{ "type": "Domain", "indicator": "crowdstrikebluescreen.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/crowdstrikebluescreen.com", "alexa": "http://www.alexa.com/siteinfo/crowdstrikebluescreen.com", "indicator": "crowdstrikebluescreen.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3924356387, "indicator": "crowdstrikebluescreen.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 47, "pulses": [ { "id": "68cf51e3b271cc64409972bf", "name": "InQuest - 20-09-2025", "description": "", "modified": "2025-10-21T01:01:14.281000", "created": "2025-09-21T01:16:19.455000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 75, "URL": 295, "FileHash-SHA256": 283, "domain": 84, "FileHash-SHA1": 9 }, "indicator_count": 746, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68b8db1cd696dfb6955839b9", "name": "InQuest - 03-09-2025", "description": "", "modified": "2025-10-04T00:01:28.348000", "created": "2025-09-04T00:19:40.800000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 62, "URL": 356, "domain": 110, "FileHash-SHA256": 412, "FileHash-MD5": 3, "FileHash-SHA1": 7 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 1602, "modified_text": "197 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68ae4cacce1683b182c69068", "name": "InQuest - 26-08-2025", "description": "", "modified": "2025-09-26T00:01:12.214000", "created": "2025-08-27T00:09:16.382000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 40, "URL": 253, "FileHash-SHA256": 195, "domain": 98, "FileHash-SHA1": 8, "FileHash-MD5": 8 }, "indicator_count": 602, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "205 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6881bd3d2c2bfbe3a634eaaf", "name": "InQuest - 23-07-2025", "description": "", "modified": "2025-08-23T04:01:05.703000", "created": "2025-07-24T04:57:33.935000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 34, "URL": 146, "FileHash-SHA256": 169, "FileHash-SHA1": 16, "domain": 36, "FileHash-MD5": 8 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "239 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687f143a967e1e3a07d87b83", "name": "InQuest - 21-07-2025", "description": "", "modified": "2025-08-21T04:03:37.017000", "created": "2025-07-22T04:31:54.502000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 38, "URL": 253, "FileHash-SHA256": 229, "domain": 45, "FileHash-SHA1": 42, "FileHash-MD5": 2 }, "indicator_count": 609, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "241 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687daa0247ce0612a1b17650", "name": "InQuest - 20-07-2025", "description": "", "modified": "2025-08-20T02:03:27.794000", "created": "2025-07-21T02:46:26.441000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 14, "URL": 148, "FileHash-SHA256": 169, "FileHash-MD5": 6, "domain": 52, "FileHash-SHA1": 8 }, "indicator_count": 397, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "242 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6831180b91b9acfdb05f5706", "name": "InQuest - 23-05-2025", "description": "", "modified": "2025-06-23T00:02:19.148000", "created": "2025-05-24T00:51:23.763000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 461, "hostname": 39, "URL": 238, "domain": 59, "FileHash-SHA1": 16, "FileHash-MD5": 11 }, "indicator_count": 824, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "300 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "682fb98d14460e00a2f5af28", "name": "InQuest - 22-05-2025", "description": "", "modified": "2025-06-21T23:02:56.610000", "created": "2025-05-22T23:55:57.793000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 335, "URL": 175, "domain": 45, "hostname": 33, "FileHash-SHA1": 29, "FileHash-MD5": 9 }, "indicator_count": 626, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "301 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6802e4f858f021d995613c7d", "name": "InQuest - 18-04-2025", "description": "", "modified": "2025-05-18T23:01:09.323000", "created": "2025-04-18T23:49:12.546000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 436, "FileHash-MD5": 22, "URL": 346, "FileHash-SHA1": 19, "hostname": 57, "domain": 108 }, "indicator_count": 988, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "335 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68018ec0d07bce6af1ad2c0d", "name": "InQuest - 17-04-2025", "description": "", "modified": "2025-05-17T23:00:53.793000", "created": "2025-04-17T23:29:04.810000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 16, "domain": 109, "URL": 474, "hostname": 107, "FileHash-SHA256": 463, "FileHash-MD5": 20 }, "indicator_count": 1189, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "336 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67c0cdc35112c5919563a334", "name": "Intel is bad awy", "description": "", "modified": "2025-03-29T20:01:20.482000", "created": "2025-02-27T20:40:35.539000", "tags": [ "sign", "github", "find", "view", "search", "strong", "code issues", "pull", "breadcrumbs", "damn", "star", "footer", "sha1", "helldown linux", "iocs helldown", "windows payload", "icon", "darkrace", "donex", "ransom", "defanged file", "hashes", "ipv4", "sha256", "c2 ip", "address", "plugin", "brazanbamboo c2", "panel", "archive file", "bha006", "telegram bot", "token", "chat id", "sha256 hashes", "iocs", "intermediary", "landing", "aitm server", "compromise note", "hashes payload", "loader", "dropper", "ips https", "urls https", "duoyi", "ioc url", "ipv4 address", "c2 server", "sample sha256", "remcos", "decrypted", "urls http", "payload", "amos stealer", "stealc c2", "rhadamanthys c2", "phishing urls", "google meet", "amos steaker", "html payload", "stealc payload", "md5 hashes", "sha1 hashes", "iocs zip", "lnk file", "msi file", "payload url", "eldorado", "linux", "service dll", "cheat engine", "c2 domain", "compromise", "urls", "iocs files", "network ip", "domain", "malware hash", "noopldr type1", "noopldr type2", "download url", "email addresses", "block", "ioc http", "iocs hash", "url https", "ghostgambit", "hidden rootkit", "gh0strat", "mekotio banking", "financial", "latin