{
  "type": "Domain",
  "indicator": "dalet.com",
  "general": {
    "sections": [
      "general",
      "geo",
      "url_list",
      "passive_dns",
      "malware",
      "whois",
      "http_scans"
    ],
    "whois": "http://whois.domaintools.com/dalet.com",
    "alexa": "http://www.alexa.com/siteinfo/dalet.com",
    "indicator": "dalet.com",
    "type": "domain",
    "type_title": "Domain",
    "validation": [],
    "base_indicator": {
      "id": 3782397972,
      "indicator": "dalet.com",
      "type": "domain",
      "title": "",
      "description": "",
      "content": "",
      "access_type": "public",
      "access_reason": ""
    },
    "pulse_info": {
      "count": 10,
      "pulses": [
        {
          "id": "69f30ef4033560d49d39ac55",
          "name": "VirusTotal report\n                    for executable.exe",
          "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
          "modified": "2026-05-30T09:04:01.553000",
          "created": "2026-04-30T08:12:36.771000",
          "tags": [
            "wifi password",
            "joe security",
            "nextron",
            "new run",
            "key pointing",
            "run key",
            "roth",
            "markus neis",
            "sander wiebing",
            "poudel",
            "public",
            "appdata"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [
            {
              "id": "T1003",
              "name": "OS Credential Dumping",
              "display_name": "T1003 - OS Credential Dumping"
            },
            {
              "id": "T1005",
              "name": "Data from Local System",
              "display_name": "T1005 - Data from Local System"
            },
            {
              "id": "T1010",
              "name": "Application Window Discovery",
              "display_name": "T1010 - Application Window Discovery"
            },
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1056",
              "name": "Input Capture",
              "display_name": "T1056 - Input Capture"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1095",
              "name": "Non-Application Layer Protocol",
              "display_name": "T1095 - Non-Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1218",
              "name": "Signed Binary Proxy Execution",
              "display_name": "T1218 - Signed Binary Proxy Execution"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            },
            {
              "id": "T1518",
              "name": "Software Discovery",
              "display_name": "T1518 - Software Discovery"
            },
            {
              "id": "T1552",
              "name": "Unsecured Credentials",
              "display_name": "T1552 - Unsecured Credentials"
            },
            {
              "id": "T1562",
              "name": "Impair Defenses",
              "display_name": "T1562 - Impair Defenses"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 0,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "msudosos",
            "id": "381696",
            "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 1069,
            "FileHash-SHA1": 868,
            "FileHash-SHA256": 2783,
            "URL": 764,
            "hostname": 756,
            "domain": 293,
            "email": 44,
            "CVE": 44
          },
          "indicator_count": 6621,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 67,
          "modified_text": "22 hours ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "66f100d791f9f9f6ab7b4f24",
          "name": "Cerber \u00bb Charter Communications \u00bb Spectrum Denver",
          "description": "[107.14.73.70] IP address range owned by Charter Communications Inc and located in Denver, Co United States.\n\nTargets & family neighborhood ISP's attacked again.  Internet and targets devices attacked , Internet had to be reset twice by tech teams. Our team was able to track comprises directed towards target and families devices, which they are destroying. Stolen passwords, leaks, forced content, dumping. Both Spectrum &  Quantum fiber positive for malicious activity within targeted devices. Fake iOS update pushed to a device. It comes with an agreement from Apple Singapore, LTD. \n\nMalware Families ,\nBackdoor:Win32/Tofse , \nCerber Ransomware ,\nET.  \nETPRO ,\nInject3.QGY ,\nKelihos ,\nNIDS ,\nNOD32 ,\nSf:ShellCode-AU\\ [Trj] , \nTrojan:Win32/Glupteba ,\nTrojanDownloader:Win32/Cutwail ,\nVirTool:Win32/Obfuscator",
          "modified": "2024-10-23T05:03:21.045000",
          "created": "2024-09-23T05:47:03.625000",
          "tags": [
            "isp charter",
            "usage type",
            "fixed line",
            "isp hostname",
            "domain name",
            "country united",
            "america city",
            "denver",
            "colorado",
            "ip address",
            "whois",
            "check",
            "information isp",
            "inc usage",
            "type fixed",
            "line isp",
            "hostname",
            "plesk forum",
            "centos web",
            "panel forum",
            "whois lookup",
            "netrange",
            "nethandle",
            "net107",
            "net1070000",
            "cc3517",
            "inc orgid",
            "dr city",
            "stateprov",
            "postalcode",
            "status",
            "as7843 charter",
            "united",
            "name servers",
            "passive dns",
            "urls",
            "domain",
            "search",
            "emails",
            "unknown",
            "scan endpoints",
            "all scoreblue",
            "ipv4",
            "files",
            "reverse dns",
            "location united",
            "win32",
            "abuseipdb",
            "read",
            "write",
            "read c",
            "server header",
            "show",
            "suspicious",
            "kelihos",
            "trojan",
            "artemis",
            "virustotal",
            "download",
            "drweb",
            "vipre",
            "panda",
            "malware",
            "specified",
            "next",
            "et trojan",
            "et info",
            "medium",
            "http",
            "ids detections",
            "yara detections",
            "e98c1cec8156",
            "as11426 charter",
            "as20001 charter",
            "as11427 charter",
            "as11351 charter",
            "as16787 charter",
            "as33363 charter",
            "as20115 charter",
            "as10796 charter",
            "as12271 charter",
            "body",
            "servers",
            "all search",
            "entries",
            "intel",
            "ms windows",
            "windows nt",
            "destination",
            "port",
            "asnone",
            "heurunsec",
            "etpro trojan",
            "nxdomain",
            "a nxdomain",
            "aaaa",
            "asnone united",
            "aaaa nxdomain",
            "backdoor",
            "pulse submit",
            "url analysis",
            "location oxford",
            "as3456 charter",
            "moved",
            "showing",
            "body doctype",
            "html public",
            "ietfdtd html",
            "as6976 verizon",
            "as701 verizon",
            "file samples",
            "files matching",
            "date hash",
            "copyright",
            "levelblue",
            "related pulses",
            "pulse pulses",
            "kryptikpii",
            "msr apr",
            "date",
            "creation date",
            "analyzer paste",
            "iocs",
            "samples",
            "secure server",
            "cname",
            "as5742",
            "body head",
            "object moved",
            "content length",
            "content type",
            "cookie",
            "as15133 verizon",
            "lowfi",
            "gmt server",
            "ecacc",
            "record value",
            "oxford",
            "michigan",
            "ns nxdomain",
            "soa nxdomain",
            "url http",
            "mitre att",
            "evasion ta0005",
            "creates",
            "discovery t1082",
            "reads software",
            "file",
            "t1083 reads",
            "jujubox",
            "zenbox",
            "get http",
            "request",
            "host",
            "win64",
            "khtml",
            "gecko",
            "response",
            "cus cndigicert",
            "tls rsa",
            "user",
            "javascript c",
            "doscom c",
            "text c",
            "files c",
            "storage",
            "file system",
            "filesadobe c",
            "appdata",
            "appdatalocal",
            "hostnames",
            "ta0002 command",
            "t1059 very",
            "t1064",
            "javascript",
            "modules t1129",
            "ta0003 create",
            "modify system",
            "process t1543",
            "windows service",
            "cisco umbrella",
            "blacklist",
            "safe site",
            "filerepmalware",
            "microsoft",
            "phishing bank",
            "sgeneric",
            "malware site",
            "unsafe",
            "number",
            "cus cngts",
            "ogoogle trust",
            "subject",
            "algorithm",
            "cus ouserver",
            "ouserver ca",
            "record type",
            "ttl value",
            "msms86718722",
            "query",
            "open",
            "capa",
            "create process",
            "windows create",
            "delete file",
            "write file",
            "windows check",
            "os version",
            "enumerate",
            "hashes",
            "signals mutexes",
            "mutexes",
            "open threat",
            "location los",
            "emails info",
            "expiration date",
            "write c",
            "process32nextw",
