{ "type": "Domain", "indicator": "default.call", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/default.call", "alexa": "http://www.alexa.com/siteinfo/default.call", "indicator": "default.call", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3207567556, "indicator": "default.call", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 11, "pulses": [ { "id": "668bfcb0b48a387b9d2c8562", "name": "Ministerstwo Finans\u00f3w - Portal Gov.pl", "description": "Pliki cookie zosta\u0142y ju\u017c zapisane i wydrukowane.\n5852be629358e18160c5483bfc8c9f0023b974565f2d59ce7f4497cc734b4ecd 30 pa\u017a 2022 b8a2476b55132fdf0531d6cd48126b759dc08a8f5b019917b62373e536a0b8c9 26 pa\u017a 2022 2700fbe4001e27ba55d72841817b0b9454954b496f21e4259c88919027172694 6 wrze\u015bnia 2022 r. 91da570586b7c04e3012215469ed8b8c5aa036068cc48ba7a7ac0d8cce34290e 5 wrze\u015bnia 2022 r. 1757d8363e28b35b9e29c44d0bc87e2a03d90ca50dadd780924528e0a13d49e1 31 sierpnia 2022 r. fe5744ed48406b90eae1747aab5386645406ad61cdc629ebc7ded97aa099ae28 30 lipca 2022 r. c730bac7a1da3b6263e7672c85cb4deb229c45479bd64bc7194a9a8bb16b8cb6 16 lipca 2022 r. 177b428ac63ad3b6c606ed11b33c9fc4d79f6ff5e6b3ac3ee849f1e2d1f2c903 16 lipca 2022 r. a35121637b79b7d926b63afceae409fdb35c14ad5431ecd199179622e1711ca6", "modified": "2024-10-17T05:28:49.118000", "created": "2024-07-08T14:50:24.496000", "tags": [ "polskiej", "przejd", "usugi dla", "logowanie", "profil zaufany", "skarbowa", "zobacz", "ksef", "zastpca szefa", "stopka", "rada", "inquest labs", "vba project", "vbaproject", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha1", "sha256", "typ tekst", "opis tekst", "ascii md5", "rozmiar", "typ dane", "pdf c", "text c", "ounizeto", "validation ca", "sha2", "odigicert inc", "cusa", "authority", "rsa ca", "cncertum domain", "cngeotrust ev", "oglobalsign", "unicode", "z bom", "crlf", "rgba", "dane obrazu", "tekst utf8", "v2 dokument", "dane", "dokument html", "jpeg", "skrt", "opis", "poczenie", "wifi", "start", "nazwa typ", "md5 nazwa", "procesu plik", "pe32", "intel", "pejzasz", "ms windows", "plik dokumentu", "nie c", "win32 exe", "crt.sh", "ct", "certificate transparency", "certificate search", "ssl certificate", "sectigo", "comodo ca", "comodo", "tls web", "criteria id", "647257375", "timestamp entry", "log operator", "log url", "google https", "ca mechanism", "provider status", "error", "log id", "647257567", "summary leaf", "sectigo https", "expired", "certificate", "lets", "key usage", "identifier", "551852229", "digicert https", "479894151", "479896285", "tylne drzwi", "win32", "imphasz", "wirustotal", "emaile", "emaile pnewell", "emaile khunter", "emaile eooshea", "emaile regadmin", "microsoft excel", "wed jan", "submission", "vhash", "ssdeep", "file type", "ms excel", "xls magic", "file v2", "document", "number", "algorithm", "certum", "unizeto", "warszawa", "31915086", "nitro pro", "nitro sign", "nitro", "nitro pdf", "primopdf", "pdfs", "business nitro", "pdf nitro", "pdf pro", "desktop", "premium", "service", "ja3s", "mnie", "sysv", "lsb executable", "eabi4 version", "msb executable", "mips", "mipsi version", "trojan", "imphash", "pehash", "name type", "md5 process", "fault", "header", "bezterminowo", "adres url", "nazwa hosta", "ipv4", "ccie asnas8075", "nie mona", "trojandropper", "url skryptw", "domeny a", "kliknij", "prbka skrt", "uwzgldnij", "nieobecny", "procesu", "ascii z", "ascii bez", "mirai", "win32virut", "procesu zastpy", "tekst ascii", "z terminatorami" ], "references": [ "http://www.mf.gov.pl/tutaj/a./p/body/html", "https://www.mf.gov.pl/tutaj/a./p/body/html", "https://mdec.nelreports.net/api/report?cat=mdocs", "https://crt.sh/?id=647257375", "https://crt.sh/?id=647257567", "https://crt.sh/?id=551852229", "https://crt.sh/?id=479894151", "https://crt.sh/?id=479896285", "https://crt.sh/?d=49659844", "https://crt.sh/?id=31915086", "http://www.primopdf.