america", "detected", "zipmsi", "downloader", "ip address", "cobalt strike", "first seen", "seen", "pantegana", "tls certificate", "fingerprint", "samples", "trojanspy", "msi", "subdomains", "reddit", "wetransfer", "ioc hash", "file hashes", "ip addresses", "fake captcha", "html", "hta script", "lumma payload", "filehashsha256", "indicator type", "sha256 lnk", "ports", "first stage", "md5 file", "domains", "reddelta c2", "servers", "octoberdecember", "shortcut", "files", "solo airfield", "quoc", "bctt", "kongtuke", "mintsloader c2", "js download", "c2 http", "boinc c2", "c2 address", "analyzed", "file name", "na stark", "na majestic", "description", "trojanized", "beavertail", "anydesk module", "domain hosting", "first", "details", "monitor", "sites", "fake chrome", "payload host", "c2 https", "examples", "atomic stealer", "c2 servers", "cthulhu stealer", "server http", "l files", "original", "iocs malicious", "mirrowsimps", "defanged", "strike loaders", "plugx", "plugx c2", "sspiuacbypass", "malware", "malware c2", "filehashmd5", "site", "orgvgodpayment", "quite solsjoas", "ioc sha256", "similar sha256", "http", "url hundreds", "url samples", "filehash", "guidloader", "finaldraft elf", "type name", "reference", "finaldraft", "sha256 pfman", "pathloader", "atomic https", "systembc", "ghostsocks", "invisibleferret", "vant", "rspackcore", "monero", "sha256 hash", "code snippets", "psexec", "ituneshelper", "pscp", "sftp", "googleupdate", "meshagent", "ultravnc", "file", "bootkitty iocs", "phpsert", "phpsert variant", "createdump tool", "visual studio", "code", "server", "sql injection", "studio code", "ssh access", "hta file", "vbshower c2", "powershower c2", "cloud", "hta md5", "domain name", "links", "c http", "horns", "version", "version b", "version c", "version d", "version e", "burnsrat c", "a http", "github users", "shell commands", "vssadmin delete", "userprofile", "public", "registry keys", "phobos", "lettointago", "carljohnson1948", "samuelwhite1821", "file hash", "lockbit", "indicatortype", "data", "mlpea", "w32neshtad", "gmer", "neshta", "opswat oesis", "v4 removal" ], "references": [ "Bootkitty", "Glove-Stealer", "Fake Discount Sites Exploit Black Friday", "Helldown Ransomware", "HawkEye Malware", "PXA Stealer", "Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack", "BrazenBamboo", "SpyGlace", "RustyStealer and New Ymir Ransomware", "PyPI-AIOCPA", "Python NodeStealer", "romcom-exploits-firefox-and-windows", "Rockstar-Phishing", "Silent Skimmer Gets Loud (Again)", "SteelFox Trojan", "WezRat Malware", "Avast-Anti-Root-KIt", "Winos4.0 RAT", "APT36", "WolfsBane Backdoor", "APT-K-47", "Remcos RAT", "babbleloader", "Bitter APT", "UAC-0194\u2019s Exploitation of CVE-2024-43451 in Ukraine for Phishing", "CloudScout_ Evasive Panda scouting cloud services", "clickfix-tactic", "Akira Ransomware", "Bumblebee Malware", "ELDORADO RANSOMWARE", "Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan", "Demodex rootkit", "BugSleep Malware", "HotPage.exe (malware)", "Qilin Ransomware", "NOOPDOOR Malware", "Shadowroot Ransomware", "play ransomware", "MALLOX RANSOMWARE", "New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users", "ACR Stealer", "Suspicious Domains Exploiting the Recent CrowdStrike Outage!", "Gh0stGambit", "MEKOTIO BANKING TROJAN", "TAG-100", "Fake game sites lead to information stealers", "Chrome Extensions Hijacked, 2.6 Million Users Impacted", "macOS Users Targeted by the New Variant of Banshee Infostealer", "Hundreds of fake Reddit sites push Lumma Stealer malware", "GamaCopy APT Group Mimicking GamaRedon", "InvisibleFerret Malware Leveraging Python for Targeted Attacks", "Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer", "REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors", "Phishing Campaigns Fuel Compiled AutoIt Malware Distribution", "The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads", "New Star Blizzard spear-phishing campaign targets WhatsApp accounts", "RansomHub Affiliate leverages Python-based backdoor", "Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques", "Advanced Evasion Techniques Used by NonEuclid RAT", "The Return of PlugX Malware with Fresh Tricks", "The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts", "Weaponized Software Targeting Chinese Organizations", "Threat Surge as Lumma Stealer Expands Its Reach", "Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain", "MintsLoader_Stealc", "North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks", "North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware", "Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques", "Salt Typhoon Target U.S. Telecom Networks", "SecTopRAT", "Stealers on the Rise", "Snake Keylogger", "AsyncRAT Reloaded", "The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation", "FatalRAT", "SystemBC RAT Poses New Risks to Linux System", "Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations", "FERRET Malware Targets macOS in Sophisticated North Korean Attacks", "Espionage Campaign Targeting South Asian Entities", "Astral Stealer Strikes Again Stealing More Than Just Your Cookies", "The New Ransomware Menace Vgod Gains Momentum", "Microsoft Advertisers Phished via Malicious Google Ads", "LegionLoader Malware Expands Global Reach", "NEW.txt", "From Stealers to Ransomware PureCrypter Delivers It All", "New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs", "FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux", "LockBit Ransomware Attack Leveraging Cobalt Strike", "Rspack_Compromised_Packages", "SmokeLoader", "Sock5Systemz-PROXY-AM", "solana-backdoor", "U.S. Organization in China Targeted by Attackers", "UAC-0185 attacks warned by CERT-UA", "BellaCpp", "bootkitty(logofail)", "Visual Studio Code Remote tunnels", "Cloud Atlas seen using a new tool in its attacks", "Christmas-Themed LNK Files Used for Malware Delivery", "DarkGate", "MirrorFace Campain", "horns-hooves", "Developers Targeted by New \u2018OtterCookie\u2019 Malware with Fake Job Offers", "NetSupport RAT and BurnsRAT", "Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery", "MUT-1244-GitHub", "Phobos ransomware", "Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data", "PUMAKIT", "OtterCookie used by Contagious Interview", "Ransomware-Lockbit3-IOCs.