            "regsetvalueexa",
            "regdword",
            "module load",
            "t1129",
            "as51167 contabo",
            "germany unknown",
            "as40021 contabo",
            "encrypt",
            "hosting",
            "netherlands asn",
            "as204601 zomro",
            "pulses",
            "tags",
            "related tags",
            "indicator facts",
            "historical otx",
            "files ip",
            "asnone germany",
            "as174 cogent",
            "czechia unknown",
            "whitelisted",
            "certificate",
            "bittorrent dht",
            "post http",
            "et p2p",
            "cryptexportkey",
            "invalid pointer",
            "delete c",
            "post utcore",
            "benchhttp",
            "mozilla",
            "maldoc",
            "service",
            "tools",
            "nids",
            "et",
            "x95xd3xa4",
            "regbinary",
            "hx88x89",
            "kx82xd3x11",
            "xb9x8b",
            "x8dxb7xb7",
            "hx88x9ax1e",
            "mx81xd1r",
            "x92xac",
            "stream",
            "persistence",
            "execution",
            "dynamicloader",
            "contacted",
            "domains",
            "yara rule",
            "high",
            "dynamic",
            "pcap",
            "pushdo",
            "msie",
            "activity beacon",
            "malware beacon",
            "default",
            "redacted for",
            "for privacy",
            "as3379 kaiser",
            "server",
            "gmt content",
            "type",
            "x frame",
            "entries http",
            "scans show",
            "domain related",
            "no data",
            "tag count",
            "fakedout threat",
            "analyzer threat",
            "url summary",
            "ip summary",
            "summary",
            "sample",
            "detection list",
            "components",
            "zune",
            "etpro",
            "nod32",
            "avast avg",
            "next http",
            "example domain",
            "title meta",
            "invalid url",
            "akamai",
            "urls http",
            "as20940",
            "as16625 akamai",
            "netherlands",
            "germany",
            "france",
            "virtool",
            "rock",
            "address",
            "apache",
            "accept",
            "as8075",
            "pulse http",
            "related nids",
            "files location",
            "moldova related",
            "pulses none",
            "as31898 oracle",
            "title",
            "kryptiklfq",
            "win32dh",
            "vitro",
            "shutdown",
            "erase",
            "find",
            "close",
            "as53418",
            "hat server",
            "as797 att",
            "script urls",
            "a domains",
            "as10753 level",
            "script script",
            "meta",
            "path",
            "null",
            "stop",
            "as54113",
            "chrome",
            "as7018 att",
            "as28521",
            "mexico unknown",
            "fastly error",
            "please",
            "sea p",
            "object",
            "set cookie",
            "pragma",
            "as19536 directv",
            "united kingdom",
            "as60664 xion",
            "trojan features",
            "moldova unknown",
            "susp",
            "breaking news",
            "business",
            "finance",
            "entertainment",
            "sports",
            "games",
            "trending videos",
            "weather",
            "home",
            "as396982 google",
            "url https",
            "type indicator",
            "role title",
            "added active",
            "cyberfolks",
            ".pl",
            "level 3"
          ],
          "references": [
            "ISP: Charter Communications Inc Usage Type\tFixed Line ISP",
            "dnvrco-pub-iedge-vip.email.rr.com \tspectrum.com Denver, Colorado USA",
            "dnscache2b.cdptpa dnvrco-oms2ims-mta-svip-01.email dnvrco-queue04-ac.email dnvrco-ring-a62.email dnvrco-smss-f01-ac.email dnvrco-west-dhcpw-02.",
            "Reverse DNS dnvrco-pub-iedge-vip.email.rr.com",
            "Crypt3.COYL FileHash - SHA256 cb536e2e5eb3b23a74702f80832ab964e7dfe07763300437b5ba581f464a108e",
            "IDS Detections: Suspicious double Server Header Possible Kelihos",
            "IDS Detections: Possible Kelihos Infection Executable Download With Malformed Header",
            "telemetry-incoming.r53-2.services.mozilla.com",
            "https://otx.alienvault.com/indicator/url/http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel",
            "http://www.door.net/ARISBE/arisbe.htm",
            "talk.plesk.com | 4evermusic.pl |  nist.gov | alaska.gov.inbound10.mxlogic.net | publicfiles.fcc.gov",
            "https://cdns.directv.com/resources/js/dtv/framework/plugins/jquery.placeholder.min.js | peri.com.pl"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [
            "United States of America",
            "Germany",
            "Hungary",
            "Ukraine",
            "Spain",
            "Brazil",
            "Russian Federation",
            "Moldova, Republic of",
            "Japan",
            "Ireland",
            "Luxembourg",
            "Canada"
          ],
          "malware_families": [
            {
              "id": "TrojanDownloader:Win32/Cutwail",
              "display_name": "TrojanDownloader:Win32/Cutwail",
              "target": "/malware/TrojanDownloader:Win32/Cutwail"
            },
            {
              "id": "Backdoor:Win32/Tofsee",
              "display_name": "Backdoor:Win32/Tofsee",
              "target": "/malware/Backdoor:Win32/Tofsee"
            },
            {
              "id": "Cerber Ransomware",
              "display_name": "Cerber Ransomware",
              "target": null
            },
            {
              "id": "NIDS",
              "display_name": "NIDS",
              "target": null
            },
            {
              "id": "ET",
              "display_name": "ET",
              "target": null
            },
            {
              "id": "Inject3.QGY",
              "display_name": "Inject3.QGY",
              "target": null
            },
            {
              "id": "Kelihos",
              "display_name": "Kelihos",
              "target": null
            },
            {
              "id": "ETPRO",
              "display_name": "ETPRO",
              "target": null
            },
            {
              "id": "NOD32",
              "display_name": "NOD32",
              "target": null
            },
            {
              "id": "VirTool:Win32/Obfuscator",
              "display_name": "VirTool:Win32/Obfuscator",
              "target": "/malware/VirTool:Win32/Obfuscator"
            },
            {
              "id": "Sf:ShellCode-AU\\ [Trj]",
              "display_name": "Sf:ShellCode-AU\\ [Trj]",
              "target": null
            },
            {
              "id": "Trojan:Win32/Glupteba",
              "display_name": "Trojan:Win32/Glupteba",
              "target": "/malware/Trojan:Win32/Glupteba"
            }
          ],
          "attack_ids": [
            {
              "id": "T1055",
              "name": "Process Injection",
              "display_name": "T1055 - Process Injection"
            },
            {
              "id": "T1060",
              "name": "Registry Run Keys / Startup Folder",
              "display_name": "T1060 - Registry Run Keys / Startup Folder"
            },
            {
              "id": "T1119",
              "name": "Automated Collection",
              "display_name": "T1119 - Automated Collection"
            },
            {
              "id": "T1036",
              "name": "Masquerading",
              "display_name": "T1036 - Masquerading"
            },
            {
              "id": "T1082",
              "name": "System Information Discovery",
              "display_name": "T1082 - System Information Discovery"
            },
            {
              "id": "T1083",
              "name": "File and Directory Discovery",
              "display_name": "T1083 - File and Directory Discovery"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1064",
              "name": "Scripting",
              "display_name": "T1064 - Scripting"
            },
            {
              "id": "T1129",
              "name": "Shared Modules",
              "display_name": "T1129 - Shared Modules"
            },
            {
              "id": "T1543",
              "name": "Create or Modify System Process",
              "display_name": "T1543 - Create or Modify System Process"
            },
            {
              "id": "T1547",
              "name": "Boot or Logon Autostart Execution",
              "display_name": "T1547 - Boot or Logon Autostart Execution"
            },
            {
              "id": "T1023",
              "name": "Shortcut Modification",
              "display_name": "T1023 - Shortcut Modification"
            },
            {
              "id": "T1040",
              "name": "Network Sniffing",
              "display_name": "T1040 - Network Sniffing"
            },
            {
              "id": "T1045",
              "name": "Software Packing",
              "display_name": "T1045 - Software Packing"
            },
            {
              "id": "T1047",
              "name": "Windows Management Instrumentation",
              "display_name": "T1047 - Windows Management Instrumentation"
            },
            {
              "id": "T1053",
              "name": "Scheduled Task/Job",
              "display_name": "T1053 - Scheduled Task/Job"
            },
            {
              "id": "T1057",
              "name": "Process Discovery",
              "display_name": "T1057 - Process Discovery"
