{ "type": "Domain", "indicator": "de.properties", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/de.properties", "alexa": "http://www.alexa.com/siteinfo/de.properties", "indicator": "de.properties", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3668630377, "indicator": "de.properties", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 4, "pulses": [ { "id": "6a1bd66fc9c0dac3fc1c3d4d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-06-02T02:18:27.414000", "created": "2026-05-31T06:34:23.017000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 104, "URL": 198, "domain": 28, "IPv6": 8, "FileHash-SHA256": 42, "IPv4": 56 }, "indicator_count": 453, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a1bd66eeaaf6d7290ac299d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-05-31T06:34:22.530000", "created": "2026-05-31T06:34:22.530000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 80, "URL": 94, "domain": 22, "IPv6": 8, "FileHash-SHA256": 32, "IPv4": 26 }, "indicator_count": 279, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "2 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "694b02eb945649ff909f06d5", "name": "$RECYCLE . BIN\\ -> Part 2", "description": "E:\\Suss-SG2\\$RECYCLE.BIN\\\n\nVictim Google Pixel Telus ISP Norton AV Device\nDevice connected to AHS/Covenant Health, University of Alberta, Government of Alberta", "modified": "2026-01-28T02:03:16.337000", "created": "2025-12-23T21:00:27.029000", "tags": [ "Telus", "YEG", "AHS", "Pixel", "ConnectCare", "Norton", "UAlberta", "Google" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education", "Technology", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65761, "FileHash-SHA1": 56561, "FileHash-SHA256": 43672, "domain": 1373, "email": 39, "URL": 466, "hostname": 818, "CVE": 3, "CIDR": 2 }, "indicator_count": 168695, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "125 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6443fc0a12315ea70966d1fa", "name": "smarthost.maedler.de v2 all", "description": "", "modified": "2023-04-22T15:24:10.853000", "created": "2023-04-22T15:23:54.659000", "tags": [ "memoryfile scan", "runtime data", "ck id", "windir", "mitre att", "ck matrix", "y ansi", "x ansi", "double", "suspicious", "path", "sicil", "format", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/a41ab2eca1f39a88465daddff328b6bb98a3598f8583e673ded8bd2e98a527c1/644051a3b2e8ea46fc08422b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 130, "hostname": 64, "domain": 22, "IPv4": 1, "FileHash-SHA256": 3, "FileHash-MD5": 2, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1136 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://hybrid-analysis.com/sample/a41ab2eca1f39a88465daddff328b6bb98a3598f8583e673ded8bd2e98a527c1/644051a3b2e8ea46fc08422b", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Healthcare", "Government", "Telecommunications", "Education", "Technology" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 4, "pulses": [ { "id": "6a1bd66fc9c0dac3fc1c3d4d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-06-02T02:18:27.414000", "created": "2026-05-31T06:34:23.017000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 1, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 104, "URL": 198, "domain": 28, "IPv6": 8, "FileHash-SHA256": 42, "IPv4": 56 }, "indicator_count": 453, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "6 hours ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6a1bd66eeaaf6d7290ac299d", "name": "Bluesnarfing - Accessibility Feautures Part 2 * VirusTotal Droidy Android Sandbox", "description": "A recent Veteran client who was forced to abandon a new smartphone & revert to a legacy model. The target device's pairing registry was flooded with unauthorized \"Toyota Corolla\" profiles. This disruptive exploit effectively displaced the user, highlighting an emerging threat pattern targeting vulnerable individuals. The vulnerability lies within the smartphone's automated peripheral linking layer. Attackers broadcast spoofed identifiers that the smartphone automatically accepts. This floods and corrupts the local registry database, rendering the device unmanageable. 1 Bluesnarfing: Attackers exploit authentication flaws to gain unauthorized access to internal data, allowing them to copy contacts, text messages, and photos without user permission, 2 Man-in-the-Middle (MitM) Relays: Attackers capture and relay wireless signals over long distances, fooling a phone into believing it is next to a trusted vehicle or accessory when it is miles away, 3 BLE Spoofing Attacks, & 4. Bluejacking.", "modified": "2026-05-31T06:34:22.530000", "created": "2026-05-31T06:34:22.530000", "tags": [ "a domains", "present jun", "name servers", "meta", "toyota", "date", "present jul", "moved", "domains", "new cars", "body", "title", "aaaa", "cname", "algorithm", "key identifier", "x509v3 subject", "number", "cus oamazon", "cnamazon rsa", "m04 validity", "subject public", "key info", "key algorithm", "united", "name", "create date", "domain", "expiry date", "update date", "current object", "process", "e0 dd", "dc d8", "b7 fe", "c1 fc", "f8 b6", "ba df", "b0 s", "da dc", "android", "unknown", "detail info", "behaviour", "detect operator", "antisimulator", "check root", "access network", "connect", "contentresolver", "flag", "componentname", "extras", "service", "toyota owners", "us california", "torrance", "accessibility features", "veterans hearing aids", "veterans bluetooth", "tacoma", "corrolla" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_VirusTotal%20Droidy.