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mekotio Banking", "display_name": "Mekotio Banking", "target": null }, { "id": "TrojanSpy", "display_name": "TrojanSpy", "target": null }, { "id": "MSI", "display_name": "MSI", "target": null }, { "id": "InvisibleFerret", "display_name": "InvisibleFerret", "target": null }, { "id": "Vant", "display_name": "Vant", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1176", "name": "Browser Extensions", "display_name": "T1176 - Browser Extensions" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 84, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Badderawy", "id": "310597", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 950, "FileHash-SHA1": 847, "FileHash-SHA256": 1060, "hostname": 1158, "domain": 867, "URL": 813, "email": 77, "CIDR": 2, "CVE": 9 }, "indicator_count": 5783, "is_author": false, "is_subscribing": null, "subscriber_count": 27, "modified_text": "385 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6771e4af935a0bd51ecffcb7", "name": "InQuest - 29-12-2024", "description": "", "modified": "2025-01-29T00:00:31.366000", "created": "2024-12-30T00:09:19.061000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 532, "FileHash-SHA256": 741, "domain": 106, "hostname": 80, "FileHash-SHA1": 21, "FileHash-MD5": 27 }, "indicator_count": 1507, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "445 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "67709281170e2bebca79c31b", "name": "InQuest - 28-12-2024", "description": "", "modified": "2025-01-28T00:02:19.801000", "created": "2024-12-29T00:06:25.590000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 13, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 444, "FileHash-SHA256": 682, "domain": 101, "hostname": 58, "FileHash-SHA1": 21, "FileHash-MD5": 27 }, "indicator_count": 1333, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "446 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "676f419c67996f920882a466", "name": "InQuest - 27-12-2024", "description": "", "modified": "2025-01-27T00:04:22.341000", "created": "2024-12-28T00:09:00.491000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 467, "FileHash-SHA256": 656, "FileHash-SHA1": 24, "domain": 121, "hostname": 81, "FileHash-MD5": 27 }, "indicator_count": 1376, "is_author": false, "is_subscribing": null, "subscriber_count": 1604, "modified_text": "447 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "676defce21dbf05baf3f1923", "name": "InQuest - 26-12-2024", "description": "", "modified": "2025-01-26T00:03:47.506000", "created": "2024-12-27T00:07:42.355000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 480, "FileHash-SHA256": 732, "domain": 111, "FileHash-SHA1": 26, "hostname": 90, "FileHash-MD5": 25 }, "indicator_count": 1464, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "448 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "676c9e8f14ad2a56a25ab2cd", "name": "InQuest - 25-12-2024", "description": "", "modified": "2025-01-25T00:00:03.360000", "created": "2024-12-26T00:08:47.821000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 444, "FileHash-SHA256": 809, "FileHash-MD5": 25, "domain": 115, "hostname": 115, "FileHash-SHA1": 22 }, "indicator_count": 1530, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "449 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "676b4cc20646d55cf5087563", "name": "InQuest - 24-12-2024", "description": "", "modified": "2025-01-24T00:00:38.344000", "created": "2024-12-25T00:07:28.562000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 574, "FileHash-SHA256": 773, "FileHash-MD5": 26, "domain": 113, "hostname": 120, "FileHash-SHA1": 22 }, "indicator_count": 1628, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "450 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6769fb2762335b75a85bb003", "name": "InQuest - 23-12-2024", "description": "", "modified": "2025-01-23T00:01:07.834000", "created": "2024-12-24T00:07:03.253000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 597, "FileHash-SHA1": 35, "FileHash-SHA256": 799, "domain": 109, "FileHash-MD5": 66, "hostname": 111 }, "indicator_count": 1717, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "451 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6760c08019b4bf8ac0ff435d", "name": "InQuest - 16-12-2024", "description": "", "modified": "2025-01-16T00:01:59.365000", "created": "2024-12-17T00:06:24.378000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 484, "FileHash-SHA256": 805, "FileHash-MD5": 21, "FileHash-SHA1": 33, "domain": 132, "hostname": 106 }, "indicator_count": 1581, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "458 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "675f6f12b0263311019e2661", "name": "InQuest - 15-12-2024", "description": "", "modified": "2025-01-15T00:02:57.863000", "created": "2024-12-16T00:06:42.731000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 510, "FileHash-SHA256": 793, "FileHash-SHA1": 40, "domain": 141, "hostname": 103, "FileHash-MD5": 21 }, "indicator_count": 1608, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "459 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "675e1ddc079e37e0572a0ec5", "name": "InQuest - 14-12-2024", "description": "", "modified": "2025-01-14T00:02:58.431000", "created": "2024-12-15T00:07:56.726000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 561, "FileHash-SHA256": 894, "domain": 143, "hostname": 117, "FileHash-MD5": 25, "FileHash-SHA1": 39 }, "indicator_count": 1779, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "460 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "675ccc5c1ce05c14d502d25b", "name": "InQuest - 13-12-2024", "description": "", "modified": "2025-01-13T00:04:50.992000", "created": "2024-12-14T00:07:56.101000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 543, "FileHash-SHA256": 876, "FileHash-SHA1": 27, "domain": 