            },
            {
              "id": "T1204",
              "name": "User Execution",
              "display_name": "T1204 - User Execution"
            },
            {
              "id": "T1106",
              "name": "Native API",
              "display_name": "T1106 - Native API"
            },
            {
              "id": "T1031",
              "name": "Modify Existing Service",
              "display_name": "T1031 - Modify Existing Service"
            },
            {
              "id": "T1089",
              "name": "Disabling Security Tools",
              "display_name": "T1089 - Disabling Security Tools"
            },
            {
              "id": "T1096",
              "name": "NTFS File Attributes",
              "display_name": "T1096 - NTFS File Attributes"
            },
            {
              "id": "T1112",
              "name": "Modify Registry",
              "display_name": "T1112 - Modify Registry"
            },
            {
              "id": "T1566",
              "name": "Phishing",
              "display_name": "T1566 - Phishing"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 37,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 2060,
            "hostname": 3067,
            "CIDR": 4,
            "URL": 1300,
            "email": 29,
            "FileHash-MD5": 3181,
            "FileHash-SHA1": 1994,
            "FileHash-SHA256": 3228,
            "CVE": 2,
            "SSLCertFingerprint": 1
          },
          "indicator_count": 14866,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 233,
          "modified_text": "585 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6553b88c316cfb531b9c4c10",
          "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go.com",
          "description": "spyware, 114.114.114.114, Tulach, C2, apple iOS, passwords, crack, unlock , click, att, hughesnet",
          "modified": "2023-12-14T15:03:30.417000",
          "created": "2023-11-14T18:12:28.459000",
          "tags": [
            "united",
            "blacklist",
            "malicious site",
            "mail spammer",
            "detection list",
            "cisco umbrella",
            "site",
            "safe site",
            "malware",
            "phishing site",
            "heur",
            "malware site",
            "alexa top",
            "million",
            "unsafe",
            "artemis",
            "riskware",
            "conduit",
            "agent",
            "opencandy",
            "xtrat",
            "iframe",
            "cleaner",
            "team",
            "installpack",
            "xrat",
            "tiggre",
            "presenoker",
            "fusioncore",
            "wacatac",
            "azorult",
            "phishing",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "crack",
            "softcnapp",
            "trojanspy",
            "maltiverse",
            "falcon sandbox",
            "pattern match",
            "root ca",
            "authority",
            "class",
            "script",
            "ascii text",
            "mitre att",
            "localappdata",
            "temp",
            "ck id",
            "date",
            "unknown",
            "generator",
            "critical",
            "error",
            "meta",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "expiressun",
            "http response",
            "final url",
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "pt3uc1",
            "path",
            "movies",
            "watch",
            "html info",
            "meta tags",
            "suddenlink tv",
            "trackers amazon",
            "pt3rc1",
            "whois record",
            "whois whois",
            "ssl certificate",
            "historical",
            "historical ssl",
            "referrer",
            "communicating",
            "dropped",
            "contacted",
            "apple ios",
            "hacktool",
            "metro",
            "malicious",
            "crypto",
            "installer",
            "attack",
            "awful",
            "brian sabey",
            "aig",
            "civicaIg",
            "tracking",
            "password crack",
            "tulach",
            "target tsara brashears",
            "tylerknott",
            "att",
            "monitoring",
            "spyware",
            "spying",
            "cybercrime",
            "tulach",
            "hughesnet",
            "ios",
            "toshiba",
            "attack",
            "malvertizing",
            "cyber stalking",
            "porn",
            "pornhub"
          ],
          "references": [
            "http://mobile.suddenlink2go.com/",
            "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
            "https://applemusic-spotlight.myunidays.com/US/en-US?",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "myhughesnet.com",
            "dishmail.net",
            "home.toshiba.com",
            "ytq2rs56.haogfw.com",
            "pornhub.com",
            "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
            "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
            "monitor.cablelan.net",
            "https://monitor.rodgersmith.com",
            "https://www.everycloudtech.com/free-mail-flow-monitor"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1100",
              "name": "Web Shell",
              "display_name": "T1100 - Web Shell"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": null,
          "export_count": 28,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 144,
            "FileHash-SHA1": 179,
            "FileHash-SHA256": 4528,
            "CVE": 7,
            "domain": 2024,
            "hostname": 3556,
            "URL": 10455
          },
          "indicator_count": 20893,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 222,
          "modified_text": "898 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568ab12429c394dc4b91ea",
          "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go",
          "description": "",
          "modified": "2023-12-14T15:03:30.417000",
          "created": "2023-11-16T21:33:37.838000",
          "tags": [
            "united",
            "blacklist",
            "malicious site",
            "mail spammer",
            "detection list",
            "cisco umbrella",
            "site",
            "safe site",
            "malware",
            "phishing site",
            "heur",
            "malware site",
            "alexa top",
            "million",
            "unsafe",
            "artemis",
            "riskware",
            "conduit",
            "agent",
            "opencandy",
            "xtrat",
            "iframe",
            "cleaner",
            "team",
            "installpack",
            "xrat",
            "tiggre",
            "presenoker",
            "fusioncore",
            "wacatac",
            "azorult",
            "phishing",
            "service",
            "runescape",
            "facebook",
            "bank",
            "download",
            "crack",
            "softcnapp",
            "trojanspy",
            "maltiverse",
            "falcon sandbox",
            "pattern match",
            "root ca",
            "authority",
            "class",
            "script",
            "ascii text",
            "mitre att",
            "localappdata",
            "temp",
            "ck id",
            "date",
            "unknown",
            "generator",
            "critical",
            "error",
            "meta",
            "hybrid",
            "general",
            "local",
            "click",
            "strings",
            "expiressun",
            "http response",
            "final url",
            "ip address",
            "status code",
            "body length",
            "kb body",
            "sha256",
            "headers",
            "pt3uc1",
            "path",
            "movies",
            "watch",
            "html info",
            "meta tags",
            "suddenlink tv",
            "trackers amazon",
            "pt3rc1",
            "whois record",
            "whois whois",
            "ssl certificate",
            "historical",
            "historical ssl",
            "referrer",
            "communicating",
            "dropped",
            "contacted",
            "apple ios",
            "hacktool",
            "metro",
            "malicious",
            "crypto",
            "installer",
            "attack",
            "awful",
            "brian sabey",
            "aig",
            "civicaIg",
            "tracking",
            "password crack",
            "tulach",
            "target tsara brashears",
            "tylerknott",
            "att",
            "monitoring",
            "spyware",
            "spying",
            "cybercrime",
            "tulach",
            "hughesnet",
            "ios",
            "toshiba",
            "attack",
            "malvertizing",
            "cyber stalking",
            "porn",
            "pornhub"
          ],
          "references": [
            "http://mobile.suddenlink2go.com/",
            "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
            "https://applemusic-spotlight.myunidays.com/US/en-US?",
            "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
            "myhughesnet.com",
            "dishmail.net",
            "home.toshiba.com",
            "ytq2rs56.haogfw.com",
            "pornhub.com",
            "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
            "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
            "monitor.cablelan.net",
            "https://monitor.rodgersmith.com",
            "https://www.everycloudtech.com/free-mail-flow-monitor"
          ],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "TrojanSpy",
              "display_name": "TrojanSpy",
              "target": null
            },
            {
              "id": "Maltiverse",
