114.002", "name": "Remote Email Collection", "display_name": "T1114.002 - Remote Email Collection" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 231, "FileHash-SHA256": 3121, "URL": 4225, "domain": 1725, "hostname": 1416, "FileHash-SHA1": 225, "CVE": 2, "email": 3 }, "indicator_count": 10948, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "847 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65a48ab7cd0bd218b17ccf6c", "name": "Botnet Command and Control Server | Malware", "description": "", "modified": "2024-02-06T20:02:52.205000", "created": "2024-01-15T01:30:31.655000", "tags": [ "passive dns", "urls", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "ip address", "related nids", "files location", "http response", "final url", "status code", "body", "httponly", "ssl certificate", "historical ssl", "whois record", "parent referrer", "whois whois", "communicating", "contacted", "contacted urls", "bundled", "pe resource", "dropped", "army", "machinename", "execution", "referrer", "malware distribution site", "phishing dropbox", "evasive", "banker", "dde", "dridex", "exploit", "dyre", "dyreza", "ransomware", "mydoom", "backdoor", "svg", "phising", "locky", "e-mail provider phishing", "spear phishing", "retefe", "defacement", "phishing development bank of singapore", "banjori", "suppobox", "zeus", "pony", "solar", "ransomware locky distribution site", "nymaim", "shade", "troldesh", "tvrat", "zbot", "elocky", "wisdomeyes", "kryptic", "sinkhole", "exploit", "worm", "backdoor", "injector", "botnet command and control server", "unknown", "domain", "creation date", "search", "date", "hostname", "next", "all search", "otx octoseek", "united", "as13335", "ipv4", "pulse submit", "url analysis", "iocs", "ioc search", "new ioc", "teams api", "contact", "files", "nxdomain", "win32", "meta", "wabot", "gmt contenttype", "dnssec", "name", "win32 exe", "detections file", "file size", "kb file", "domains", "registrar", "markmonitor inc", "status", "susp", "expiration date", "name servers", "domain related", "entries", "johnnsabey", "m. brian sabey", "mark sabey", "sabey data center", "utah", "http method", "http requests", "connect http", "get dns", "resolutions", "ip traffic", "problems", "alienvault part", "kgs0", "kls0", "schema abuse", "sneaky server", "iframe", "apple", "data collection" ], "references": [ "http://security.didici.cc/cve" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "virus.virlock/nabucur", "display_name": "virus.virlock/nabucur", "target": null }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "MyDoom", "display_name": "MyDoom", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Defacement", "display_name": "Defacement", "target": null }, { "id": "Banjori", "display_name": "Banjori", "target": null }, { "id": "Trojan.AvsEtecer", "display_name": "Trojan.AvsEtecer", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "Solar", "display_name": "Solar", "target": null }, { "id": "Nymaim", "display_name": "Nymaim", "target": null }, { "id": "TV RAT", "display_name": "TV RAT", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "Dyre", "display_name": "Dyre", "target": null }, { "id": "ELocky", "display_name": "ELocky", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Locky (Decryptor)", "display_name": "Locky (Decryptor)", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Gen:Variant.Strictor", "display_name": "Gen:Variant.Strictor", "target": null }, { "id": "Adware.BrowseFox", "display_name": "Adware.BrowseFox", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "MSIL_Kryptik.P.gen", "display_name": "MSIL_Kryptik.P.gen", "target": null }, { "id": "pykspa_v2_fake", "display_name": "pykspa_v2_fake", "target": null }, { "id": "Worm:Win32/Pykspa", "display_name": "Worm:Win32/Pykspa", "target": "/malware/Worm:Win32/Pykspa" }, { "id": "Pykspa", "display_name": "Pykspa", "target": null }, { "id": "TEL:Exploit:Win32/Sinkers", "display_name": "TEL:Exploit:Win32/Sinkers", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null } ], "attack_ids": [ { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1594", "name": "Search Victim-Owned Websites", "display_name": "T1594 - Search Victim-Owned Websites" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1114.002", "name": "Remote Email Collection", "display_name": "T1114.002 - Remote Email