160, "hostname": 90, "FileHash-MD5": 25 }, "indicator_count": 1721, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "461 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "675b7a8d715bea8dae799800", "name": "InQuest - 12-12-2024", "description": "", "modified": "2025-01-12T00:06:37.933000", "created": "2024-12-13T00:06:37.316000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 528, "FileHash-SHA256": 884, "FileHash-MD5": 23, "FileHash-SHA1": 26, "domain": 174, "hostname": 85 }, "indicator_count": 1720, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "462 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "675a291c4db55758a6c9939f", "name": "InQuest - 11-12-2024", "description": "", "modified": "2025-01-11T00:05:21.483000", "created": "2024-12-12T00:06:52.807000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 9, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 486, "FileHash-SHA256": 791, "domain": 169, "hostname": 73, "FileHash-SHA1": 25, "FileHash-MD5": 22 }, "indicator_count": 1566, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "463 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6758d6b537b2a55149ef62d8", "name": "InQuest - 10-12-2024", "description": "", "modified": "2025-01-10T00:01:00.333000", "created": "2024-12-11T00:03:01.699000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 10, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 477, "FileHash-SHA256": 774, "FileHash-SHA1": 25, "domain": 170, "hostname": 92, "FileHash-MD5": 22 }, "indicator_count": 1560, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "464 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6757868d091fe41a5f4eb7f7", "name": "InQuest - 09-12-2024", "description": "", "modified": "2025-01-09T00:00:38.235000", "created": "2024-12-10T00:08:45.010000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 14, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 662, "domain": 158, "URL": 439, "FileHash-MD5": 9, "hostname": 90, "FileHash-SHA1": 19 }, "indicator_count": 1377, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "465 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6756344c5a91b110c510ec07", "name": "InQuest - 08-12-2024", "description": "", "modified": "2025-01-08T00:04:53.735000", "created": "2024-12-09T00:05:32.432000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 157, "URL": 431, "FileHash-MD5": 9, "hostname": 86, "FileHash-SHA256": 608, "FileHash-SHA1": 14 }, "indicator_count": 1305, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "466 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6750ef0b094398caed24334d", "name": "InQuest - 04-12-2024", "description": "", "modified": "2025-01-06T23:11:01.995000", "created": "2024-12-05T00:08:43.209000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 798, "FileHash-MD5": 47, "hostname": 68, "URL": 322, "domain": 69, "FileHash-SHA1": 27 }, "indicator_count": 1331, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674f9ce1718136e15df53b91", "name": "InQuest - 03-12-2024", "description": "", "modified": "2025-01-06T23:11:01.995000", "created": "2024-12-04T00:05:53.926000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 799, "URL": 378, "domain": 76, "hostname": 82, "FileHash-SHA1": 27, "FileHash-MD5": 47 }, "indicator_count": 1409, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "467 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674e4ba5d0ce7a54e0ebb0d7", "name": "InQuest - 02-12-2024", "description": "", "modified": "2025-01-02T00:01:57.506000", "created": "2024-12-03T00:07:01.241000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 744, "URL": 362, "domain": 78, "hostname": 70, "FileHash-MD5": 47, "FileHash-SHA1": 16 }, "indicator_count": 1317, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "472 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "674cfa1081611607db7aadc5", "name": "InQuest - 01-12-2024", "description": "", "modified": "2025-01-01T00:02:25.701000", "created": "2024-12-02T00:06:40.854000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 490, "FileHash-SHA256": 535, "FileHash-MD5": 7, "hostname": 81, "domain": 91, "FileHash-SHA1": 30 }, "indicator_count": 1234, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66da397022e85e70133cc25c", "name": "InQuest - 05-09-2024", "description": "", "modified": "2024-10-05T23:04:08.318000", "created": "2024-09-05T23:06:24.493000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 605, "FileHash-SHA256": 673, "FileHash-MD5": 203, "domain": 156, "FileHash-SHA1": 22, "hostname": 109 }, "indicator_count": 1768, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "560 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66d8e809f5f21591e5ff8aa9", "name": "InQuest - 04-09-2024", "description": "", "modified": "2024-10-04T23:01:13.782000", "created": "2024-09-04T23:06:49.702000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 702, "FileHash-SHA1": 20, "hostname": 125, "domain": 197, "FileHash-SHA256": 873, "FileHash-MD5": 7 }, "indicator_count": 1924, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "561 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66d250b5dcf88c775f929828", "name": "InQuest - 30-08-2024", "description": "", "modified": "2024-09-29T23:03:12.335000", "created": "2024-08-30T23:07:33.575000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 716, "FileHash-SHA256": 890, "hostname": 133, "FileHash-SHA1": 18, "domain": 197, "FileHash-MD5": 7 }, "indicator_count": 1961, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "566 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669fed578929aa09c47cbdd5", "name": "Fake CrowdStrike repair manual containing malicious macros | Fake Crowdstrike Domains", "description": "In recent events regarding the Crowdstrike outage, this pulse has been created to list the IoCs of fake domains pretending to be Crowdstrike support as well as recent phishing attempts that indicate actors are using fake help guides that contain malicous macros", "modified": "2024-08-22T00:04:43.471000", "created": "2024-07-23T17:50:15.685000", "tags": [ "crowdstrike", "windows", "daolpu", "chrome", "edge", "firefox", "falcon update", "friday", "recovery tool", "cc cc", "next", "hijackloader", "remcos", "linux", "policy", "internet site", "the internet", "site", "organization", "internet", "personal data", "cookie policy", "socradar", "cookie usage", "date", "understand info", "july", "sha256 hash", "word document", "falcon logscale", "iocs", "daolpu sha256", "falcon sensor", "analysis lure", "document", "mozilla" ], "references": [ "https://www.bleepingcomputer.com/news/security/fake-crowdstrike-repair-manual-pushes-new-daolpu-infostealer-malware/", "https://socradar.io/suspicious-domains-exploiting-the-recent-crowdstrike-outage/", "https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Remcos", "display_name": "Remcos", "target": null }, { "id": "Linux", "display_name": "Linux", "target": null }, { "id": "Daolpu", "display_name": "Daolpu", "target": null }, { "id": "Understand Info", "display_name": "Understand Info", "target": null } ], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1036", "name": "Masquerading", "display_name": "T1036 - Masquerading" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1090", "name": "Proxy", "display_name": "T1090 - Proxy" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1070", "name": "Indicator Removal on Host", "display_name": "T1070 - Indicator Removal on Host" }, { "id": "T1041", "name": "Exfiltration Over C2 Channel", "display_name": "T1041 - Exfiltration Over C2 Channel" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1204", "name": "User Execution", "display_name": "T1204 - User Execution" }, { "id": "T1555", "name": "Credentials from Password Stores", "display_name": "T1555 - Credentials from Password Stores" }, { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 26, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberMike", "id": "289045", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA256": 9, "URL": 1, "domain": 51, "email": 1, "hostname": 4, "FileHash-SHA1": 4, "YARA": 1 }, "indicator_count": 76, "is_author": false, "is_subscribing": null, "subscriber_count": 19, "modified_text": "605 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e1536769b8ca23684cd60", "name": "Hackers Exploits CrowdStrike Issues to Attack Windows System With RemCos Malware", "description": "Security firm CrowdStrike has reported that hackers have exploited a content update for its Falcon sensor to attack Windows operating systems with RemCos malware from July 20, 2024. the first such attack in the world.", "modified": "2024-08-21T08:01:05.957000", "created": "2024-07-22T08:15:50.072000", "tags": [ "crowdstrike", "windows", "latam", "zip archive", "falcon", "hijackloader", "remcos payload", "july", "falcon sensor", "remcos", "phishing" ], "references": [ "https://cybersecuritynews.com/threat-actor-exploits-crowdstrike-falcon-sensor-issues/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "HijackLoader", "display_name": "HijackLoader", "target": null }, { "id": "RemCos", "display_name": "RemCos", "target": null } ], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 25, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 3, "FileHash-SHA1": 3, "FileHash-SHA256": 5, "domain": 23, "hostname": 6 }, "indicator_count": 40, "is_author": false, "is_subscribing": null, "subscriber_count": 846, "modified_text": "606 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669c23f11215e548fbd4c4ec", "name": "Phishing and Malware URLs Exploiting Recent CrowdStrike Incident", "description": "Here is the full text of the HijackLoader, which has been used by hackers to launch the attack on the UK's largest online market, Crowdstrike, in the wake of last week's attack.", "modified": "2024-08-19T18:04:49.704000", "created": "2024-07-20T20:54:09.129000", "tags": [ "domain", "sha256", "domain na", "et ja3", "hash", "tls connection", "threats open", "suricata", "snort alert", "rule", "remcos", "trojan" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [ "Crowdstrike" ], "TLP": "white", "cloned_from": null, "export_count": 32, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Superpro", "id": "61676", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 6, "FileHash-SHA256": 13, "domain": 12 }, "indicator_count": 37, "is_author": false, "is_subscribing": null, "subscriber_count": 216, "modified_text": "608 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669b9180cc3545d83a5bdb2b", "name": "Crowd Strike", "description": "IP 63,251[.]106,106.25, iscrowdstrike-apocalypse, according to an IP address shared by more than 1.5 million people on Twitter and Facebook.", "modified": "2024-08-19T10:00:10.669000", "created": "2024-07-20T10:29:20.526000", "tags": [], "references": [ "CrowdStrike.txt" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 20 }, "indicator_count": 20, "is_author": false, "is_subscribing": null, "subscriber_count": 87, "modified_text": "608 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669ac67b7f3012e1bf066111", "name": "ACTIVIDAD MALICIOSA | Campa\u00f1a relacionada con actividad de Squatting afectando a crowdstrike 19-07-2024", "description": "As a result of the incident that affected CrowdStrike, cybercriminals began conducting impersonation campaigns, taking advantage of users who are inexperienced and/or unskilled in proper update procedures. This left an open gap for these cybercriminals to deceive them by accessing fake URLs or downloading supposed update software to carry out phishing actions and/or information theft.", "modified": "2024-08-18T19:01:11.577000", "created": "2024-07-19T20:03:07.442000", "tags": [ "windows", "crowdstrike", "channel file", "microsoft", "falcon sensor", "windir", "locate", "detach", "falcon content", "update", "reboot" ], "references": [ "https://www.virustotal.com/graph/embed/g6b3b048f25284af4957e04272a2433a0f3dd247735784cec96dfdb39402fcbce?theme=light", "https://www.virustotal.com/gui/collection/0d81f8902881a4bb6de3079b86ca533808c1279205b918dda67eb8016634af1d", "https://otx.alienvault.com/pulse/669ac67b7f3012e1bf066111" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 18, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 3, "domain": 8 }, "indicator_count": 11, "is_author": false, "is_subscribing": null, "subscriber_count": 270, "modified_text": "609 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66aba1d4ed0cf81e939c043e", "name": "CrowdStrike_Phishing_08012024", "description": "", "modified": "2024-08-01T14:55:16.771000", "created": "2024-08-01T14:55:16.771000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "AustinBH", "id": "147442", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 553, "hostname": 2077, "URL": 1 }, "indicator_count": 2631, "is_author": false, "is_subscribing": null, "subscriber_count": 58, "modified_text": "626 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a74f47a7874eb025af53b8", "name": "Falcon Sensor Issue Likely Used to Target CrowdStrike Customers", "description": "Security firm CrowdStrike Intelligence has identified domains that impersonate its brand and may be used to target its customers in the 2024 Windows \u201cApocalypse\u201d cyber-attack event, which takes place on 19 July 2024.", "modified": "2024-07-29T08:13:59.210000", "created": "2024-07-29T08:13:59.210000", "tags": [ "july", "crowdstrike", "figure", "falcon content", "update", "windows hosts", "windows", "logscale query", "george kurtz", "falcon" ], "references": [ "https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 21, "hostname": 4 }, "indicator_count": 25, "is_author": false, "is_subscribing": null, "subscriber_count": 847, "modified_text": "629 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66a4003d51211a2e605d9e12", "name": "ACTIVIDAD MALICIOSA | Relacionada con Estafa de CrowdStrike 26-07-2024", "description": "Las principales v\u00edctimas de la estafa de CrowdStrike fueron los usuarios especialmente clientes del banco BBVA. Estas v\u00edctimas recibieron correos electr\u00f3nicos fraudulentos o visitaron sitios web falsos que se hac\u00edan pasar por portales leg\u00edtimos, como la Intranet del BBVA. Los afectados incluyeron tanto individuos como organizaciones que, al interactuar con estas falsas actualizaciones, expusieron sus sistemas a riesgos como el acceso remoto no autorizado, la p\u00e9rdida de datos y el robo de informaci\u00f3n sensible. Adem\u00e1s, usuarios desprevenidos fueron enga\u00f1ados para invertir en falsos tokens de criptomonedas, resultando en p\u00e9rdidas financieras.", "modified": "2024-07-26T19:59:57.009000", "created": "2024-07-26T19:59:57.009000", "tags": [ "crowdstrike", "combo cleaner", "windows", "remcos rat", "bbva", "rat remcos", "crowdstrike que", "tambin", "crowdstroke", "adems", "twitter", "muerte", "phishing" ], "references": [ "https://www.virustotal.com/graph/embed/gf25927984162454b9ba7b810cd1855ac7fd51788b4914ec4a9d61504d996f93a?theme=light", "https://www.alertasyseguridad.net/repositorio-ioc/", "https://www.pcrisk.es/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Remcos - S0332", "display_name": "Remcos - S0332", "target": null } ], "attack_ids": [ { "id": "T1140", "name": "Deobfuscate/Decode Files or Information", "display_name": "T1140 - Deobfuscate/Decode Files or Information" }, { "id": "T1498", "name": "Network Denial of Service", "display_name": "T1498 - Network Denial of Service" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 17, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "esoporteingenieria2020", "id": "121604", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_121604/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 266, "modified_text": "631 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e2c69d92e9ddf3364a8ac", "name": "Crowdstrike Phishing Domains - JustPaste.it", "description": "Crowdstrike Phishing Domains are being found actively in the wild \nSome of the domains targeted by hackers were registered 2-3 days back.", "modified": "2024-07-22T09:54:49.171000", "created": "2024-07-22T09:54:49.171000", "tags": [ "domains", "crowdstrike", "follow", "osint", "privacy", "blog", "phishing" ], "references": [ "https://justpaste.it/du8fx", "https://x.com/RakeshKrish12/status/1815323217906847980" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1598", "name": "Phishing for Information", "display_name": "T1598 - Phishing for Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Bheeshmar", "id": "55168", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_55168/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 103, "hostname": 6 }, "indicator_count": 109, "is_author": false, "is_subscribing": null, "subscriber_count": 83, "modified_text": "636 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e2c0340eee605df796aca", "name": "Hackers Exploit CrowdStrike Issue in Cyber Attacks", "description": "This is the full text of the crowd-funding website, which was created by a group of people calling themselves the \"crowdstrike apocalypse\" after a series of problems with the site's website.", "modified": "2024-07-22T09:53:07.566000", "created": "2024-07-22T09:53:07.566000", "tags": [ "classification", "confidential" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 1, "domain": 38, "hostname": 7 }, "indicator_count": 46, "is_author": false, "is_subscribing": null, "subscriber_count": 486, "modified_text": "636 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669e15708ac31774edd1a1c0", "name": "Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks", "description": "Hackers are exploiting a technical issue in CrowdStrike\u2019s Windows systems to launch new attacks, according to the security firm's research and development (CrowdStrike) and research group, Crowdstrike Intelligence.", "modified": "2024-07-22T08:16:48.217000", "created": "2024-07-22T08:16:48.217000", "tags": [ "crowdstrike", "windows", "july", "business", "from spoofing", "phishing", "free", "intelligence", "follow official", "remain" ], "references": [ "https://cybersecuritynews.com/hackers-exploiting-crowdstrike/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunter_NL", "id": "171283", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_171283/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 