              "display_name": "Maltiverse",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1027",
              "name": "Obfuscated Files or Information",
              "display_name": "T1027 - Obfuscated Files or Information"
            },
            {
              "id": "T1071.004",
              "name": "DNS",
              "display_name": "T1071.004 - DNS"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1059.007",
              "name": "JavaScript",
              "display_name": "T1059.007 - JavaScript"
            },
            {
              "id": "T1071.001",
              "name": "Web Protocols",
              "display_name": "T1071.001 - Web Protocols"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1560",
              "name": "Archive Collected Data",
              "display_name": "T1560 - Archive Collected Data"
            },
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1100",
              "name": "Web Shell",
              "display_name": "T1100 - Web Shell"
            },
            {
              "id": "T1140",
              "name": "Deobfuscate/Decode Files or Information",
              "display_name": "T1140 - Deobfuscate/Decode Files or Information"
            }
          ],
          "industries": [],
          "TLP": "white",
          "cloned_from": "6553b88c316cfb531b9c4c10",
          "export_count": 22,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "FileHash-MD5": 144,
            "FileHash-SHA1": 179,
            "FileHash-SHA256": 4528,
            "CVE": 7,
            "domain": 2024,
            "hostname": 3556,
            "URL": 10455
          },
          "indicator_count": 20893,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 228,
          "modified_text": "898 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65536bc6301b7cdf7d04e095",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-14T12:44:54.422000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "898 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65536bdc3676a40633a619be",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-14T12:45:16.667000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 35,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 224,
          "modified_text": "898 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568d67bd96e06ab44b9b95",
          "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
          "description": "",
          "modified": "2023-12-14T12:03:15.957000",
          "created": "2023-11-16T21:45:11.721000",
          "tags": [
            "passive dns",
            "urls",
            "t1604023287",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "url http",
            "pulse pulses",
            "http",
            "ip address",
            "ssl certificate",
            "whois record",
            "resolutions",
            "referrer",
            "historical ssl",
            "communicating",
            "threat roundup",
            "whois whois",
            "apple",
            "stopransomware",
            "core",
            "discord",
            "metro",
            "blister",
            "cobalt strike",
            "hacktool",
            "june",
            "name verdict",
            "pattern match",
            "et tor",
            "known tor",
            "misc attack",
            "link",
            "woff2",
            "relayrouter",
            "exit",
            "node traffic",
            "ascii text",
            "date",
            "click",
            "unknown",
            "meta",
            "hybrid",
            "general",
            "local",
            "strings",
            "class",
            "generator",
            "critical",
            "error",
            "execution",
            "malware",
            "network",
            "roblox",
            "united",
            "as13335",
            "a domains",
            "status",
            "aaaa",
            "search",
            "script urls",
            "creation date",
            "showing",
            "pixel",
            "win32",
            "download",
            "t1507537243"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [
            {
              "id": "Roblox",
              "display_name": "Roblox",
              "target": null
            }
          ],
          "attack_ids": [
            {
              "id": "T1059",
              "name": "Command and Scripting Interpreter",
              "display_name": "T1059 - Command and Scripting Interpreter"
            },
            {
              "id": "T1071",
              "name": "Application Layer Protocol",
              "display_name": "T1071 - Application Layer Protocol"
            },
            {
              "id": "T1105",
              "name": "Ingress Tool Transfer",
              "display_name": "T1105 - Ingress Tool Transfer"
            },
            {
              "id": "T1497",
              "name": "Virtualization/Sandbox Evasion",
              "display_name": "T1497 - Virtualization/Sandbox Evasion"
            }
          ],
          "industries": [],
          "TLP": "green",
          "cloned_from": "65536bdc3676a40633a619be",
          "export_count": 25,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "URL": 11333,
            "FileHash-MD5": 81,
            "FileHash-SHA1": 74,
            "FileHash-SHA256": 3269,
            "domain": 2748,
            "hostname": 3475,
            "email": 2,
            "CVE": 2
          },
          "indicator_count": 20984,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 228,
          "modified_text": "898 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6552d60aae6e1b3c22455088",
          "name": "Hive 0065",
          "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
          "modified": "2023-12-13T16:00:45.799000",
          "created": "2023-11-14T02:06:02.329000",
          "tags": [
            "united",
            "as8075",
            "creation date",
            "unknown",
            "search",
            "entries",
            "asnone country",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "related domains",
            "show",
            "domain related",
            "xbox",
            "whois record",
            "contacted",
            "whois whois",
            "ssl certificate",
            "communicating",
            "referrer",
            "execution",
            "historical ssl",
            "bundled",
            "family",
            "lolkek",
            "formbook",
            "skynet",
            "lockbit",
            "ursnif",
            "attack",
            "core"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 4276,
            "email": 3,
            "hostname": 2288,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 49,
            "FileHash-SHA256": 2756,
            "URL": 8696,
            "CVE": 1
          },
          "indicator_count": 18120,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 226,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "6552d6f5f56d2e9cd9e18a30",
          "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
          "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
          "modified": "2023-12-13T16:00:45.799000",
          "created": "2023-11-14T02:09:57.370000",
          "tags": [
            "united",
            "as8075",
            "creation date",
            "unknown",
            "search",
            "entries",
            "asnone country",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "related domains",
            "show",
            "domain related",
            "xbox",
            "whois record",
            "contacted",
            "whois whois",
            "ssl certificate",
            "communicating",
            "referrer",
            "execution",
            "historical ssl",
            "bundled",
            "family",
            "lolkek",
            "formbook",
            "skynet",
            "lockbit",
            "ursnif",
            "attack",
            "core"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": null,
          "export_count": 29,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "OctoSeek",
            "id": "243548",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 4276,
            "email": 3,
            "hostname": 2288,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 49,
            "FileHash-SHA256": 2756,
            "URL": 8696,
            "CVE": 1
          },
          "indicator_count": 18120,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 225,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        },
        {
          "id": "65568b00198f82af2e88d463",
          "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
          "description": "",
          "modified": "2023-12-13T16:00:45.799000",
          "created": "2023-11-16T21:34:56.016000",
          "tags": [
            "united",
            "as8075",
            "creation date",
            "unknown",
            "search",
            "entries",
            "asnone country",
            "scan endpoints",
            "all search",
            "otx octoseek",
            "related domains",
            "show",
            "domain related",
            "xbox",
            "whois record",
            "contacted",
            "whois whois",
            "ssl certificate",
            "communicating",
            "referrer",
            "execution",
            "historical ssl",
            "bundled",
            "family",
            "lolkek",
            "formbook",
            "skynet",
            "lockbit",
            "ursnif",
            "attack",
            "core"
          ],
          "references": [],
          "public": 1,
          "adversary": "",
          "targeted_countries": [],
          "malware_families": [],
          "attack_ids": [],
          "industries": [],
          "TLP": "green",
          "cloned_from": "6552d6f5f56d2e9cd9e18a30",
          "export_count": 21,
          "upvotes_count": 0,
          "downvotes_count": 0,
          "votes_count": 0,
          "locked": false,
          "pulse_source": "web",