Collection" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" } ], "industries": [], "TLP": "white", "cloned_from": "659b0fd1ac7cb4d83834db1f", "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 231, "FileHash-SHA256": 3121, "URL": 4225, "domain": 1725, "hostname": 1416, "FileHash-SHA1": 225, "CVE": 2, "email": 3 }, "indicator_count": 10948, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "847 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707f6e25e5eba64eae4f56", "name": "clintonemail.com 3", "description": "", "modified": "2023-12-06T14:04:30.742000", "created": "2023-12-06T14:04:30.742000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1089, "domain": 409, "hostname": 839, "URL": 2184, "FileHash-MD5": 1 }, "indicator_count": 4522, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707e37b7762b2aac747c92", "name": "Undefined Name", "description": "", "modified": "2023-12-06T13:59:19.706000", "created": "2023-12-06T13:59:19.706000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1071, "hostname": 757, "domain": 463, "URL": 2436, "FileHash-SHA1": 4, "email": 1, "FileHash-MD5": 3 }, "indicator_count": 4735, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707e2030308cb99a817278", "name": "sixteenthirtyfund.org", "description": "", "modified": "2023-12-06T13:58:56.153000", "created": "2023-12-06T13:58:56.153000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1071, "hostname": 757, "domain": 463, "URL": 2436, "FileHash-SHA1": 4, "email": 1, "FileHash-MD5": 3 }, "indicator_count": 4735, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1fd15f1d29d7fe488c5a", "name": "Ransomexx", "description": "", "modified": "2023-10-30T03:15:29.408000", "created": "2023-10-30T03:15:29.408000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "651346a7ad62351a18ecb548", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 413, "CVE": 2, "FileHash-MD5": 318, "FileHash-SHA1": 306, "FileHash-SHA256": 817, "domain": 32, "hostname": 431, "email": 1 }, "indicator_count": 2320, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "947 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "651346a7ad62351a18ecb548", "name": " Ransomexx", "description": "", "modified": "2023-09-26T21:01:27.276000", "created": "2023-09-26T21:01:27.276000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64e9045d97289934335b5114", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 413, "CVE": 2, "FileHash-MD5": 318, "FileHash-SHA1": 306, "FileHash-SHA256": 817, "domain": 32, "hostname": 431, "email": 1 }, "indicator_count": 2320, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "980 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65133f86d211a1f9dd30b92e", "name": "Author avatar CRITICAL (CYBERCRIME) Malware Attack", "description": "", "modified": "2023-09-26T20:31:02.122000", "created": "2023-09-26T20:31:02.122000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64e9002f6406bddb131e17be", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 417, "CVE": 2, "FileHash-MD5": 326, "FileHash-SHA1": 314, "FileHash-SHA256": 1613, "domain": 33, "hostname": 482, "email": 1 }, "indicator_count": 3188, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "980 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e9002f6406bddb131e17be", "name": "CRITICAL (CYBERCRIME) MalwareATTACKS against \u2192https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ", "description": "CRITICAL ATTACKS against \u2192https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ\nSeen against individual targeted for cyber bullying.\nIt's cyber crime: it targets an individual, who the individual works with, all of the individuals business and media , social engineering is seen in some instances, adult content is prevalent, threats, very disturbing. Also very critical is the risk it poses to others who click on anything related to individual. Based on pattern matches, it appears a cell phone call can compromise another person. Collects contacts of targets contacts, search history, etc. \nI can't research all of them but it appears to date at least 6 years or more and continues. \n\nDoes Apple CVE found in all. Apple requests to have this information o discarded?", "modified": "2023-09-25T05:02:49.943000", "created": "2023-08-25T19:25:35.169000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 417, "CVE": 2, "FileHash-MD5": 326, "FileHash-SHA1": 