{ "type": "Domain", "indicator": "creativeformatsnetwork.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/creativeformatsnetwork.com", "alexa": "http://www.alexa.com/siteinfo/creativeformatsnetwork.com", "indicator": "creativeformatsnetwork.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3011723681, "indicator": "creativeformatsnetwork.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "678565f0c11937595b52ea3b", "name": "ApateWeb Campaign Infected Sites - Blogspot Redirector", "description": "Additional IOCs gathered from an instance of ApateWeb discovered in the wild, via a Blogspot redirector campaign. These may be intentional adversary-controlled infra or simply infected servers that they have gained control over.\n\nApologies for duplicate IOCs, OTX has no method of filtering these out and makes it impossible to bulk remove them so I can upload a de-duped list instead, so there is no way for me to fix this.", "modified": "2025-01-20T23:31:01.411000", "created": "2025-01-13T19:13:52.391000", "tags": [ "blog", "redirector", "phishing", "malware", "Scareware", "Malvertising", "Ad Fraud", "Blogspot", "ApateWeb", "Cybercrime" ], "references": [ "https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/", "https://bettylinking.blogspot[.]com/2025/01/tyga.html" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ajmeese7", "id": "218349", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_218349/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 34, "domain": 19039, "hostname": 18 }, "indicator_count": 19091, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a47a360cc88cf348557c", "name": "Content Reputation", "description": "", "modified": "2023-12-06T16:42:34.542000", "created": "2023-12-06T16:42:34.542000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 261, "domain": 183, "FileHash-SHA256": 130, "URL": 1194, "FileHash-MD5": 80, "FileHash-SHA1": 1 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6502c8dc7c2db4d80976ad48", "name": "Content Reputation", "description": "Hidden cams throughout unknown homes in various rooms included laundry room & patio. iPhone cracking full Command & Device control. 24/7 Tracking & Monitoring of a female target. Hardcore Adult content provided also attacks named people with occupations. High level hacking. Abuse. Content seems to target USA & Germany. MALICIOUS links. Heavy iOS intrusion. CVE if any would likely discovered years ago and patched in an update. Still running. Viewers are provided access keys to view targets in all types of situations and conversations including arguments. Absolutely surreal.\nSome vulnerabilities listed pertains to entire site. SKYNET is found. Spyware. Malware l.\n\nOnly the most popularized threat labels are recognized by AV, I have used various known labels l.", "modified": "2023-10-14T05:03:24.012000", "created": "2023-09-14T08:48:28.761000", "tags": [ "united", "flag", "germany germany", "enom", "date", "gmt flag", "dns requests", "domain address", "server", "name server", "url http", "url https", "canada", "germany", "united kingdom", "scan endpoints", "all search", "report spam", "media", "uten", "virut", "suppobox", "decovid19", "khtml", "linux", "windows", "kraken created", "android", "win64", "Tsara Brashears", "Jeffrey Reimer DPT", "Spyware", "Phishing", "privilege", "controls move events", "keyloggers", "World Wide cyberthreat", "Counters", "Hidden Cams", "iOS access", "Retaliation?", "written for Android -iOS - Linux - Apple", "Pattern Match - Follows females phone choices. Cite pulse by unk", "Static AI", "Monitored Target Tsara Brashears", "Armadillo", "malware", "tehopx.exe", "FoxItReader.exe", "svhost.exe", "tracking radar", "evader", "Malware Evader", "dropper", "PDFReader.exe", "ketogenic switch", "ELF", "NORAD Tracking", "Brazzers", "Skynet" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Hybrid-Anaysis.com", "Online Analysis observation of issue", "Virus & Attack Analysis", "Data Analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Ghana" ], "malware_families": [ { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Kraken Cryptor Ransomware", "display_name": "Kraken Cryptor Ransomware", "target": null }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "trojan.genericrxep", "display_name": "trojan.genericrxep", "target": null }, { "id": "Malware.QVM06.Gen", "display_name": "Malware.QVM06.Gen", "target": null }, { "id": "Win32/Virus.Adware.42b", "display_name": "Win32/Virus.Adware.42b", "target": null }, { "id": "Trojan.Win32.Generic!SB.0", "display_name": "Trojan.Win32.Generic!SB.0", "target": null }, { "id": "Trojan.Packed.25266", "display_name": "Trojan.Packed.25266", "target": null }, { "id": "W32.Common.00000000", "display_name": "W32.Common.00000000", "target": null }, { "id": "trojan.xanfpezes/fugrafa", "display_name": "trojan.xanfpezes/fugrafa", "target": null }, { "id": "Trojan.installcore.fe", "display_name": "Trojan.installcore.fe", "target": null }, { "id": "BScope.TrojanRansom.Blocker", "display_name": "BScope.TrojanRansom.Blocker", "target": null }, { "id": "Win32.Outbreak", "display_name": "Win32.Outbreak", "target": null }, { "id": "Malware.AI.332823813", "display_name": "Malware.AI.332823813", "target": null }, { "id": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "display_name": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "AutoKMS.HackTool.Patcher.DDS", "display_name": "AutoKMS.HackTool.Patcher.DDS", "target": null }, { "id": "AI:Packer.A54E0A4F1D", "display_name": "AI:Packer.A54E0A4F1D", "target": null }, { "id": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "display_name": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "target": null }, { "id": "trojan.autoit/agufpxbi", "display_name": "trojan.autoit/agufpxbi", "target": null }, { "id": "W32.AIDetectVM.malware", "display_name": "W32.AIDetectVM.malware", "target": null }, { "id": "trojan.blocker/delfiles", "display_name": "trojan.blocker/delfiles", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1170", "name": "Mshta", "display_name": "T1170 - Mshta" }, { "id": "T1178", "name": "SID-History Injection", "display_name": "T1178 - SID-History Injection" } ], "industries": [ "Abuse", "Hacking", "Media", "Technology", "Reputation Devastation" ], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 1, "FileHash-SHA256": 130, "domain": 183, "hostname": 261, "URL": 1194 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "919 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c2a296d3cea258c9f1c2ad", "name": "Malicious Sites, PUPs, Malware, Brower Hijackers, Phishing Sites", "description": "", "modified": "2022-07-04T08:19:34.791000", "created": "2022-07-04T08:19:34.791000", "tags": [ "malware", "info", "pups", "phishing sites", "am cst", "shadowwhisperer", "curl", "wget" ], "references": [ "https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 44, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 47, "domain": 34626, "hostname": 19 }, "indicator_count": 34702, "is_author": false, "is_subscribing": null, "subscriber_count": 873, "modified_text": "1386 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "Data Analysis", "Hybrid-Anaysis.com", "https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/", "https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Malware", "Online Analysis observation of issue", "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Virus & Attack Analysis", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "https://bettylinking.blogspot[.]com/2025/01/tyga.html" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Trojan.xanfpezes/fugrafa", "Malware.ai.332823813", "Decovid19", "Virut", "Win32/virus.adware.42b", "W32.aidetectvm.malware", "Backdoor:php/artemis", "Win32.outbreak", "Trojan.genericrxep", "Suppobox", "Trojan.autoit/agufpxbi", "Autokms.hacktool.patcher.dds", "Malware.fakefolder/icon!1.6aa9 (classic)", "Kraken cryptor ransomware", "Malware.qvm06.gen", "Ai:packer.a54e0a4f1d", "Bscope.trojanransom.blocker", "Trojan.win32.generic!sb.0", "Skynet", "Trojan.autoit.wirus", "W32.common.00000000", "Trojware.win32.ransom.blocker.cdf@4tkf0k", "Trojan.blocker/delfiles", "Trojan.installcore.fe", "Trojan.packed.25266" ], "industries": [ "Media", "Hacking", "Abuse", "Reputation devastation", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "678565f0c11937595b52ea3b", "name": "ApateWeb Campaign Infected Sites - Blogspot Redirector", "description": "Additional IOCs gathered from an instance of ApateWeb discovered in the wild, via a Blogspot redirector campaign. These may be intentional adversary-controlled infra or simply infected servers that they have gained control over.