          "validator_count": 0,
          "comment_count": 0,
          "follower_count": 0,
          "vote": 0,
          "author": {
            "username": "scoreblue",
            "id": "254100",
            "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
            "is_subscribed": false,
            "is_following": false
          },
          "indicator_type_counts": {
            "domain": 4276,
            "email": 3,
            "hostname": 2288,
            "FileHash-MD5": 51,
            "FileHash-SHA1": 49,
            "FileHash-SHA256": 2756,
            "URL": 8696,
            "CVE": 1
          },
          "indicator_count": 18120,
          "is_author": false,
          "is_subscribing": null,
          "subscriber_count": 231,
          "modified_text": "899 days ago ",
          "is_modified": true,
          "groups": [],
          "in_group": false,
          "threat_hunter_scannable": true,
          "threat_hunter_has_agents": 1,
          "related_indicator_type": "domain",
          "related_indicator_is_active": 1
        }
      ],
      "references": [
        "Crypt3.COYL FileHash - SHA256 cb536e2e5eb3b23a74702f80832ab964e7dfe07763300437b5ba581f464a108e",
        "IDS Detections: Suspicious double Server Header Possible Kelihos",
        "https://www.everycloudtech.com/free-mail-flow-monitor",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "http://www.door.net/ARISBE/arisbe.htm",
        "pornhub.com",
        "dishmail.net",
        "IDS Detections: Possible Kelihos Infection Executable Download With Malformed Header",
        "myhughesnet.com",
        "http://mobile.suddenlink2go.com/",
        "monitor.cablelan.net",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "ISP: Charter Communications Inc Usage Type\tFixed Line ISP",
        "telemetry-incoming.r53-2.services.mozilla.com",
        "dnvrco-pub-iedge-vip.email.rr.com \tspectrum.com Denver, Colorado USA",
        "https://cdns.directv.com/resources/js/dtv/framework/plugins/jquery.placeholder.min.js | peri.com.pl",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://monitor.rodgersmith.com",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "https://otx.alienvault.com/indicator/url/http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel",
        "talk.plesk.com | 4evermusic.pl |  nist.gov | alaska.gov.inbound10.mxlogic.net | publicfiles.fcc.gov",
        "Reverse DNS dnvrco-pub-iedge-vip.email.rr.com",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "ytq2rs56.haogfw.com",
        "dnscache2b.cdptpa dnvrco-oms2ims-mta-svip-01.email dnvrco-queue04-ac.email dnvrco-ring-a62.email dnvrco-smss-f01-ac.email dnvrco-west-dhcpw-02.",
        "home.toshiba.com"
      ],
      "related": {
        "alienvault": {
          "adversary": [],
          "malware_families": [],
          "industries": []
        },
        "other": {
          "adversary": [],
          "malware_families": [
            "Virtool:win32/obfuscator",
            "Nids",
            "Et",
            "Nod32",
            "Roblox",
            "Trojan:win32/glupteba",
            "Cerber ransomware",
            "Etpro",
            "Backdoor:win32/tofsee",
            "Inject3.qgy",
            "Sf:shellcode-au\\ [trj]",
            "Trojanspy",
            "Maltiverse",
            "Trojandownloader:win32/cutwail",
            "Kelihos"
          ],
          "industries": []
        }
      }
    },
    "false_positive": []
  },
  "geo": {},
  "geo_ipapicom": {},
  "pulse_count": 10,
  "pulses": [
    {
      "id": "69f30ef4033560d49d39ac55",
      "name": "VirusTotal report\n                    for executable.exe",
      "description": "[security firm has developed a tool that can automatically identify a Wi-Fi password and make it easy to access it via the net. and use it to create a secure log-in system.] <remote, .net, failed cryptographic validation chains cause this.",
      "modified": "2026-05-30T09:04:01.553000",
      "created": "2026-04-30T08:12:36.771000",
      "tags": [
        "wifi password",
        "joe security",
        "nextron",
        "new run",
        "key pointing",
        "run key",
        "roth",
        "markus neis",
        "sander wiebing",
        "poudel",
        "public",
        "appdata"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [
        {
          "id": "T1003",
          "name": "OS Credential Dumping",
          "display_name": "T1003 - OS Credential Dumping"
        },
        {
          "id": "T1005",
          "name": "Data from Local System",
          "display_name": "T1005 - Data from Local System"
        },
        {
          "id": "T1010",
          "name": "Application Window Discovery",
          "display_name": "T1010 - Application Window Discovery"
        },
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1056",
          "name": "Input Capture",
          "display_name": "T1056 - Input Capture"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1095",
          "name": "Non-Application Layer Protocol",
          "display_name": "T1095 - Non-Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1218",
          "name": "Signed Binary Proxy Execution",
          "display_name": "T1218 - Signed Binary Proxy Execution"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        },
        {
          "id": "T1518",
          "name": "Software Discovery",
          "display_name": "T1518 - Software Discovery"
        },
        {
          "id": "T1552",
          "name": "Unsecured Credentials",
          "display_name": "T1552 - Unsecured Credentials"
        },
        {
          "id": "T1562",
          "name": "Impair Defenses",
          "display_name": "T1562 - Impair Defenses"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 0,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "msudosos",
        "id": "381696",
        "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 1069,
        "FileHash-SHA1": 868,
        "FileHash-SHA256": 2783,
        "URL": 764,
        "hostname": 756,
        "domain": 293,
        "email": 44,
        "CVE": 44
      },
      "indicator_count": 6621,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 67,
      "modified_text": "22 hours ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "66f100d791f9f9f6ab7b4f24",
      "name": "Cerber \u00bb Charter Communications \u00bb Spectrum Denver",
      "description": "[107.14.73.70] IP address range owned by Charter Communications Inc and located in Denver, Co United States.\n\nTargets & family neighborhood ISP's attacked again.  Internet and targets devices attacked , Internet had to be reset twice by tech teams. Our team was able to track comprises directed towards target and families devices, which they are destroying. Stolen passwords, leaks, forced content, dumping. Both Spectrum &  Quantum fiber positive for malicious activity within targeted devices. Fake iOS update pushed to a device. It comes with an agreement from Apple Singapore, LTD. \n\nMalware Families ,\nBackdoor:Win32/Tofse , \nCerber Ransomware ,\nET.  \nETPRO ,\nInject3.QGY ,\nKelihos ,\nNIDS ,\nNOD32 ,\nSf:ShellCode-AU\\ [Trj] , \nTrojan:Win32/Glupteba ,\nTrojanDownloader:Win32/Cutwail ,\nVirTool:Win32/Obfuscator",
      "modified": "2024-10-23T05:03:21.045000",
      "created": "2024-09-23T05:47:03.625000",
      "tags": [
        "isp charter",
        "usage type",
        "fixed line",
        "isp hostname",
        "domain name",
        "country united",
        "america city",
        "denver",
        "colorado",
        "ip address",
        "whois",
        "check",
        "information isp",
        "inc usage",
        "type fixed",
        "line isp",
        "hostname",
        "plesk forum",
        "centos web",
        "panel forum",
        "whois lookup",
        "netrange",
        "nethandle",
        "net107",
        "net1070000",
        "cc3517",
        "inc orgid",
        "dr city",
        "stateprov",
        "postalcode",
        "status",
        "as7843 charter",
        "united",
        "name servers",
        "passive dns",
        "urls",
        "domain",
        "search",
        "emails",
        "unknown",
        "scan endpoints",
        "all scoreblue",
        "ipv4",
        "files",
        "reverse dns",
        "location united",
        "win32",
        "abuseipdb",
        "read",
        "write",
        "read c",
        "server header",
        "show",
        "suspicious",
        "kelihos",
        "trojan",
        "artemis",
        "virustotal",
        "download",
        "drweb",
        "vipre",
        "panda",
        "malware",
        "specified",
        "next",
        "et trojan",
        "et info",
        "medium",
        "http",
        "ids detections",
        "yara detections",
        "e98c1cec8156",
        "as11426 charter",
        "as20001 charter",
        "as11427 charter",
        "as11351 charter",
        "as16787 charter",
        "as33363 charter",
        "as20115 charter",
        "as10796 charter",
        "as12271 charter",
        "body",
        "servers",
        "all search",
        "entries",
        "intel",
        "ms windows",
        "windows nt",
        "destination",
        "port",
        "asnone",
        "heurunsec",
        "etpro trojan",
        "nxdomain",
        "a nxdomain",
        "aaaa",
        "asnone united",
        "aaaa nxdomain",
        "backdoor",
        "pulse submit",
        "url analysis",
        "location oxford",
        "as3456 charter",
        "moved",
        "showing",
        "body doctype",
        "html public",
        "ietfdtd html",
        "as6976 verizon",
        "as701 verizon",
        "file samples",
        "files matching",
        "date hash",
        "copyright",
        "levelblue",
        "related pulses",
        "pulse pulses",
        "kryptikpii",
        "msr apr",
        "date",
        "creation date",
        "analyzer paste",
        "iocs",
        "samples",
        "secure server",
        "cname",
        "as5742",
        "body head",
        "object moved",
        "content length",