314, "FileHash-SHA256": 1613, "domain": 33, "hostname": 482, "email": 1 }, "indicator_count": 3188, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "982 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e9045d97289934335b5114", "name": " CRITICAL \u2022 Agent Tesla \u2022 Emotet \u2022 Dark Power \u2022 Quasar Rat \u2022Swisyn \u2022 Lockbit \u2022 Crypto \u2022 Ransomexx \u2022 Evilnum \u2022 BlustealerPlay Ransomware \u2022 Makop ", "description": "", "modified": "2023-09-24T19:04:59.526000", "created": "2023-08-25T19:43:25.333000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64e9002f6406bddb131e17be", "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 413, "CVE": 2, "FileHash-MD5": 318, "FileHash-SHA1": 306, "FileHash-SHA256": 817, "domain": 32, "hostname": 431, "email": 1 }, "indicator_count": 2320, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "982 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "621a8f6f8a77f3c44383e3d2", "name": "clintonemail.com 3", "description": "", "modified": "2022-03-28T00:01:22.803000", "created": "2022-02-26T20:37:03.056000", "tags": [ "whois record", "whois", "ssl certificate" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 2184, "hostname": 839, "domain": 409, "FileHash-SHA256": 1089, "FileHash-MD5": 1 }, "indicator_count": 4522, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1528 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62113cd2be6b70887a381fa7", "name": "PresidentClinton.com", "description": "", "modified": "2022-03-21T00:02:26.523000", "created": "2022-02-19T18:54:10.368000", "tags": [ "whois", "whois record", "ssl certificate", "date", "server", "email", "registrar abuse", "iana id", "contact phone", "dnssec", "domain status", "registrar url", "registrar whois", "record type", "ttl value", "whois lookup", "creation date", "domain name", "status", "abuse contact" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 807, "FileHash-SHA256": 548, "hostname": 614, "domain": 286, "email": 1, "FileHash-MD5": 1 }, "indicator_count": 2257, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1535 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "620a71fcb753768c90d0775c", "name": "sixteenthirtyfund.org", "description": "", "modified": "2022-03-16T00:02:55.894000", "created": "2022-02-14T15:15:08.052000", "tags": [ "whois record", "whois", "ssl certificate", "key identifier", "algorithm", "v3 serial", "number", "issuer", "cus cngo", "daddy secure", "g2 lscottsdale", "ouhttp", "validity", "info", "first", "domain status", "server", "date", "registrar abuse", "dnssec", "domain name", "status", "contact email", "contact phone", "registrar iana", "comodo valkyrie", "verdict", "rank value", "ingestion time", "cisco umbrella", "dns records", "record type", "ttl value", "nreum", "submission", "analysis", "utc http", "response final", "url https", "ip address", "status code", "body length", "kb body" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 757, "URL": 2436, "domain": 463, "FileHash-SHA256": 1071, "email": 1, "FileHash-SHA1": 4, "FileHash-MD5": 3 }, "indicator_count": 4735, "is_author": false, "is_subscribing": null, "subscriber_count": 405, "modified_text": "1540 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "620be88f227fab7b2f5c7f6d", "name": "Lol", "description": "", "modified": "2022-03-16T00:02:55.894000", "created": "2022-02-15T17:53:19.003000", "tags": [ "whois record", "whois", "ssl certificate", "key identifier", "algorithm", "v3 serial", "number", "issuer", "cus cngo", "daddy secure", "g2 lscottsdale", "ouhttp", "validity", "info", "first", "domain status", "server", "date", "registrar abuse", "dnssec", "domain name", "status", "contact email", "contact phone", "registrar iana", "comodo valkyrie", "verdict", "rank value", "ingestion time", "cisco umbrella", "dns records", "record type", "ttl value", "nreum", "submission", "analysis", "utc http", "response final", "url https", "ip address", "status code", "body length", "kb body" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": "620a71fcb753768c90d0775c", "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "99199919", "id": "166119", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 757, "URL": 2436, "domain": 463, "FileHash-SHA256": 1071, "email": 1, "FileHash-SHA1": 4, "FileHash-MD5": 3 }, "indicator_count": 