{ "type": "Domain", "indicator": "connect-microsoft.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/connect-microsoft.com", "alexa": "http://www.alexa.com/siteinfo/connect-microsoft.com", "indicator": "connect-microsoft.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3487286760, "indicator": "connect-microsoft.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "698c5991defb13df834c8a78", "name": "Phishing | Feb 11, 2026 | Part 112/783", "description": "Phishing indicators. Date: Feb 11, 2026. Part 112/783. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-02-11T10:27:29.445000", "created": "2026-02-11T10:27:29.445000", "tags": [ "phishing", "phishing-database" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1178, "domain": 822 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 96, "modified_text": "111 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6981a89a2fe9bd110fbe6fe5", "name": "Phishing | 2026-01-31 | Part 38/163", "description": "Phishing indicators. Date: 2026-01-31. Part 38/163. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-02-03T07:49:46.849000", "created": "2026-02-03T07:49:46.849000", "tags": [ "phishing", "phishing-database" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 6291, "domain": 3709 }, "indicator_count": 10000, "is_author": false, "is_subscribing": null, "subscriber_count": 96, "modified_text": "119 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68e3a9e1e3684a723e4c8b94", "name": "Detecting DLL hijacking with machine learning: real-world cases.", "description": "In recent testing, a machine learning model developed by Kaspersky has been successfully integrated into their SIEM system to detect DLL hijacking attacks, specifically utilizing the DLL sideloading technique. This model operates by conducting a thorough examination of all DLL libraries loaded in a system, cross-referencing local attributes-such as file paths, process names, and hashes-against a global knowledge base accessed via the Kaspersky Security Network (KSN) cloud. The combination of local data with broader behavioral indicators enhances detection accuracy and minimizes false positives.", "modified": "2025-11-05T11:00:24.759000", "created": "2025-10-06T11:37:05.623000", "tags": [ "artificial intelligence", "cybersecurity", "dll", "dll hijacking", "dll sideloading", "machine learning", "security technology", "siem", "threat hunting", "kaspersky siem", "digits", "cobalt strike", "sharepoint", "mdr service", "schtasks create", "system", "dns query", "monitoring", "lazarus", "mysterysnail", "ironhusky" ], "references": [ "https://securelist.com/detecting-dll-hijacking-with-machine-learning-in-kaspersky-siem/117567/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "Mongolia", "Russian Federation" ], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Government" ], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 1, "domain": 1 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "209 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62b64dda6410e270fa536b75", "name": "Twitter Feed - dnstwist - 24-06-2022", "description": "", "modified": "2022-06-24T23:50:50.611000", "created": "2022-06-24T23:50:50.611000", "tags": [ "phishing" ], "references": [ "https://twitter.com/dnstwist/status/1540263468481318913", "https://twitter.com/dnstwist/status/1540381747111682049", "https://twitter.com/dnstwist/status/1540384265636126723" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "1438 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://twitter.com/dnstwist/status/1540384265636126723", "https://ltna.com.au/cyber", "https://twitter.com/dnstwist/status/1540263468481318913", "https://twitter.com/dnstwist/status/1540381747111682049", "https://securelist.com/detecting-dll-hijacking-with-machine-learning-in-kaspersky-siem/117567/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Lazarus" ], "malware_families": [ "Cobalt strike" ], "industries": [ "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "698c5991defb13df834c8a78", "name": "Phishing | Feb 11, 2026 | Part 112/783", "description": "Phishing indicators. Date: Feb 11, 2026. Part 112/783. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-02-11T10:27:29.445000", "created": "2026-02-11T10:27:29.445000", "tags": [ "phishing", "phishing-database" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1178, "domain": 822 }, "indicator_count": 2000, "is_author": false, "is_subscribing": null, "subscriber_count": 96, "modified_text": "111 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6981a89a2fe9bd110fbe6fe5", "name": "Phishing | 2026-01-31 | Part 38/163", "description": "Phishing indicators. Date: 2026-01-31. Part 38/163. For more threat intelligence visit https://ltna.com.au/cyber", "modified": "2026-02-03T07:49:46.849000", "created": "2026-02-03T07:49:46.849000", "tags": [ "phishing", "phishing-database" ], "references": [ "https://ltna.com.au/cyber" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "LTNA-Australia", "id": "380633", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_380633/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 6291, "domain": 3709 }, "indicator_count": 10000, "is_author": false, "is_subscribing": null, "subscriber_count": 96, "modified_text": "119 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68e3a9e1e3684a723e4c8b94", "name": "Detecting DLL hijacking with machine learning: real-world cases.", "description": "In recent testing, a machine learning model developed by Kaspersky has been successfully integrated into their SIEM system to detect DLL hijacking attacks, specifically utilizing the DLL sideloading technique. This model operates by conducting a thorough examination of all DLL libraries loaded in a system, cross-referencing local attributes-such as file paths, process names, and hashes-against a global knowledge base accessed via the Kaspersky Security Network (KSN) cloud. The combination of local data with broader behavioral indicators enhances detection accuracy and minimizes false positives.", "modified": "2025-11-05T11:00:24.759000", "created": "2025-10-06T11:37:05.623000", "tags": [ "artificial intelligence", "cybersecurity", "dll", "dll hijacking", "dll sideloading", "machine learning", "security technology", "siem", "threat hunting", "kaspersky siem", "digits", "cobalt strike", "sharepoint", "mdr service", "schtasks create", "system", "dns query", "monitoring", "lazarus", "mysterysnail", "ironhusky" ], "references": [ "https://securelist.com/detecting-dll-hijacking-with-machine-learning-in-kaspersky-siem/117567/" ], "public": 1, "adversary": "Lazarus", "targeted_countries": [ "Mongolia", "Russian Federation" ], "malware_families": [ { "id": "Cobalt Strike", "display_name": "Cobalt Strike", "target": null } ], "attack_ids": [ { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" } ], "industries": [ "Government" ], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 1, "domain": 1 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 542, "modified_text": "209 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62b64dda6410e270fa536b75", "name": "Twitter Feed - dnstwist - 24-06-2022", "description": "", "modified": "2022-06-24T23:50:50.611000", "created": "2022-06-24T23:50:50.611000", "tags": [ "phishing" ], "references": [ "https://twitter.com/dnstwist/status/1540263468481318913", "https://twitter.com/dnstwist/status/1540381747111682049", "https://twitter.com/dnstwist/status/1540384265636126723" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 3 }, "indicator_count": 3, "is_author": false, "is_subscribing": null, "subscriber_count": 1623, "modified_text": "1438 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "connect-microsoft.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "connect-microsoft.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780415823.1672509 }