        "content type",
        "cookie",
        "as15133 verizon",
        "lowfi",
        "gmt server",
        "ecacc",
        "record value",
        "oxford",
        "michigan",
        "ns nxdomain",
        "soa nxdomain",
        "url http",
        "mitre att",
        "evasion ta0005",
        "creates",
        "discovery t1082",
        "reads software",
        "file",
        "t1083 reads",
        "jujubox",
        "zenbox",
        "get http",
        "request",
        "host",
        "win64",
        "khtml",
        "gecko",
        "response",
        "cus cndigicert",
        "tls rsa",
        "user",
        "javascript c",
        "doscom c",
        "text c",
        "files c",
        "storage",
        "file system",
        "filesadobe c",
        "appdata",
        "appdatalocal",
        "hostnames",
        "ta0002 command",
        "t1059 very",
        "t1064",
        "javascript",
        "modules t1129",
        "ta0003 create",
        "modify system",
        "process t1543",
        "windows service",
        "cisco umbrella",
        "blacklist",
        "safe site",
        "filerepmalware",
        "microsoft",
        "phishing bank",
        "sgeneric",
        "malware site",
        "unsafe",
        "number",
        "cus cngts",
        "ogoogle trust",
        "subject",
        "algorithm",
        "cus ouserver",
        "ouserver ca",
        "record type",
        "ttl value",
        "msms86718722",
        "query",
        "open",
        "capa",
        "create process",
        "windows create",
        "delete file",
        "write file",
        "windows check",
        "os version",
        "enumerate",
        "hashes",
        "signals mutexes",
        "mutexes",
        "open threat",
        "location los",
        "emails info",
        "expiration date",
        "write c",
        "process32nextw",
        "regsetvalueexa",
        "regdword",
        "module load",
        "t1129",
        "as51167 contabo",
        "germany unknown",
        "as40021 contabo",
        "encrypt",
        "hosting",
        "netherlands asn",
        "as204601 zomro",
        "pulses",
        "tags",
        "related tags",
        "indicator facts",
        "historical otx",
        "files ip",
        "asnone germany",
        "as174 cogent",
        "czechia unknown",
        "whitelisted",
        "certificate",
        "bittorrent dht",
        "post http",
        "et p2p",
        "cryptexportkey",
        "invalid pointer",
        "delete c",
        "post utcore",
        "benchhttp",
        "mozilla",
        "maldoc",
        "service",
        "tools",
        "nids",
        "et",
        "x95xd3xa4",
        "regbinary",
        "hx88x89",
        "kx82xd3x11",
        "xb9x8b",
        "x8dxb7xb7",
        "hx88x9ax1e",
        "mx81xd1r",
        "x92xac",
        "stream",
        "persistence",
        "execution",
        "dynamicloader",
        "contacted",
        "domains",
        "yara rule",
        "high",
        "dynamic",
        "pcap",
        "pushdo",
        "msie",
        "activity beacon",
        "malware beacon",
        "default",
        "redacted for",
        "for privacy",
        "as3379 kaiser",
        "server",
        "gmt content",
        "type",
        "x frame",
        "entries http",
        "scans show",
        "domain related",
        "no data",
        "tag count",
        "fakedout threat",
        "analyzer threat",
        "url summary",
        "ip summary",
        "summary",
        "sample",
        "detection list",
        "components",
        "zune",
        "etpro",
        "nod32",
        "avast avg",
        "next http",
        "example domain",
        "title meta",
        "invalid url",
        "akamai",
        "urls http",
        "as20940",
        "as16625 akamai",
        "netherlands",
        "germany",
        "france",
        "virtool",
        "rock",
        "address",
        "apache",
        "accept",
        "as8075",
        "pulse http",
        "related nids",
        "files location",
        "moldova related",
        "pulses none",
        "as31898 oracle",
        "title",
        "kryptiklfq",
        "win32dh",
        "vitro",
        "shutdown",
        "erase",
        "find",
        "close",
        "as53418",
        "hat server",
        "as797 att",
        "script urls",
        "a domains",
        "as10753 level",
        "script script",
        "meta",
        "path",
        "null",
        "stop",
        "as54113",
        "chrome",
        "as7018 att",
        "as28521",
        "mexico unknown",
        "fastly error",
        "please",
        "sea p",
        "object",
        "set cookie",
        "pragma",
        "as19536 directv",
        "united kingdom",
        "as60664 xion",
        "trojan features",
        "moldova unknown",
        "susp",
        "breaking news",
        "business",
        "finance",
        "entertainment",
        "sports",
        "games",
        "trending videos",
        "weather",
        "home",
        "as396982 google",
        "url https",
        "type indicator",
        "role title",
        "added active",
        "cyberfolks",
        ".pl",
        "level 3"
      ],
      "references": [
        "ISP: Charter Communications Inc Usage Type\tFixed Line ISP",
        "dnvrco-pub-iedge-vip.email.rr.com \tspectrum.com Denver, Colorado USA",
        "dnscache2b.cdptpa dnvrco-oms2ims-mta-svip-01.email dnvrco-queue04-ac.email dnvrco-ring-a62.email dnvrco-smss-f01-ac.email dnvrco-west-dhcpw-02.",
        "Reverse DNS dnvrco-pub-iedge-vip.email.rr.com",
        "Crypt3.COYL FileHash - SHA256 cb536e2e5eb3b23a74702f80832ab964e7dfe07763300437b5ba581f464a108e",
        "IDS Detections: Suspicious double Server Header Possible Kelihos",
        "IDS Detections: Possible Kelihos Infection Executable Download With Malformed Header",
        "telemetry-incoming.r53-2.services.mozilla.com",
        "https://otx.alienvault.com/indicator/url/http://103.246.145.111/gateonl.php?hwid=WALKER-PC-WALKER&cpuname=Intel",
        "http://www.door.net/ARISBE/arisbe.htm",
        "talk.plesk.com | 4evermusic.pl |  nist.gov | alaska.gov.inbound10.mxlogic.net | publicfiles.fcc.gov",
        "https://cdns.directv.com/resources/js/dtv/framework/plugins/jquery.placeholder.min.js | peri.com.pl"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [
        "United States of America",
        "Germany",
        "Hungary",
        "Ukraine",
        "Spain",
        "Brazil",
        "Russian Federation",
        "Moldova, Republic of",
        "Japan",
        "Ireland",
        "Luxembourg",
        "Canada"
      ],
      "malware_families": [
        {
          "id": "TrojanDownloader:Win32/Cutwail",
          "display_name": "TrojanDownloader:Win32/Cutwail",
          "target": "/malware/TrojanDownloader:Win32/Cutwail"
        },
        {
          "id": "Backdoor:Win32/Tofsee",
          "display_name": "Backdoor:Win32/Tofsee",
          "target": "/malware/Backdoor:Win32/Tofsee"
        },
        {
          "id": "Cerber Ransomware",
          "display_name": "Cerber Ransomware",
          "target": null
        },
        {
          "id": "NIDS",
          "display_name": "NIDS",
          "target": null
        },
        {
          "id": "ET",
          "display_name": "ET",
          "target": null
        },
        {
          "id": "Inject3.QGY",
          "display_name": "Inject3.QGY",
          "target": null
        },
        {
          "id": "Kelihos",
          "display_name": "Kelihos",
          "target": null
        },
        {
          "id": "ETPRO",
          "display_name": "ETPRO",
          "target": null
        },
        {
          "id": "NOD32",
          "display_name": "NOD32",
          "target": null
        },
        {
          "id": "VirTool:Win32/Obfuscator",
          "display_name": "VirTool:Win32/Obfuscator",
          "target": "/malware/VirTool:Win32/Obfuscator"
        },
        {
          "id": "Sf:ShellCode-AU\\ [Trj]",
          "display_name": "Sf:ShellCode-AU\\ [Trj]",
          "target": null
        },
        {
          "id": "Trojan:Win32/Glupteba",
          "display_name": "Trojan:Win32/Glupteba",
          "target": "/malware/Trojan:Win32/Glupteba"
        }
      ],
      "attack_ids": [
        {
          "id": "T1055",
          "name": "Process Injection",
          "display_name": "T1055 - Process Injection"
        },
        {
          "id": "T1060",
          "name": "Registry Run Keys / Startup Folder",
          "display_name": "T1060 - Registry Run Keys / Startup Folder"
        },
        {
          "id": "T1119",
          "name": "Automated Collection",
          "display_name": "T1119 - Automated Collection"
        },
        {
          "id": "T1036",
          "name": "Masquerading",
          "display_name": "T1036 - Masquerading"
        },
        {
          "id": "T1082",
          "name": "System Information Discovery",
          "display_name": "T1082 - System Information Discovery"
        },
        {
          "id": "T1083",
          "name": "File and Directory Discovery",
          "display_name": "T1083 - File and Directory Discovery"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1064",
          "name": "Scripting",
          "display_name": "T1064 - Scripting"
        },
        {
          "id": "T1129",
          "name": "Shared Modules",
          "display_name": "T1129 - Shared Modules"
        },
        {
          "id": "T1543",
          "name": "Create or Modify System Process",
          "display_name": "T1543 - Create or Modify System Process"
        },
        {
          "id": "T1547",
          "name": "Boot or Logon Autostart Execution",
          "display_name": "T1547 - Boot or Logon Autostart Execution"
        },
        {
          "id": "T1023",
          "name": "Shortcut Modification",
          "display_name": "T1023 - Shortcut Modification"
        },
        {
          "id": "T1040",
          "name": "Network Sniffing",
          "display_name": "T1040 - Network Sniffing"