4735, "is_author": false, "is_subscribing": null, "subscriber_count": 7, "modified_text": "1540 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "http://security.didici.cc/cve" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Banjori", "Zbot", "Virus.virlock/nabucur", "Elocky", "Dyre", "Solar", "Dridex", "Locky", "Trojan.wisdomeyes.16070401.9500", "Zeus", "Defacement", "Tv rat", "Ransomware", "Mydoom", "W32.eheur", "Worm:win32/pykspa", "Trojan.avsetecer", "Msil_kryptik.p.gen", "Suppobox", "Virut", "Locky (decryptor)", "Sabey", "Pykspa", "Hallrender", "Adware.browsefox", "Gen:variant.strictor", "Pykspa_v2_fake", "Pony", "Nymaim", "Tel:exploit:win32/sinkers" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 14, "pulses": [ { "id": "659b0fd1ac7cb4d83834db1f", "name": "Botnet Command and Control Server | Malware Distribution Site", "description": "", "modified": "2024-02-06T20:02:52.205000", "created": "2024-01-07T20:55:45.006000", "tags": [ "passive dns", "urls", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "ip address", "related nids", "files location", "http response", "final url", "status code", "body", "httponly", "ssl certificate", "historical ssl", "whois record", "parent referrer", "whois whois", "communicating", "contacted", "contacted urls", "bundled", "pe resource", "dropped", "army", "machinename", "execution", "referrer", "malware distribution site", "phishing dropbox", "evasive", "banker", "dde", "dridex", "exploit", "dyre", "dyreza", "ransomware", "mydoom", "backdoor", "svg", "phising", "locky", "e-mail provider phishing", "spear phishing", "retefe", "defacement", "phishing development bank of singapore", "banjori", "suppobox", "zeus", "pony", "solar", "ransomware locky distribution site", "nymaim", "shade", "troldesh", "tvrat", "zbot", "elocky", "wisdomeyes", "kryptic", "sinkhole", "exploit", "worm", "backdoor", "injector", "botnet command and control server", "unknown", "domain", "creation date", "search", "date", "hostname", "next", "all search", "otx octoseek", "united", "as13335", "ipv4", "pulse submit", "url analysis", "iocs", "ioc search", "new ioc", "teams api", "contact", "files", "nxdomain", "win32", "meta", "wabot", "gmt contenttype", "dnssec", "name", "win32 exe", "detections file", "file size", "kb file", "domains", "registrar", "markmonitor inc", "status", "susp", "expiration date", "name servers", "domain related", "entries", "johnnsabey", "m. brian sabey", "mark sabey", "sabey data center", "utah", "http method", "http requests", "connect http", "get dns", "resolutions", "ip traffic", "problems", "alienvault part", "kgs0", "kls0", "schema abuse", "sneaky server", "iframe", "apple", "data collection" ], "references": [ "http://security.didici.cc/cve" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "virus.virlock/nabucur", "display_name": "virus.virlock/nabucur", "target": null }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "MyDoom", "display_name": "MyDoom", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Defacement", "display_name": "Defacement", "target": null }, { "id": "Banjori", "display_name": "Banjori", "target": null }, { "id": "Trojan.AvsEtecer", "display_name": "Trojan.AvsEtecer", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "Solar", "display_name": "Solar", "target": null }, { "id": "Nymaim", "display_name": "Nymaim", "target": null }, { "id": "TV RAT", "display_name": "TV RAT", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "Dyre", "display_name": "Dyre", "target": null }, { "id": "ELocky", "display_name": "ELocky", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Locky (Decryptor)", "display_name": "Locky (Decryptor)", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Gen:Variant.Strictor", "display_name": "Gen:Variant.Strictor", "target": null }, { "id": "Adware.BrowseFox", "display_name": "Adware.BrowseFox", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "MSIL_Kryptik.P.gen", "display_name": "MSIL_Kryptik.P.gen", "target": null }, { "id": "pykspa_v2_fake", "display_name": "pykspa_v2_fake", "target": null }, { "id": "Worm:Win32/Pykspa", "display_name": "Worm:Win32/Pykspa", "target": "/malware/Worm:Win32/Pykspa" }, { "id": "Pykspa", "display_name": "Pykspa", "target": null }, { "id": "TEL:Exploit:Win32/Sinkers", "display_name": "TEL:Exploit:Win32/Sinkers", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null } ], "attack_ids": [ { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1594", "name": "Search Victim-Owned Websites", "display_name": "T1594 - Search Victim-Owned Websites" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1114.002", "name": "Remote Email Collection", "display_name": "T1114.002 - Remote Email Collection" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 35, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 231, "FileHash-SHA256": 3121, "URL": 4225, "domain": 1725, "hostname": 1416, "FileHash-SHA1": 225, "CVE": 2, "email": 3 }, "indicator_count": 10948, "is_author": false, "is_subscribing": null, "subscriber_count": 224, "modified_text": "847 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65a48ab7cd0bd218b17ccf6c", "name": "Botnet Command and Control Server | Malware", "description": "", "modified": "2024-02-06T20:02:52.205000", "created": "2024-01-15T01:30:31.655000", "tags": [ "passive dns", "urls", "scan endpoints", "all octoseek", "url http", "pulse pulses", "http", "ip address", "related nids", "files location", "http response", "final url", "status code", "body", "httponly", "ssl certificate", "historical ssl", "whois record", "parent referrer", "whois whois", "communicating", "contacted", "contacted urls", "bundled", "pe resource", "dropped", "army", "machinename", "execution", "referrer", "malware distribution site", "phishing dropbox", "evasive", "banker", "dde", "dridex", "exploit", "dyre", "dyreza", "ransomware", "mydoom", "backdoor", "svg", "phising", "locky", "e-mail provider phishing", "spear phishing", "retefe", "defacement", "phishing development bank of singapore", "banjori", "suppobox", "zeus", "pony", "solar", "ransomware locky distribution site", "nymaim", "shade", "troldesh", "tvrat", "zbot", "elocky", "wisdomeyes", "kryptic", "sinkhole", "exploit", "worm", "backdoor", "injector", "botnet command and control server", "unknown", "domain", "creation date", "search", "date", "hostname", "next", "all search", "otx octoseek", "united", "as13335", "ipv4", "pulse submit", "url analysis", "iocs", "ioc search", "new ioc", "teams api", "contact", "files", "nxdomain", "win32", "meta", "wabot", "gmt contenttype", "dnssec", "name", "win32 exe", "detections file", "file size", "kb file", "domains", "registrar", "markmonitor inc", "status", "susp", "expiration date", "name servers", "domain related", "entries", "johnnsabey", "m. brian sabey", "mark sabey", "sabey data center", "utah", "http method", "http requests", "connect http", "get dns", "resolutions", "ip traffic", "problems", "alienvault part", "kgs0", "kls0", "schema abuse", "sneaky server", "iframe", "apple", "data collection" ], "references": [ "http://security.didici.cc/cve" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [ { "id": "virus.virlock/nabucur", "display_name": "virus.virlock/nabucur", "target": null }, { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "MyDoom", "display_name": "MyDoom", "target": null }, { "id": "Locky", "display_name": "Locky", "target": null }, { "id": "Defacement", "display_name": "Defacement", "target": null }, { "id": "Banjori", "display_name": "Banjori", "target": null }, { "id": "Trojan.AvsEtecer", "display_name": "Trojan.AvsEtecer", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "ZeuS", "display_name": "ZeuS", "target": null }, { "id": "Pony", "display_name": "Pony", "target": null }, { "id": "Solar", "display_name": "Solar", "target": null }, { "id": "Nymaim", "display_name": "Nymaim", "target": null }, { "id": "TV RAT", "display_name": "TV RAT", "target": null }, { "id": "Zbot", "display_name": "Zbot", "target": null }, { "id": "Dyre", "display_name": "Dyre", "target": null }, { "id": "ELocky", "display_name": "ELocky", "target": null }, { "id": "Dridex", "display_name": "Dridex", "target": null }, { "id": "Locky (Decryptor)", "display_name": "Locky (Decryptor)", "target": null }, { "id": "Ransomware", "display_name": "Ransomware", "target": null }, { "id": "Trojan.WisdomEyes.16070401.9500", "display_name": "Trojan.WisdomEyes.16070401.9500", "target": null }, { "id": "Gen:Variant.Strictor", "display_name": "Gen:Variant.Strictor", "target": null }, { "id": "Adware.BrowseFox", "display_name": "Adware.BrowseFox", "target": null }, { "id": "W32.eHeur", "display_name": "W32.eHeur", "target": null }, { "id": "MSIL_Kryptik.P.gen", "display_name": "MSIL_Kryptik.P.gen", "target": null }, { "id": "pykspa_v2_fake", "display_name": "pykspa_v2_fake", "target": null }, { "id": "Worm:Win32/Pykspa", "display_name": "Worm:Win32/Pykspa", "target": "/malware/Worm:Win32/Pykspa" }, { "id": "Pykspa", "display_name": "Pykspa", "target": null }, { "id": "TEL:Exploit:Win32/Sinkers", "display_name": "TEL:Exploit:Win32/Sinkers", "target": null }, { "id": "Sabey", "display_name": "Sabey", "target": null }, { "id": "HallRender", "display_name": "HallRender", "target": null } ], "attack_ids": [ { "id": "T1583.005", "name": "Botnet", "display_name": "T1583.005 - Botnet" }, { "id": "T1001", "name": "Data Obfuscation", "display_name": "T1001 - Data Obfuscation" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1449", "name": "Exploit SS7 to Redirect Phone Calls/SMS", "display_name": "T1449 - Exploit SS7 to Redirect Phone Calls/SMS" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1059.002", "name": "AppleScript", "display_name": "T1059.002 - AppleScript" }, { "id": "T1491", "name": "Defacement", "display_name": "T1491 - Defacement" }, { "id": "T1410", "name": "Network Traffic Capture or Redirection", "display_name": "T1410 - Network Traffic Capture or Redirection" }, { "id": "T1185", "name": "Man in the Browser", "display_name": "T1185 - Man in the Browser" }, { "id": "T1594", "name": "Search Victim-Owned Websites", "display_name": "T1594 - Search Victim-Owned Websites" }, { "id": "T1593.002", "name": "Search Engines", "display_name": "T1593.002 - Search Engines" }, { "id": "T1574.008", "name": "Path Interception by Search Order Hijacking", "display_name": "T1574.008 - Path Interception by Search Order Hijacking" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1114.002", "name": "Remote Email Collection", "display_name": "T1114.002 - Remote Email Collection" }, { "id": "TA0009", "name": "Collection", "display_name": "TA0009 - Collection" }, { "id": "T1457", "name": "Malicious Media Content", "display_name": "T1457 - Malicious Media Content" }, { "id": "T1587.001", "name": "Malware", "display_name": "T1587.001 - Malware" }, { "id": "T1608.001", "name": "Upload Malware", "display_name": "T1608.001 - Upload Malware" } ], "industries": [], "TLP": "white", "cloned_from": "659b0fd1ac7cb4d83834db1f", "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 231, "FileHash-SHA256": 3121, "URL": 4225, "domain": 1725, "hostname": 1416, "FileHash-SHA1": 225, "CVE": 2, "email": 3 }, "indicator_count": 10948, "is_author": false, "is_subscribing": null, "subscriber_count": 231, "modified_text": "847 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707f6e25e5eba64eae4f56", "name": "clintonemail.com 3", "description": "", "modified": "2023-12-06T14:04:30.742000", "created": "2023-12-06T14:04:30.742000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1089, "domain": 409, "hostname": 839, "URL": 2184, "FileHash-MD5": 1 }, "indicator_count": 4522, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707e37b7762b2aac747c92", "name": "Undefined Name", "description": "", "modified": "2023-12-06T13:59:19.706000", "created": "2023-12-06T13:59:19.706000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1071, "hostname": 757, "domain": 463, "URL": 2436, "FileHash-SHA1": 4, "email": 1, "FileHash-MD5": 3 }, "indicator_count": 4735, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707e2030308cb99a817278", "name": "sixteenthirtyfund.org", "description": "", "modified": "2023-12-06T13:58:56.153000", "created": "2023-12-06T13:58:56.153000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1071, "hostname": 757, "domain": 463, "URL": 2436, "FileHash-SHA1": 4, "email": 1, "FileHash-MD5": 3 }, "indicator_count": 4735, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "910 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "653f1fd15f1d29d7fe488c5a", "name": "Ransomexx", "description": "", "modified": "2023-10-30T03:15:29.408000", "created": "2023-10-30T03:15:29.408000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "651346a7ad62351a18ecb548", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 413, "CVE": 2, "FileHash-MD5": 318, "FileHash-SHA1": 306, "FileHash-SHA256": 817, "domain": 32, "hostname": 431, "email": 1 }, "indicator_count": 2320, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "947 