23, "hostname": 6 }, "indicator_count": 29, "is_author": false, "is_subscribing": null, "subscriber_count": 845, "modified_text": "636 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669adcd1fb5e8765021a3523", "name": "CrowdStrike phishing domains", "description": "CrowdStrike phishing domains", "modified": "2024-07-19T21:38:25.025000", "created": "2024-07-19T21:38:25.025000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 20, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "aa00643640@techmahindra.com", "id": "156540", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 7 }, "indicator_count": 7, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "638 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "669ad4f2e6db29c50ed84f6b", "name": "Custom IoC [19-07-2024]", "description": "Ticket #336706", "modified": "2024-07-19T21:05:46.414000", "created": "2024-07-19T21:04:50.198000", "tags": [ "domain", "ioc type", "value", "hash type", "comment domain" ], "references": [ "IOCs - phishing crowdstrike.csv" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 19, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "vortexsec", "id": "44991", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 19 }, "indicator_count": 19, "is_author": false, "is_subscribing": null, "subscriber_count": 32, "modified_text": "638 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware", "Chrome Extensions Hijacked, 2.6 Million Users Impacted", "North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks", "FatalRAT", "Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery", "https://cybersecuritynews.com/threat-actor-exploits-crowdstrike-falcon-sensor-issues/", "Gh0stGambit", "Python NodeStealer", "RansomHub Affiliate leverages Python-based backdoor", "bootkitty(logofail)", "Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data", "Avast-Anti-Root-KIt", "PXA Stealer", "Stealers on the Rise", "WezRat Malware", "babbleloader", "BrazenBamboo", "Shadowroot Ransomware", "Ransomware-Lockbit3-IOCs.csv", "Christmas-Themed LNK Files Used for Malware Delivery", "https://www.virustotal.com/graph/embed/gf25927984162454b9ba7b810cd1855ac7fd51788b4914ec4a9d61504d996f93a?theme=light", "BellaCpp", "HotPage.exe (malware)", "ELDORADO RANSOMWARE", "Glove-Stealer", "Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations", "The Return of PlugX Malware with Fresh Tricks", "Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan", "FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux", "MUT-1244-GitHub", "UAC-0185 attacks warned by CERT-UA", "solana-backdoor", "Threat Surge as Lumma Stealer Expands Its Reach", "https://www.bleepingcomputer.com/news/security/fake-crowdstrike-repair-manual-pushes-new-daolpu-infostealer-malware/", "Bootkitty", "SystemBC RAT Poses New Risks to Linux System", "BugSleep Malware", "Salt Typhoon Target U.S. Telecom Networks", "UAC-0194\u2019s Exploitation of CVE-2024-43451 in Ukraine for Phishing", "https://otx.alienvault.com/pulse/669ac67b7f3012e1bf066111", "horns-hooves", "OtterCookie used by Contagious Interview", "Qilin Ransomware", "https://socradar.io/suspicious-domains-exploiting-the-recent-crowdstrike-outage/", "Phobos ransomware", "Developers Targeted by New \u2018OtterCookie\u2019 Malware with Fake Job Offers", "TAG-100", "Visual Studio Code Remote tunnels", "Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques", "PyPI-AIOCPA", "RustyStealer and New Ymir Ransomware", "https://x.com/RakeshKrish12/status/1815323217906847980", "https://cybersecuritynews.com/hackers-exploiting-crowdstrike/", "Espionage Campaign Targeting South Asian Entities", "MintsLoader_Stealc", "https://justpaste.it/du8fx", "CloudScout_ Evasive Panda scouting cloud services", "WolfsBane Backdoor", "IOCs - phishing crowdstrike.csv", "APT-K-47", "Snake Keylogger", "New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs", "https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/", "GamaCopy APT Group Mimicking GamaRedon", "HawkEye Malware", "https://www.pcrisk.es/", "From Stealers to Ransomware PureCrypter Delivers It All", "LegionLoader Malware Expands Global Reach", "FERRET Malware Targets macOS in Sophisticated North Korean Attacks", "Rspack_Compromised_Packages", "Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack", "LockBit Ransomware Attack Leveraging Cobalt Strike", "MirrorFace Campain", "SteelFox Trojan", "APT36", "Bitter APT", "New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users", "Bumblebee Malware", "Microsoft Advertisers Phished via Malicious Google Ads", "NOOPDOOR Malware", "Cloud Atlas seen using a new tool in its attacks", "https://labs.inquest.net/iocdb", "romcom-exploits-firefox-and-windows", "Winos4.0 RAT", "Hundreds of fake Reddit sites push Lumma Stealer malware", "Fake Discount Sites Exploit Black Friday", "New Star Blizzard spear-phishing campaign targets WhatsApp accounts", "https://www.virustotal.com/gui/collection/0d81f8902881a4bb6de3079b86ca533808c1279205b918dda67eb8016634af1d", "Weaponized Software Targeting Chinese Organizations", "MALLOX RANSOMWARE", "U.S. Organization in China Targeted by Attackers", "REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors", "SmokeLoader", "Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer", "https://www.virustotal.com/graph/embed/g6b3b048f25284af4957e04272a2433a0f3dd247735784cec96dfdb39402fcbce?theme=light", "NEW.txt", "CrowdStrike.txt", "macOS Users Targeted by the New Variant of Banshee Infostealer", "DarkGate", "play ransomware", "Helldown Ransomware", "clickfix-tactic", "Fake game sites lead to information stealers", "The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts", "Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques", "ACR Stealer", "Sock5Systemz-PROXY-AM", "Remcos RAT", "The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads", "Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain", "NetSupport RAT and BurnsRAT", "MEKOTIO BANKING