        },
        {
          "id": "T1045",
          "name": "Software Packing",
          "display_name": "T1045 - Software Packing"
        },
        {
          "id": "T1047",
          "name": "Windows Management Instrumentation",
          "display_name": "T1047 - Windows Management Instrumentation"
        },
        {
          "id": "T1053",
          "name": "Scheduled Task/Job",
          "display_name": "T1053 - Scheduled Task/Job"
        },
        {
          "id": "T1057",
          "name": "Process Discovery",
          "display_name": "T1057 - Process Discovery"
        },
        {
          "id": "T1204",
          "name": "User Execution",
          "display_name": "T1204 - User Execution"
        },
        {
          "id": "T1106",
          "name": "Native API",
          "display_name": "T1106 - Native API"
        },
        {
          "id": "T1031",
          "name": "Modify Existing Service",
          "display_name": "T1031 - Modify Existing Service"
        },
        {
          "id": "T1089",
          "name": "Disabling Security Tools",
          "display_name": "T1089 - Disabling Security Tools"
        },
        {
          "id": "T1096",
          "name": "NTFS File Attributes",
          "display_name": "T1096 - NTFS File Attributes"
        },
        {
          "id": "T1112",
          "name": "Modify Registry",
          "display_name": "T1112 - Modify Registry"
        },
        {
          "id": "T1566",
          "name": "Phishing",
          "display_name": "T1566 - Phishing"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 37,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 2060,
        "hostname": 3067,
        "CIDR": 4,
        "URL": 1300,
        "email": 29,
        "FileHash-MD5": 3181,
        "FileHash-SHA1": 1994,
        "FileHash-SHA256": 3228,
        "CVE": 2,
        "SSLCertFingerprint": 1
      },
      "indicator_count": 14866,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 233,
      "modified_text": "585 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6553b88c316cfb531b9c4c10",
      "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go.com",
      "description": "spyware, 114.114.114.114, Tulach, C2, apple iOS, passwords, crack, unlock , click, att, hughesnet",
      "modified": "2023-12-14T15:03:30.417000",
      "created": "2023-11-14T18:12:28.459000",
      "tags": [
        "united",
        "blacklist",
        "malicious site",
        "mail spammer",
        "detection list",
        "cisco umbrella",
        "site",
        "safe site",
        "malware",
        "phishing site",
        "heur",
        "malware site",
        "alexa top",
        "million",
        "unsafe",
        "artemis",
        "riskware",
        "conduit",
        "agent",
        "opencandy",
        "xtrat",
        "iframe",
        "cleaner",
        "team",
        "installpack",
        "xrat",
        "tiggre",
        "presenoker",
        "fusioncore",
        "wacatac",
        "azorult",
        "phishing",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "crack",
        "softcnapp",
        "trojanspy",
        "maltiverse",
        "falcon sandbox",
        "pattern match",
        "root ca",
        "authority",
        "class",
        "script",
        "ascii text",
        "mitre att",
        "localappdata",
        "temp",
        "ck id",
        "date",
        "unknown",
        "generator",
        "critical",
        "error",
        "meta",
        "hybrid",
        "general",
        "local",
        "click",
        "strings",
        "expiressun",
        "http response",
        "final url",
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "pt3uc1",
        "path",
        "movies",
        "watch",
        "html info",
        "meta tags",
        "suddenlink tv",
        "trackers amazon",
        "pt3rc1",
        "whois record",
        "whois whois",
        "ssl certificate",
        "historical",
        "historical ssl",
        "referrer",
        "communicating",
        "dropped",
        "contacted",
        "apple ios",
        "hacktool",
        "metro",
        "malicious",
        "crypto",
        "installer",
        "attack",
        "awful",
        "brian sabey",
        "aig",
        "civicaIg",
        "tracking",
        "password crack",
        "tulach",
        "target tsara brashears",
        "tylerknott",
        "att",
        "monitoring",
        "spyware",
        "spying",
        "cybercrime",
        "tulach",
        "hughesnet",
        "ios",
        "toshiba",
        "attack",
        "malvertizing",
        "cyber stalking",
        "porn",
        "pornhub"
      ],
      "references": [
        "http://mobile.suddenlink2go.com/",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "myhughesnet.com",
        "dishmail.net",
        "home.toshiba.com",
        "ytq2rs56.haogfw.com",
        "pornhub.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "monitor.cablelan.net",
        "https://monitor.rodgersmith.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1100",
          "name": "Web Shell",
          "display_name": "T1100 - Web Shell"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": null,
      "export_count": 28,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 144,
        "FileHash-SHA1": 179,
        "FileHash-SHA256": 4528,
        "CVE": 7,
        "domain": 2024,
        "hostname": 3556,
        "URL": 10455
      },
      "indicator_count": 20893,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 222,
      "modified_text": "898 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568ab12429c394dc4b91ea",
      "name": "iOS Unlocker| Apple | ATT | Monitoring| http://mobile.suddenlink2go",
      "description": "",
      "modified": "2023-12-14T15:03:30.417000",
      "created": "2023-11-16T21:33:37.838000",
      "tags": [
        "united",
        "blacklist",
        "malicious site",
        "mail spammer",
        "detection list",
        "cisco umbrella",
        "site",
        "safe site",
        "malware",
        "phishing site",
        "heur",
        "malware site",
        "alexa top",
        "million",
        "unsafe",
        "artemis",
        "riskware",
        "conduit",
        "agent",
        "opencandy",
        "xtrat",
        "iframe",
        "cleaner",
        "team",
        "installpack",
        "xrat",
        "tiggre",
        "presenoker",
        "fusioncore",
        "wacatac",
        "azorult",
        "phishing",
        "service",
        "runescape",
        "facebook",
        "bank",
        "download",
        "crack",
        "softcnapp",
        "trojanspy",
        "maltiverse",
        "falcon sandbox",
        "pattern match",
        "root ca",
        "authority",
        "class",
        "script",
        "ascii text",
        "mitre att",
        "localappdata",
        "temp",
        "ck id",
        "date",
        "unknown",
        "generator",
        "critical",
        "error",
        "meta",
        "hybrid",
        "general",
        "local",
        "click",
        "strings",
        "expiressun",
        "http response",
        "final url",
        "ip address",
        "status code",
        "body length",
        "kb body",
        "sha256",
        "headers",
        "pt3uc1",
        "path",
        "movies",
        "watch",
        "html info",
        "meta tags",
        "suddenlink tv",
        "trackers amazon",
        "pt3rc1",
        "whois record",
        "whois whois",
        "ssl certificate",
        "historical",
        "historical ssl",
        "referrer",
        "communicating",
        "dropped",
        "contacted",
        "apple ios",
        "hacktool",
        "metro",
        "malicious",
        "crypto",
        "installer",
        "attack",
        "awful",
        "brian sabey",
        "aig",
        "civicaIg",
        "tracking",
        "password crack",
        "tulach",
        "target tsara brashears",
        "tylerknott",
        "att",
        "monitoring",
        "spyware",
        "spying",
        "cybercrime",
        "tulach",
        "hughesnet",
        "ios",
        "toshiba",
        "attack",
        "malvertizing",
        "cyber stalking",
        "porn",
        "pornhub"
      ],
      "references": [
        "http://mobile.suddenlink2go.com/",
        "https://hybrid-analysis.com/sample/889790f55a8a29ee75463bbcf014c3ed6cc76e6cd0278e491ec9fa1ed14862c4/655374e9921d5d73860b7db3",
        "https://applemusic-spotlight.myunidays.com/US/en-US?",
        "https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian",
        "myhughesnet.com",
        "dishmail.net",
        "home.toshiba.com",
        "ytq2rs56.haogfw.com",
        "pornhub.com",
        "http://trk.brother-root-rich-of.xyz/campaign?id=4f1426e9-22f8-4e7a-9c32-1b2d42867559&var1=&extcid=w9A2DTCOAL56FRAK125KMLAI",
        "http://trk.reverseparameter.site/gg/izuyv?to=https://mine-top-gratis-application.pw/e29481e9-a792-46a8-bbf0-188ed2a816ae/f10439e6-e61a-4420-ba88-29e9d1c5d2ea?brand=Lenovo&btd=dHJrLm1vYmlsZXRvcDIwMTh0ZWNoaWUueHl6&exptoken=MTU1NzUxMjgzMjgyMw==&lang=ar&model=K6+Note&td=dHJrLnJldmVyc2VwYXJhbWV0ZXIuc2l0ZS9wcmNlZWQ",
        "monitor.cablelan.net",
        "https://monitor.rodgersmith.com",
        "https://www.everycloudtech.com/free-mail-flow-monitor"
      ],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "TrojanSpy",
          "display_name": "TrojanSpy",
          "target": null
        },
        {
          "id": "Maltiverse",
          "display_name": "Maltiverse",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1027",
          "name": "Obfuscated Files or Information",
          "display_name": "T1027 - Obfuscated Files or Information"
        },
        {
          "id": "T1071.004",
          "name": "DNS",
          "display_name": "T1071.004 - DNS"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1059.007",
          "name": "JavaScript",
          "display_name": "T1059.007 - JavaScript"
        },
        {
          "id": "T1071.001",
          "name": "Web Protocols",