\n\nApologies for duplicate IOCs, OTX has no method of filtering these out and makes it impossible to bulk remove them so I can upload a de-duped list instead, so there is no way for me to fix this.", "modified": "2025-01-20T23:31:01.411000", "created": "2025-01-13T19:13:52.391000", "tags": [ "blog", "redirector", "phishing", "malware", "Scareware", "Malvertising", "Ad Fraud", "Blogspot", "ApateWeb", "Cybercrime" ], "references": [ "https://unit42.paloaltonetworks.com/apateweb-scareware-pup-delivery-campaign/", "https://bettylinking.blogspot[.]com/2025/01/tyga.html" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1189", "name": "Drive-by Compromise", "display_name": "T1189 - Drive-by Compromise" }, { "id": "T1566.002", "name": "Spearphishing Link", "display_name": "T1566.002 - Spearphishing Link" }, { "id": "T1204.001", "name": "Malicious Link", "display_name": "T1204.001 - Malicious Link" }, { "id": "T1071.001", "name": "Web Protocols", "display_name": "T1071.001 - Web Protocols" }, { "id": "T1204.002", "name": "Malicious File", "display_name": "T1204.002 - Malicious File" }, { "id": "T1566.001", "name": "Spearphishing Attachment", "display_name": "T1566.001 - Spearphishing Attachment" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 42, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ajmeese7", "id": "218349", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_218349/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 34, "domain": 19039, "hostname": 18 }, "indicator_count": 19091, "is_author": false, "is_subscribing": null, "subscriber_count": 59, "modified_text": "454 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6570a47a360cc88cf348557c", "name": "Content Reputation", "description": "", "modified": "2023-12-06T16:42:34.542000", "created": "2023-12-06T16:42:34.542000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 261, "domain": 183, "FileHash-SHA256": 130, "URL": 1194, "FileHash-MD5": 80, "FileHash-SHA1": 1 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "865 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6502c8dc7c2db4d80976ad48", "name": "Content Reputation", "description": "Hidden cams throughout unknown homes in various rooms included laundry room & patio. iPhone cracking full Command & Device control. 24/7 Tracking & Monitoring of a female target. Hardcore Adult content provided also attacks named people with occupations. High level hacking. Abuse. Content seems to target USA & Germany. MALICIOUS links. Heavy iOS intrusion. CVE if any would likely discovered years ago and patched in an update. Still running. Viewers are provided access keys to view targets in all types of situations and conversations including arguments. Absolutely surreal.\nSome vulnerabilities listed pertains to entire site. SKYNET is found. Spyware. Malware l.\n\nOnly the most popularized threat labels are recognized by AV, I have used various known labels l.", "modified": "2023-10-14T05:03:24.012000", "created": "2023-09-14T08:48:28.761000", "tags": [ "united", "flag", "germany germany", "enom", "date", "gmt flag", "dns requests", "domain address", "server", "name server", "url http", "url https", "canada", "germany", "united kingdom", "scan endpoints", "all search", "report spam", "media", "uten", "virut", "suppobox", "decovid19", "khtml", "linux", "windows", "kraken created", "android", "win64", "Tsara Brashears", "Jeffrey Reimer DPT", "Spyware", "Phishing", "privilege", "controls move events", "keyloggers", "World Wide cyberthreat", "Counters", "Hidden Cams", "iOS access", "Retaliation?", "written for Android -iOS - Linux - Apple", "Pattern Match - Follows females phone choices. Cite pulse by unk", "Static AI", "Monitored Target Tsara Brashears", "Armadillo", "malware", "tehopx.exe", "FoxItReader.exe", "svhost.exe", "tracking radar", "evader", "Malware Evader", "dropper", "PDFReader.exe", "ketogenic switch", "ELF", "NORAD Tracking", "Brazzers", "Skynet" ], "references": [ "https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty-indian-patient-forces-sex-3gp-video-tsara-brashears/she-loves-how-i-pound-her-pussy", "Spawns new processes that are not known child processes details Spawned process \"iexplore.exe\" with commandline \"https://hifiporn.pw/xxx/1/white-dpt-jeffrey-reimer-loves-pretty- ...