{ "type": "Domain", "indicator": "coreconf.net", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/coreconf.net", "alexa": "http://www.alexa.com/siteinfo/coreconf.net", "indicator": "coreconf.net", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3897859073, "indicator": "coreconf.net", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 16, "pulses": [ { "id": "665f39b83296d4300d2fbc27", "name": "The Pumpkin Eclipse - Chalubo Malware", "description": "Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and control (C2) server. Chalubo has payloads designed for all major SOHO/IoT kernels, pre-built functionality to perform DDoS attacks, and can execute any Lua script sent to the bot.", "modified": "2024-07-02T02:01:15.785000", "created": "2024-06-04T15:58:48.535000", "tags": [ "lua script", "soho" ], "references": [ "https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt", "https://blog.lumen.com/the-pumpkin-eclipse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Chalubo", "display_name": "Chalubo", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "white", "cloned_from": "665bd55fda9811d880ce059d", "export_count": 381, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 7, "FileHash-SHA256": 40, "URL": 27, "domain": 10, "hostname": 7 }, "indicator_count": 93, "is_author": false, "is_subscribing": null, "subscriber_count": 386455, "modified_text": "697 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6819c4a015d36461e17d8705", "name": "[GS-25-17111] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2025-06-05T08:03:40.910000", "created": "2025-05-06T08:13:20.721000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "botnet mirai", "botnet iocs", "gs2519125", "gs25181222", "gs2518122", "gs2518120", "twitter" ], "references": [ "https://1275.ru/ioc/gs-25-17111-mirai-botnet-iocs_10627", "https://1275.ru/ioc/reindex-5-mirai-botnet-iocs_10623", "https://1275.ru/ioc/gs-25-16110-mirai-botnet-iocs_10610", "https://1275.ru/ioc/gs-25-16108-mirai-botnet-iocs_10596", "https://1275.ru/ioc/gs-25-16107-mirai-botnet-iocs_10586" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1308, "FileHash-SHA1": 1308, "FileHash-SHA256": 1308, "URL": 53, "domain": 11, "hostname": 17 }, "indicator_count": 4005, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "359 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e0fb841ebe9a30def601e7", "name": "[GS-25-1171] Mirai Botnet IOCs - SEC-1275-1", "description": "\u00c2\u00a31.1m - \"Mirai\" - is the name given to the Mirai botnet, a network that has been hijacked by hackers to spread malware across the internet.", "modified": "2025-04-23T06:01:42.435000", "created": "2025-03-24T06:28:20.908000", "tags": [ "combinations", "mirai", "linux", "compromise ipv4", "ipv4 port", "domain port", "sha1", "sha256" ], "references": [ "https://1275.ru/ioc/gs-25-1171-mirai-botnet-iocs_9920" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3, "FileHash-MD5": 123, "FileHash-SHA1": 123, "FileHash-SHA256": 123, "URL": 4, "domain": 2 }, "indicator_count": 378, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "402 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "561 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdd1247c16c5855518c7", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-02T07:05:02.060000", "created": "2024-07-02T08:44:01.648000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 286, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2521, "domain": 8243, "email": 7, "hostname": 2893 }, "indicator_count": 13683, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "666 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdc8052a11fe921381a0", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-01T08:02:48.060000", "created": "2024-07-02T08:43:52.203000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2409, "domain": 7836, "email": 7, "hostname": 2783 }, "indicator_count": 13054, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66839bf92a2a8d1539e34e23", "name": "[REINDEX-4.3] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2024-08-01T06:03:26.298000", "created": "2024-07-02T06:19:37.759000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "toggle", "compromise ipv4", "ipv4 port", "combinations", "domain port", "sha1" ], "references": [ "https://1275.ru/ioc/3578/reindex-4-3-mirai-botnet-iocs/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 37, "FileHash-SHA1": 37, "FileHash-SHA256": 37, "URL": 5, "domain": 1, "hostname": 2 }, "indicator_count": 119, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6678917b2ae08ab7db8b9093", "name": "AS139646 HONG KONG Megalayer Technology Co.,Limited", "description": "", "modified": "2024-07-23T21:01:44.600000", "created": "2024-06-23T21:19:55.210000", "tags": [], "references": [ "https://viz.greynoise.io/analysis/469ce87b-643e-4db1-8804-f3da57" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 4144, "hostname": 3391 }, "indicator_count": 7535, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "676 