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "651346a7ad62351a18ecb548", "name": " Ransomexx", "description": "", "modified": "2023-09-26T21:01:27.276000", "created": "2023-09-26T21:01:27.276000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64e9045d97289934335b5114", "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 413, "CVE": 2, "FileHash-MD5": 318, "FileHash-SHA1": 306, "FileHash-SHA256": 817, "domain": 32, "hostname": 431, "email": 1 }, "indicator_count": 2320, "is_author": false, "is_subscribing": null, "subscriber_count": 229, "modified_text": "980 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65133f86d211a1f9dd30b92e", "name": "Author avatar CRITICAL (CYBERCRIME) Malware Attack", "description": "", "modified": "2023-09-26T20:31:02.122000", "created": "2023-09-26T20:31:02.122000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64e9002f6406bddb131e17be", "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "scoreblue", "id": "254100", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 417, "CVE": 2, "FileHash-MD5": 326, "FileHash-SHA1": 314, "FileHash-SHA256": 1613, "domain": 33, "hostname": 482, "email": 1 }, "indicator_count": 3188, "is_author": false, "is_subscribing": null, "subscriber_count": 228, "modified_text": "980 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e9002f6406bddb131e17be", "name": "CRITICAL (CYBERCRIME) MalwareATTACKS against \u2192https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ", "description": "CRITICAL ATTACKS against \u2192https://m.youtube.com/channel/UCNT9XWOEy4HDc2jhC7KglnQ\nSeen against individual targeted for cyber bullying.\nIt's cyber crime: it targets an individual, who the individual works with, all of the individuals business and media , social engineering is seen in some instances, adult content is prevalent, threats, very disturbing. Also very critical is the risk it poses to others who click on anything related to individual. Based on pattern matches, it appears a cell phone call can compromise another person. Collects contacts of targets contacts, search history, etc. \nI can't research all of them but it appears to date at least 6 years or more and continues. \n\nDoes Apple CVE found in all. Apple requests to have this information o discarded?", "modified": "2023-09-25T05:02:49.943000", "created": "2023-08-25T19:25:35.169000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 22, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 417, "CVE": 2, "FileHash-MD5": 326, "FileHash-SHA1": 314, "FileHash-SHA256": 1613, "domain": 33, "hostname": 482, "email": 1 }, "indicator_count": 3188, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "982 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "64e9045d97289934335b5114", "name": " CRITICAL \u2022 Agent Tesla \u2022 Emotet \u2022 Dark Power \u2022 Quasar Rat \u2022Swisyn \u2022 Lockbit \u2022 Crypto \u2022 Ransomexx \u2022 Evilnum \u2022 BlustealerPlay Ransomware \u2022 Makop ", "description": "", "modified": "2023-09-24T19:04:59.526000", "created": "2023-08-25T19:43:25.333000", "tags": [ "whois record", "ssl certificate", "referrer", "contacted", "threat roundup", "execution", "january", "february", "april", "malware", "agent tesla", "august", "twitter", "metro", "emotet", "dark power", "core", "quasar rat", "swisyn", "play ransomware", "ursnif", "malicious", "critical", "copy", "makop", "lockbit", "crypto", "ransomexx", "quasar", "evilnum", "blustealer", "facebook", "url http", "filehashsha256", "url https", "ipv4", "hours ago", "filehashmd5", "no expiration", "filehashsha1", "type indicator", "role title", "next", "created", "modified", "ck ids", "t1071", "protocol", "t1105", "scan endpoints", "all search", "otx octoseek", "report spam", "author", "show", "search", "apple type", "indicator role", "pulses url", "expiration" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": "64e9002f6406bddb131e17be", "export_count": 33, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 413, "CVE": 2, "FileHash-MD5": 318, "FileHash-SHA1": 306, "FileHash-SHA256": 817, "domain": 32, "hostname": 431, "email": 1 }, "indicator_count": 2320, "is_author": false, "is_subscribing": null, "subscriber_count": 221, "modified_text": "982 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "chiper.io", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "chiper.io", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780510123.0298803 }