\" (Show Process) Spawned process \"iexplore.exe\" with commandline \"SCODEF:2864 CREDAT:275457 /prefetch:2\" (Show Process) source Monitored Target", "Hybrid-Anaysis.com", "Online Analysis observation of issue", "Virus & Attack Analysis", "Data Analysis" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America", "Canada", "Germany", "Ghana" ], "malware_families": [ { "id": "Virut", "display_name": "Virut", "target": null }, { "id": "SuppoBox", "display_name": "SuppoBox", "target": null }, { "id": "Kraken Cryptor Ransomware", "display_name": "Kraken Cryptor Ransomware", "target": null }, { "id": "DEcovid19", "display_name": "DEcovid19", "target": null }, { "id": "trojan.genericrxep", "display_name": "trojan.genericrxep", "target": null }, { "id": "Malware.QVM06.Gen", "display_name": "Malware.QVM06.Gen", "target": null }, { "id": "Win32/Virus.Adware.42b", "display_name": "Win32/Virus.Adware.42b", "target": null }, { "id": "Trojan.Win32.Generic!SB.0", "display_name": "Trojan.Win32.Generic!SB.0", "target": null }, { "id": "Trojan.Packed.25266", "display_name": "Trojan.Packed.25266", "target": null }, { "id": "W32.Common.00000000", "display_name": "W32.Common.00000000", "target": null }, { "id": "trojan.xanfpezes/fugrafa", "display_name": "trojan.xanfpezes/fugrafa", "target": null }, { "id": "Trojan.installcore.fe", "display_name": "Trojan.installcore.fe", "target": null }, { "id": "BScope.TrojanRansom.Blocker", "display_name": "BScope.TrojanRansom.Blocker", "target": null }, { "id": "Win32.Outbreak", "display_name": "Win32.Outbreak", "target": null }, { "id": "Malware.AI.332823813", "display_name": "Malware.AI.332823813", "target": null }, { "id": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "display_name": "TrojWare.Win32.Ransom.Blocker.cdf@4tkf0k", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "Trojan.Autoit.Wirus", "display_name": "Trojan.Autoit.Wirus", "target": null }, { "id": "AutoKMS.HackTool.Patcher.DDS", "display_name": "AutoKMS.HackTool.Patcher.DDS", "target": null }, { "id": "AI:Packer.A54E0A4F1D", "display_name": "AI:Packer.A54E0A4F1D", "target": null }, { "id": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "display_name": "Malware.FakeFolder/ICON!1.6AA9 (CLASSIC)", "target": null }, { "id": "trojan.autoit/agufpxbi", "display_name": "trojan.autoit/agufpxbi", "target": null }, { "id": "W32.AIDetectVM.malware", "display_name": "W32.AIDetectVM.malware", "target": null }, { "id": "trojan.blocker/delfiles", "display_name": "trojan.blocker/delfiles", "target": null }, { "id": "Skynet", "display_name": "Skynet", "target": null }, { "id": "Backdoor:PHP/Artemis", "display_name": "Backdoor:PHP/Artemis", "target": "/malware/Backdoor:PHP/Artemis" } ], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1035", "name": "Service Execution", "display_name": "T1035 - Service Execution" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1179", "name": "Hooking", "display_name": "T1179 - Hooking" }, { "id": "T1071.002", "name": "File Transfer Protocols", "display_name": "T1071.002 - File Transfer Protocols" }, { "id": "T1071.004", "name": "DNS", "display_name": "T1071.004 - DNS" }, { "id": "T1003", "name": "OS Credential Dumping", "display_name": "T1003 - OS Credential Dumping" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "TA0011", "name": "Command and Control", "display_name": "TA0011 - Command and Control" }, { "id": "T1170", "name": "Mshta", "display_name": "T1170 - Mshta" }, { "id": "T1178", "name": "SID-History Injection", "display_name": "T1178 - SID-History Injection" } ], "industries": [ "Abuse", "Hacking", "Media", "Technology", "Reputation Devastation" ], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "OctoSeek", "id": "243548", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 80, "FileHash-SHA1": 1, "FileHash-SHA256": 130, "domain": 183, "hostname": 261, "URL": 1194 }, "indicator_count": 1849, "is_author": false, "is_subscribing": null, "subscriber_count": 220, "modified_text": "919 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "62c2a296d3cea258c9f1c2ad", "name": "Malicious Sites, PUPs, Malware, Brower Hijackers, Phishing Sites", "description": "", "modified": "2022-07-04T08:19:34.791000", "created": "2022-07-04T08:19:34.791000", "tags": [ "malware", "info", "pups", "phishing sites", "am cst", "shadowwhisperer", "curl", "wget" ], "references": [ "https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Malware" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 44, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 10, "FileHash-SHA1": 47, "domain": 34626, "hostname": 19 }, "indicator_count": 34702, "is_author": false, "is_subscribing": null, "subscriber_count": 873, "modified_text": "1386 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "creativeformatsnetwork.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "creativeformatsnetwork.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776700306.0648005 }