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208130&Signature=wtAr8J0ruv23wHZcOhupkZaq%2BBIhOLdQM0FwFnG9Vv4vfEv%2F0zvCPxhakLMeyzbmzNDul6j3OrPU4VxY7xMr2bzDRY9pb7yc7gyKykIX%2FzqiMKw9NJaYvd858j7wnYC6wK%2FPMRE%2Fr45iiPDrxLcEri4h9vW0C8YhUTP%2FD1hJFQty2KS6nKXTIlTjfunUA3XfgDhYR3hy4HqRTmkCxzHv0KJs2XvbEzODP5GEQjSxKQXlo", "https://vtbehaviour.commondatastorage.googleapis.com/18cc9428ef5bf4bbd58cdb631b1ed7d723ce36f369c0e8b35896d87aef0f85ef_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1780208156&Signature=LkY0drhs4Hyo8VkdUIwaxW7Ej1h8Uzhf6E3mpwOzCp%2BseX1pZcB2eVzZGa3U1bp2woAxF8N0w6ItA6hh14Ecaq26YEU78OQHluBOjDD05wYLm1kZDESgfOQZ93owFEXKy267LJtLTldA%2BQMhApZM0zZBKfF9VzZRqQCwvXusUk5fLOX5kpUYUgixwVHamIXwbLG9CgxX6OdWPTKpVWxfsi2dmlWhGmWuuVTIjVyqxH8aV%2BU5FRhyccS8", "06:51 AM 09/18/2014 06:51 AM 09/12/2039 541a810a 0b8464eae298da2d9ec5a12271309acb25e25465", "Certificate Issuer: C:US, CN:Michael LaPean, L:Torrance, O:Toyota Motor Sales, ST:California, OU:Toyota Owners Michael LaPean Toyota Motor Sales Toyota Owners US California Torrance" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 9, "FileHash-SHA1": 6, "email": 2, "hostname": 80, "URL": 94, "domain": 22, "IPv6": 8, "FileHash-SHA256": 32, "IPv4": 26 }, "indicator_count": 279, "is_author": false, "is_subscribing": null, "subscriber_count": 67, "modified_text": "2 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "694b02eb945649ff909f06d5", "name": "$RECYCLE . BIN\\ -> Part 2", "description": "E:\\Suss-SG2\\$RECYCLE.BIN\\\n\nVictim Google Pixel Telus ISP Norton AV Device\nDevice connected to AHS/Covenant Health, University of Alberta, Government of Alberta", "modified": "2026-01-28T02:03:16.337000", "created": "2025-12-23T21:00:27.029000", "tags": [ "Telus", "YEG", "AHS", "Pixel", "ConnectCare", "Norton", "UAlberta", "Google" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "Canada", "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government", "Education", "Technology", "Telecommunications", "Healthcare" ], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Disable_Duck", "id": "244325", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_244325/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 65761, "FileHash-SHA1": 56561, "FileHash-SHA256": 43672, "domain": 1373, "email": 39, "URL": 466, "hostname": 818, "CVE": 3, "CIDR": 2 }, "indicator_count": 168695, "is_author": false, "is_subscribing": null, "subscriber_count": 130, "modified_text": "125 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6443fc0a12315ea70966d1fa", "name": "smarthost.maedler.de v2 all", "description": "", "modified": "2023-04-22T15:24:10.853000", "created": "2023-04-22T15:23:54.659000", "tags": [ "memoryfile scan", "runtime data", "ck id", "windir", "mitre att", "ck matrix", "y ansi", "x ansi", "double", "suspicious", "path", "sicil", "format", "qakbot" ], "references": [ "https://hybrid-analysis.com/sample/a41ab2eca1f39a88465daddff328b6bb98a3598f8583e673ded8bd2e98a527c1/644051a3b2e8ea46fc08422b" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1012", "name": "Query Registry", "display_name": "T1012 - Query Registry" }, { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1040", "name": "Network Sniffing", "display_name": "T1040 - Network Sniffing" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1074", "name": "Data Staged", "display_name": "T1074 - Data Staged" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1105", "name": "Ingress Tool Transfer", "display_name": "T1105 - Ingress Tool Transfer" }, { "id": "T1106", "name": "Native API", "display_name": "T1106 - Native API" }, { "id": "T1114", "name": "Email Collection", "display_name": "T1114 - Email Collection" }, { "id": "T1129", "name": "Shared Modules", "display_name": "T1129 - Shared Modules" }, { "id": "T1213", "name": "Data from Information Repositories", "display_name": "T1213 - Data from Information Repositories" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1486", "name": "Data Encrypted for Impact", "display_name": "T1486 - Data Encrypted for Impact" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1529", "name": "System Shutdown/Reboot", "display_name": "T1529 - System Shutdown/Reboot" }, { "id": "T1562", "name": "Impair Defenses", "display_name": "T1562 - Impair Defenses" }, { "id": "T1571", "name": "Non-Standard Port", "display_name": "T1571 - Non-Standard Port" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1614", "name": "System Location Discovery", "display_name": "T1614 - System Location Discovery" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 130, "hostname": 64, "domain": 22, "IPv4": 1, "FileHash-SHA256": 3, "FileHash-MD5": 2, "FileHash-SHA1": 2, "email": 1 }, "indicator_count": 225, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1136 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "de.properties", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "de.properties", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780389768.3896308 }