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "666fd54a657b7748afdb6fbb", "name": "[GS-476] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2024-07-17T06:00:56.204000", "created": "2024-06-17T06:18:50.570000", "tags": [ "mirai botnet", "iocs", "combinations", "mirai", "linux", "toggle", "compromise ipv4", "ipv4 port", "domain port", "sha1" ], "references": [ "https://1275.ru/ioc/3483/gs-476-mirai-botnet-iocs/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 190, "FileHash-SHA1": 190, "FileHash-SHA256": 190, "URL": 8, "domain": 2, "hostname": 3 }, "indicator_count": 583, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "682 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6662d56cbc1d2c9f5ea5667a", "name": "[GS-472] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2024-07-07T09:01:20.351000", "created": "2024-06-07T09:39:56.173000", "tags": [ "mirai botnet", "iocs", "combinations", "mirai", "linux", "toggle", "compromise ipv4", "ipv4 port", "domain port", "sha1" ], "references": [ "https://1275.ru/ioc/3450/gs-472-mirai-botnet-iocs/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 29, "FileHash-SHA1": 29, "FileHash-SHA256": 29, "URL": 3, "domain": 1 }, "indicator_count": 91, "is_author": false, "is_subscribing": null, "subscriber_count": 173, "modified_text": "692 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "665e97840f8ad7f721132044", "name": "The Pumpkin Eclipse - Lumen", "description": "The Chalubo malware, first identified in 2018, was used in a destructive attack on a single internet service provider in October 2023, Lumen Technologies\u2019 Black Lotus Labs has confirmed.", "modified": "2024-07-04T04:03:56.761000", "created": "2024-06-04T04:26:44.263000", "tags": [ "chalubo", "chalubo malware", "ddos", "actiontec", "lumen", "lua script", "lotus labs", "soho", "black", "acidrain" ], "references": [ "https://blog.lumen.com/the-pumpkin-eclipse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Chalubo", "display_name": "Chalubo", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 24, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "tr2222200", "id": "207905", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 6, "FileHash-SHA256": 28, "URL": 24, "domain": 9, "hostname": 7 }, "indicator_count": 76, "is_author": false, "is_subscribing": null, "subscriber_count": 186, "modified_text": "695 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "667a55dd17ebe58a413235bc", "name": "The Pumpkin Eclipse - Lumen", "description": "", "modified": "2024-07-04T04:03:56.761000", "created": "2024-06-25T05:30:05.559000", "tags": [ "chalubo", "chalubo malware", "ddos", "actiontec", "lumen", "lua script", "lotus labs", "soho", "black", "acidrain" ], "references": [ "https://blog.lumen.com/the-pumpkin-eclipse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Chalubo", "display_name": "Chalubo", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "white", "cloned_from": "665e97840f8ad7f721132044", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Tr1sa111", "id": "192483", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 6, "FileHash-SHA256": 28, "URL": 24, "domain": 9, "hostname": 7 }, "indicator_count": 76, "is_author": false, "is_subscribing": null, "subscriber_count": 276, "modified_text": "695 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "665bd55fda9811d880ce059d", "name": "The Pumpkin Eclipse - Lumen", "description": "The Chalubo malware, first identified in 2018, was used in a destructive attack on a single internet service provider in October 2023, Lumen Technologies\u2019 Black Lotus Labs has confirmed.", "modified": "2024-07-02T02:01:15.785000", "created": "2024-06-02T02:13:51.492000", "tags": [ "path", "button", "span", "script", "link", "template", "header dropdown", "iconbutton", "product", "solutions", "form", "footer", "meta", "code", "enterprise", "reload", "close", "chalubo", "download", "body", "find", "write", "star", "copy", "open", "main", "contact", "october", "chalubo malware", "ddos", "actiontec", "lumen", "lua script", "lotus labs", "soho", "november", "black", "next" ], "references": [ "https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt", "https://blog.lumen.com/the-pumpkin-eclipse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Chalubo", "display_name": "Chalubo", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 37, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "text_account", "id": "221593", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 7, "FileHash-SHA256": 40, "URL": 27, "domain": 10, "hostname": 7 }, "indicator_count": 93, "is_author": false, "is_subscribing": null, "subscriber_count": 51, "modified_text": "697 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66599c3a86a366014dc0c734", "name": "The Pumpkin Eclipse - Lumen", "description": "The Chalubo malware family was used in a destructive attack on a single internet service provider in late October 2023, Lumen Technologies\u2019 Black Lotus Labs has revealed in an open-source report.", "modified": "2024-06-30T09:00:18.472000", "created": "2024-05-31T09:45:30.600000", "tags": [ "path", "button", "span", "script", "link", "template", "header dropdown", "iconbutton", "product", "solutions", "form", "footer", "meta", "code", "reload", "enterprise", "close", "chalubo", "download", "body", "find", "write", "star", "copy", "open", "main", "contact", "october", "chalubo malware", "ddos", "actiontec", "lumen", "lua script", "lotus labs", "soho", "november", "black", "next", "acidrain" ], "references": [ "https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt", "https://blog.lumen.com/the-pumpkin-eclipse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Chalubo", "display_name": "Chalubo", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bluenumberone", "id": "246058", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 7, "FileHash-SHA256": 40, "URL": 27, "domain": 10, "hostname": 7 }, "indicator_count": 93, "is_author": false, "is_subscribing": null, "subscriber_count": 70, "modified_text": "699 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://blog.lumen.com/the-pumpkin-eclipse/", "https://1275.ru/ioc/gs-25-17111-mirai-botnet-iocs_10627", "https://1275.ru/ioc/gs-25-16107-mirai-botnet-iocs_10586", "https://1275.ru/ioc/reindex-5-mirai-botnet-iocs_10623", "https://1275.ru/ioc/gs-25-16108-mirai-botnet-iocs_10596", "https://viz.greynoise.io/analysis/469ce87b-643e-4db1-8804-f3da57", "https://1275.ru/ioc/3483/gs-476-mirai-botnet-iocs/", "https://1275.ru/ioc/3578/reindex-4-3-mirai-botnet-iocs/", "https://1275.ru/ioc/gs-25-16110-mirai-botnet-iocs_10610", "https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt", "https://1275.ru/ioc/3450/gs-472-mirai-botnet-iocs/", "https://1275.ru/ioc/gs-25-1171-mirai-botnet-iocs_9920" ], "related": { "alienvault": { "adversary": [], "malware_families": [ "Chalubo" ], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Chalubo", "Mirai" ], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 16, "pulses": [ { "id": "665f39b83296d4300d2fbc27", "name": "The Pumpkin Eclipse - Chalubo Malware", "description": "Chalubo is a commodity remote access trojan (RAT). First identified in 2018, employed savvy tradecraft to obfuscate its activity; it removed all files from disk to run in-memory, assumed a random process name already present on the device, and encrypted all communications with the command and control (C2) server. Chalubo has payloads designed for all major SOHO/IoT kernels, pre-built functionality to perform DDoS attacks, and can execute any Lua script sent to the bot.", "modified": "2024-07-02T02:01:15.785000", "created": "2024-06-04T15:58:48.535000", "tags": [ "lua script", "soho" ], "references": [ "https://github.com/blacklotuslabs/IOCs/blob/main/Pumpkin_Eclipse_IOCs.txt", "https://blog.lumen.com/the-pumpkin-eclipse/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Chalubo", "display_name": "Chalubo", "target": null } ], "attack_ids": [ { "id": "T1195", "name": "Supply Chain Compromise", "display_name": "T1195 - Supply Chain Compromise" }, { "id": "T1199", "name": "Trusted Relationship", "display_name": "T1199 - Trusted Relationship" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1102", "name": "Web Service", "display_name": "T1102 - Web Service" }, { "id": "T1104", "name": "Multi-Stage Channels", "display_name": "T1104 - Multi-Stage Channels" }, { "id": "T1016", "name": "System Network Configuration Discovery", "display_name": "T1016 - System Network Configuration Discovery" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1495", "name": "Firmware Corruption", "display_name": "T1495 - Firmware Corruption" } ], "industries": [], "TLP": "white", "cloned_from": "665bd55fda9811d880ce059d", "export_count": 381, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AlienVault", "id": "2", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_2/resized/80/avatar_dacfad0ca8.png", "is_subscribed": true, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 2, "FileHash-SHA1": 7, "FileHash-SHA256": 40, "URL": 27, "domain": 10, "hostname": 7 }, "indicator_count": 93, "is_author": false, "is_subscribing": null, "subscriber_count": 386455, "modified_text": "697 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6819c4a015d36461e17d8705", "name": "[GS-25-17111] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2025-06-05T08:03:40.910000", "created": "2025-05-06T08:13:20.721000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "botnet mirai", "botnet iocs", "gs2519125", "gs25181222", "gs2518122", "gs2518120", "twitter" ], "references": [ "https://1275.ru/ioc/gs-25-17111-mirai-botnet-iocs_10627", "https://1275.ru/ioc/reindex-5-mirai-botnet-iocs_10623", "https://1275.ru/ioc/gs-25-16110-mirai-botnet-iocs_10610", "https://1275.ru/ioc/gs-25-16108-mirai-botnet-iocs_10596", "https://1275.ru/ioc/gs-25-16107-mirai-botnet-iocs_10586" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 34, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1308, "FileHash-SHA1": 1308, "FileHash-SHA256": 1308, "URL": 53, "domain": 11, "hostname": 17 }, "indicator_count": 