          "display_name": "T1071.001 - Web Protocols"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1560",
          "name": "Archive Collected Data",
          "display_name": "T1560 - Archive Collected Data"
        },
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1100",
          "name": "Web Shell",
          "display_name": "T1100 - Web Shell"
        },
        {
          "id": "T1140",
          "name": "Deobfuscate/Decode Files or Information",
          "display_name": "T1140 - Deobfuscate/Decode Files or Information"
        }
      ],
      "industries": [],
      "TLP": "white",
      "cloned_from": "6553b88c316cfb531b9c4c10",
      "export_count": 22,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "FileHash-MD5": 144,
        "FileHash-SHA1": 179,
        "FileHash-SHA256": 4528,
        "CVE": 7,
        "domain": 2024,
        "hostname": 3556,
        "URL": 10455
      },
      "indicator_count": 20893,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 228,
      "modified_text": "898 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65536bc6301b7cdf7d04e095",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-14T12:44:54.422000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "898 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65536bdc3676a40633a619be",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "backdoor,trojan downloaders, networm, phishing, tracking, spyware, device commands...",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-14T12:45:16.667000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 35,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 224,
      "modified_text": "898 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568d67bd96e06ab44b9b95",
      "name": "TrojanDownloader:Win32/Cutwail.BS/Win.Trojan.Pushdo-20",
      "description": "",
      "modified": "2023-12-14T12:03:15.957000",
      "created": "2023-11-16T21:45:11.721000",
      "tags": [
        "passive dns",
        "urls",
        "t1604023287",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "url http",
        "pulse pulses",
        "http",
        "ip address",
        "ssl certificate",
        "whois record",
        "resolutions",
        "referrer",
        "historical ssl",
        "communicating",
        "threat roundup",
        "whois whois",
        "apple",
        "stopransomware",
        "core",
        "discord",
        "metro",
        "blister",
        "cobalt strike",
        "hacktool",
        "june",
        "name verdict",
        "pattern match",
        "et tor",
        "known tor",
        "misc attack",
        "link",
        "woff2",
        "relayrouter",
        "exit",
        "node traffic",
        "ascii text",
        "date",
        "click",
        "unknown",
        "meta",
        "hybrid",
        "general",
        "local",
        "strings",
        "class",
        "generator",
        "critical",
        "error",
        "execution",
        "malware",
        "network",
        "roblox",
        "united",
        "as13335",
        "a domains",
        "status",
        "aaaa",
        "search",
        "script urls",
        "creation date",
        "showing",
        "pixel",
        "win32",
        "download",
        "t1507537243"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [
        {
          "id": "Roblox",
          "display_name": "Roblox",
          "target": null
        }
      ],
      "attack_ids": [
        {
          "id": "T1059",
          "name": "Command and Scripting Interpreter",
          "display_name": "T1059 - Command and Scripting Interpreter"
        },
        {
          "id": "T1071",
          "name": "Application Layer Protocol",
          "display_name": "T1071 - Application Layer Protocol"
        },
        {
          "id": "T1105",
          "name": "Ingress Tool Transfer",
          "display_name": "T1105 - Ingress Tool Transfer"
        },
        {
          "id": "T1497",
          "name": "Virtualization/Sandbox Evasion",
          "display_name": "T1497 - Virtualization/Sandbox Evasion"
        }
      ],
      "industries": [],
      "TLP": "green",
      "cloned_from": "65536bdc3676a40633a619be",
      "export_count": 25,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "URL": 11333,
        "FileHash-MD5": 81,
        "FileHash-SHA1": 74,
        "FileHash-SHA256": 3269,
        "domain": 2748,
        "hostname": 3475,
        "email": 2,
        "CVE": 2
      },
      "indicator_count": 20984,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 228,
      "modified_text": "898 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6552d60aae6e1b3c22455088",
      "name": "Hive 0065",
      "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
      "modified": "2023-12-13T16:00:45.799000",
      "created": "2023-11-14T02:06:02.329000",
      "tags": [
        "united",
        "as8075",
        "creation date",
        "unknown",
        "search",
        "entries",
        "asnone country",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "related domains",
        "show",
        "domain related",
        "xbox",
        "whois record",
        "contacted",
        "whois whois",
        "ssl certificate",
        "communicating",
        "referrer",
        "execution",
        "historical ssl",
        "bundled",
        "family",
        "lolkek",
        "formbook",
        "skynet",
        "lockbit",
        "ursnif",
        "attack",
        "core"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 4276,
        "email": 3,
        "hostname": 2288,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 49,
        "FileHash-SHA256": 2756,
        "URL": 8696,
        "CVE": 1
      },
      "indicator_count": 18120,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 226,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "6552d6f5f56d2e9cd9e18a30",
      "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
      "description": "Hive 0065\nURL: https://applemusic-spotlight.myunidays.com/US/en-US?\n\nHive 0065\nHostname: applemusic-spotlight.myunidays.com",
      "modified": "2023-12-13T16:00:45.799000",
      "created": "2023-11-14T02:09:57.370000",
      "tags": [
        "united",
        "as8075",
        "creation date",
        "unknown",
        "search",
        "entries",
        "asnone country",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "related domains",
        "show",
        "domain related",
        "xbox",
        "whois record",
        "contacted",
        "whois whois",
        "ssl certificate",
        "communicating",
        "referrer",
        "execution",
        "historical ssl",
        "bundled",
        "family",
        "lolkek",
        "formbook",
        "skynet",
        "lockbit",
        "ursnif",
        "attack",
        "core"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": null,
      "export_count": 29,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "OctoSeek",
        "id": "243548",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_243548/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 4276,
        "email": 3,
        "hostname": 2288,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 49,
        "FileHash-SHA256": 2756,
        "URL": 8696,
        "CVE": 1
      },
      "indicator_count": 18120,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 225,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    },
    {
      "id": "65568b00198f82af2e88d463",
      "name": "Lolkek \u2022 FormBook \u2022 Lokbit \u2022 Skynet",
      "description": "",
      "modified": "2023-12-13T16:00:45.799000",
      "created": "2023-11-16T21:34:56.016000",
      "tags": [
        "united",
        "as8075",
        "creation date",
        "unknown",
        "search",
        "entries",
        "asnone country",
        "scan endpoints",
        "all search",
        "otx octoseek",
        "related domains",
        "show",
        "domain related",
        "xbox",
        "whois record",
        "contacted",
        "whois whois",
        "ssl certificate",
        "communicating",
        "referrer",
        "execution",
        "historical ssl",
        "bundled",
        "family",
        "lolkek",
        "formbook",
        "skynet",
        "lockbit",
        "ursnif",
        "attack",
        "core"
      ],
      "references": [],
      "public": 1,
      "adversary": "",
      "targeted_countries": [],
      "malware_families": [],
      "attack_ids": [],
      "industries": [],
      "TLP": "green",
      "cloned_from": "6552d6f5f56d2e9cd9e18a30",
      "export_count": 21,
      "upvotes_count": 0,
      "downvotes_count": 0,
      "votes_count": 0,
      "locked": false,
      "pulse_source": "web",
      "validator_count": 0,
      "comment_count": 0,
      "follower_count": 0,
      "vote": 0,
      "author": {
        "username": "scoreblue",
        "id": "254100",
        "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_254100/resized/80/avatar_3b9c358f36.png",
        "is_subscribed": false,
        "is_following": false
      },
      "indicator_type_counts": {
        "domain": 4276,
        "email": 3,
        "hostname": 2288,
        "FileHash-MD5": 51,
        "FileHash-SHA1": 49,
        "FileHash-SHA256": 2756,
        "URL": 8696,
        "CVE": 1
      },
      "indicator_count": 18120,
      "is_author": false,
      "is_subscribing": null,
      "subscriber_count": 231,
      "modified_text": "899 days ago ",
      "is_modified": true,
      "groups": [],
      "in_group": false,
      "threat_hunter_scannable": true,
      "threat_hunter_has_agents": 1,
      "related_indicator_type": "domain",
      "related_indicator_is_active": 1
    }
  ],
  "error": null,
  "vt": {
    "error": "VirusTotal rate limit reached. Try again shortly.",
    "indicator": "dalet.com",
    "type": "Domain"
  },
  "abuseipdb": null,
  "urlhaus": {
    "indicator": "dalet.com",
    "found": false,
    "verdict": "clean",
    "urls": [],
    "error": null
  },
  "from_cache": true,
  "_cached_at": 1780212027.770587
}