TROJAN", "The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation", "Phishing Campaigns Fuel Compiled AutoIt Malware Distribution", "Rockstar-Phishing", "Demodex rootkit", "InvisibleFerret Malware Leveraging Python for Targeted Attacks", "SecTopRAT", "The New Ransomware Menace Vgod Gains Momentum", "PUMAKIT", "Akira Ransomware", "Advanced Evasion Techniques Used by NonEuclid RAT", "Suspicious Domains Exploiting the Recent CrowdStrike Outage!", "https://www.alertasyseguridad.net/repositorio-ioc/", "Silent Skimmer Gets Loud (Again)", "SpyGlace", "AsyncRAT Reloaded", "Astral Stealer Strikes Again Stealing More Than Just Your Cookies", "https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [ "Understand info", "Mekotio banking", "Msi", "Daolpu", "Hijackloader", "Trojanspy", "Linux", "Vant", "Remcos - s0332", "Invisibleferret", "Remcos" ], "industries": [ "Crowdstrike" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 47, "pulses": [ { "id": "68cf51e3b271cc64409972bf", "name": "InQuest - 20-09-2025", "description": "", "modified": "2025-10-21T01:01:14.281000", "created": "2025-09-21T01:16:19.455000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 75, "URL": 295, "FileHash-SHA256": 283, "domain": 84, "FileHash-SHA1": 9 }, "indicator_count": 746, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "180 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68b8db1cd696dfb6955839b9", "name": "InQuest - 03-09-2025", "description": "", "modified": "2025-10-04T00:01:28.348000", "created": "2025-09-04T00:19:40.800000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 62, "URL": 356, "domain": 110, "FileHash-SHA256": 412, "FileHash-MD5": 3, "FileHash-SHA1": 7 }, "indicator_count": 950, "is_author": false, "is_subscribing": null, "subscriber_count": 1602, "modified_text": "197 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68ae4cacce1683b182c69068", "name": "InQuest - 26-08-2025", "description": "", "modified": "2025-09-26T00:01:12.214000", "created": "2025-08-27T00:09:16.382000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 28, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 40, "URL": 253, "FileHash-SHA256": 195, "domain": 98, "FileHash-SHA1": 8, "FileHash-MD5": 8 }, "indicator_count": 602, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "205 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6881bd3d2c2bfbe3a634eaaf", "name": "InQuest - 23-07-2025", "description": "", "modified": "2025-08-23T04:01:05.703000", "created": "2025-07-24T04:57:33.935000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 6, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 34, "URL": 146, "FileHash-SHA256": 169, "FileHash-SHA1": 16, "domain": 36, "FileHash-MD5": 8 }, "indicator_count": 409, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "239 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687f143a967e1e3a07d87b83", "name": "InQuest - 21-07-2025", "description": "", "modified": "2025-08-21T04:03:37.017000", "created": "2025-07-22T04:31:54.502000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 38, "URL": 253, "FileHash-SHA256": 229, "domain": 45, "FileHash-SHA1": 42, "FileHash-MD5": 2 }, "indicator_count": 609, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "241 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "687daa0247ce0612a1b17650", "name": "InQuest - 20-07-2025", "description": "", "modified": "2025-08-20T02:03:27.794000", "created": "2025-07-21T02:46:26.441000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 8, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 14, "URL": 148, "FileHash-SHA256": 169, "FileHash-MD5": 6, "domain": 52, "FileHash-SHA1": 8 }, "indicator_count": 397, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "242 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6831180b91b9acfdb05f5706", "name": "InQuest - 23-05-2025", "description": "", "modified": "2025-06-23T00:02:19.148000", "created": "2025-05-24T00:51:23.763000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 12, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 461, "hostname": 39, "URL": 238, "domain": 59, "FileHash-SHA1": 16, "FileHash-MD5": 11 }, "indicator_count": 824, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "300 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "682fb98d14460e00a2f5af28", "name": "InQuest - 22-05-2025", "description": "", "modified": "2025-06-21T23:02:56.610000", "created": "2025-05-22T23:55:57.793000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 16, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 335, "URL": 175, "domain": 45, "hostname": 33, "FileHash-SHA1": 29, "FileHash-MD5": 9 }, "indicator_count": 626, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "301 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6802e4f858f021d995613c7d", "name": "InQuest - 18-04-2025", "description": "", "modified": "2025-05-18T23:01:09.323000", "created": "2025-04-18T23:49:12.546000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 436, "FileHash-MD5": 22, "URL": 346, "FileHash-SHA1": 19, "hostname": 57, "domain": 108 }, "indicator_count": 988, "is_author": false, "is_subscribing": null, "subscriber_count": 1601, "modified_text": "335 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68018ec0d07bce6af1ad2c0d", "name": "InQuest - 17-04-2025", "description": "", "modified": "2025-05-17T23:00:53.793000", "created": "2025-04-17T23:29:04.810000", "tags": [], "references": [ "https://labs.inquest.net/iocdb" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "CyberHunterAutoFeed", "id": "182496", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_182496/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA1": 16, "domain": 109, "URL": 474, "hostname": 107, "FileHash-SHA256": 463, "FileHash-MD5": 20 }, "indicator_count": 1189, "is_author": false, "is_subscribing": null, "subscriber_count": 1600, "modified_text": "336 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "crowdstrikebluescreen.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "crowdstrikebluescreen.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1776628778.3277194 }