4005, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "359 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67e0fb841ebe9a30def601e7", "name": "[GS-25-1171] Mirai Botnet IOCs - SEC-1275-1", "description": "\u00c2\u00a31.1m - \"Mirai\" - is the name given to the Mirai botnet, a network that has been hijacked by hackers to spread malware across the internet.", "modified": "2025-04-23T06:01:42.435000", "created": "2025-03-24T06:28:20.908000", "tags": [ "combinations", "mirai", "linux", "compromise ipv4", "ipv4 port", "domain port", "sha1", "sha256" ], "references": [ "https://1275.ru/ioc/gs-25-1171-mirai-botnet-iocs_9920" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 3, "FileHash-MD5": 123, "FileHash-SHA1": 123, "FileHash-SHA256": 123, "URL": 4, "domain": 2 }, "indicator_count": 378, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "402 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f73a3f45fa88890276d", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:23.616000", "created": "2024-11-24T03:37:23.616000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 25, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67429f7224d433f384b935c8", "name": "StreamMining", "description": "", "modified": "2024-11-24T03:37:22.551000", "created": "2024-11-24T03:37:22.551000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": "670f94e03014212e19fa5a77", "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "rivocado", "id": "300960", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "552 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "670f94e03014212e19fa5a77", "name": "Malicious-Dangerous-Domain&URL-New-IOC List", "description": "By Helaly", "modified": "2024-11-15T10:01:11.688000", "created": "2024-10-16T10:26:40.893000", "tags": [ "eliminar", "leer ms", "wishlist vista", "poltica", "secadores", "vista", "sala", "vaporal", "utensilios", "belleza equipos", "ciudad" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 39659, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "URL": 170, "domain": 11158, "hostname": 3549 }, "indicator_count": 14883, "is_author": false, "is_subscribing": null, "subscriber_count": 80, "modified_text": "561 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdd1247c16c5855518c7", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-02T07:05:02.060000", "created": "2024-07-02T08:44:01.648000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 286, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2521, "domain": 8243, "email": 7, "hostname": 2893 }, "indicator_count": 13683, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "666 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6683bdc8052a11fe921381a0", "name": "Domain-URL-IP-Hash-IOC", "description": "Updated collection of malicious , malware , phishing ... etc of domain , UR , IP , Hashes", "modified": "2024-08-01T08:02:48.060000", "created": "2024-07-02T08:43:52.203000", "tags": [ "word" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Eslam-ElHelaly", "id": "259630", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_259630/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-MD5": 15, "FileHash-SHA1": 1, "FileHash-SHA256": 1, "URL": 2409, "domain": 7836, "email": 7, "hostname": 2783 }, "indicator_count": 13054, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66839bf92a2a8d1539e34e23", "name": "[REINDEX-4.3] Mirai Botnet IOCs - SEC-1275-1", "description": "", "modified": "2024-08-01T06:03:26.298000", "created": "2024-07-02T06:19:37.759000", "tags": [ "mirai botnet", "iocs", "mirai", "linux", "toggle", "compromise ipv4", "ipv4 port", "combinations", "domain port", "sha1" ], "references": [ "https://1275.ru/ioc/3578/reindex-4-3-mirai-botnet-iocs/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Gnostis", "id": "44738", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_44738/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 37, "FileHash-SHA1": 37, "FileHash-SHA256": 37, "URL": 5, "domain": 1, "hostname": 2 }, "indicator_count": 119, "is_author": false, "is_subscribing": null, "subscriber_count": 172, "modified_text": "667 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6678917b2ae08ab7db8b9093", "name": "AS139646 HONG KONG Megalayer Technology Co.,Limited", "description": "", "modified": "2024-07-23T21:01:44.600000", "created": "2024-06-23T21:19:55.210000", "tags": [], "references": [ "https://viz.greynoise.io/analysis/469ce87b-643e-4db1-8804-f3da57" ], "public": 1, "adversary": "", "targeted_countries": [ "China" ], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "skocherhan", "id": "249290", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_249290/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 4144, "hostname": 3391 }, "indicator_count": 7535, "is_author": false, "is_subscribing": null, "subscriber_count": 182, "modified_text": "676 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "coreconf.net", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "coreconf.net", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780180565.8027306 }