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "e74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 ELF :Mirai- MALWARE GH\\ [Trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "display_name": "e74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 ELF :Mirai- MALWARE GH\\ [Trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "target": null } ], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 127, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 627, "email": 41, "FileHash-SHA1": 1565, "FileHash-SHA256": 5520, "URL": 1821, "FileHash-MD5": 1861, "SSLCertFingerprint": 10, "domain": 167, "IPv4": 31, "YARA": 7, "CVE": 7 }, "indicator_count": 11657, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "591 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66831f04ad169d3b685c9645", "name": "Win.exe , Bootstrapper.exe , pl.microsoft.com , microsoft.com/pki/certs/MicRooCerAut_2010", "description": "rule UPX { meta: author = \"kevoreilly\" description = \"UPX dump on OEP (original entry point)\" cape_options = \"bp0=$upx32+9,bp0=$upx64+11,action0=step2oep\" strings: $upx32 = {6A 00 39 C4 75 FA 83 EC ?? rule Windows_Generic_Threat_5c18a7f9 { meta: author = \"Elastic Security\" id = \"5c18a7f9-01af-468b-9a63-cfecbeb739d7\" fingerprint = \"68c9114ac342d527cf6f0cea96b63dfeb8e5d80060572fad2bbc7d287c752d4a\" creation_date = \"2024-01-21\" last_modified = \"2024-02-08\" threat_name = \"Windows.\ndca60557a1f47948d7158ba9f56ad8656bd0b343488264e23037fd66174e3cd5\nb4f7ace176d0eeba828e7c03f39befb30355223860d14e6ca4422fdb81778df7\nPr\u00f3bka Cuckoo-843b85c493b8a9048b2ab73a9d1a8.cab - polecenie Microsoft Office.\nResearchers have decoded a new set of data on how to store data in a safe and easy-to-use digital format, as well as the results of a series of tests on the subject.", "modified": "2024-10-14T20:36:07.924000", "created": "2024-07-01T21:26:27.623000", "tags": [ "no expiration", "filehashsha256", "hacktool", "expiration", "win32autokms no", "filehashmd5", "filehashsha1", "virus", "sha1", "win32", "trojan", "ransom", "pejzasz", "vhash", "imphash", "ssdeep", "hash", "skrt", "y pkmsauto", "crlf", "dodaj", "hostsettings", "v wczono", "t regdword", "powershell", "nowy", "pe32", "intel", "ms windows", "nazwa typ", "md5 nazwa", "procesu", "vs2013", "rticon neutral", "compiler", "submission", "file version", "chi2", "contained", "authentihash", "pehash", "uacme akagi", "cobalt strike", "detects", "roth", "sliver stagers", "highvol", "detects imphash", "zero", "virustotal", "detection rule", "license", "arnim rupp", "whasz", "github", "postpuj zgodnie", "przegld", "danie id", "github og", "url https", "error", "toast", "clientrender", "date", "promise", "65536", "client env", "alloy", "rangeerror", "staff", "upx dump", "security", "license v2", "e8 ff", "fc ff", "ff ff", "e8 f7", "c3 e8", "e8 db", "f0 c9", "c8 ff", "c9 c3", "c4 a8", "a7 ff", "f1 e8", "ec c7", "f0 c0", "c1 e9", "ec e8", "ff e8", "a3 a4", "db e2", "b0 e9", "e8 ba", "b9 f3", "e4 f8", "ff e9", "eb ed", "b6 b3", "b6 bb", "c8 f7", "c6 a8", "f6 c1", "b0 d7", "df e0", "c4 f0", "fc e8", "cf e5", "f8 ff", "f7 ff", "cc cc", "c3 b8", "b9 ff", "ff f3", "ab aa", "f7 f9", "b8 c7", "be ad", "ef be", "ad de", "e9 cd", "c4 f4", "fe ff", "d1 fa", "fa fc", "f3 a6", "fb ff", "fc c6", "fc eb", "e8 ed", "fb d1", "b6 f8", "c7 c7", "ec d0", "b6 d2", "ff e1", "c0 ac", "c1 e3", "c3 aa", "c2 c1", "d3 f7", "fc c7", "win32 cabinet", "selfextractor", "pecompact", "yarahub", "yara", "repository", "hub", "repo", "malware_onenote_delivery_jan23", "yara rule", "team", "sifalconteam", "yarahub entry", "rule details", "malpedia family", "rule matching", "content copy", "download rule", "malware", "cc by", "vbscript", "sub autoopen", "getobject", "batch" ], "references": [ "https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_safe-storage_safe-storage_ts-ui_-682c2c-2c0ad573fa49.js", "https://yaraify.abuse.ch/yarahub/rule/MALWARE_OneNote_Delivery_Jan23" ], "public": 1, "adversary": "rule MALWARE_OneNote_Delivery_Jan23 { meta: author = \"SECUINFRA Falcon Team (@SI_FalconTeam)\" descri", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 361, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 14732, "FileHash-MD5": 4316, "FileHash-SHA1": 3405, "YARA": 181, "URL": 4793, "domain": 1717, "hostname": 4354, "IPv4": 107, "IPv6": 845, "email": 26, "CVE": 13, "FilePath": 1 }, "indicator_count": 34490, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657096b22a51f1cc56dcfb53", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "", "modified": "2023-12-06T15:43:46.083000", "created": "2023-12-06T15:43:46.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "domain": 134, "FileHash-SHA256": 82, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e254b734f1efd8bd0ad", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "", "modified": "2023-12-06T15:07:17.380000", "created": "2023-12-06T15:07:17.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1645, "URL": 8598, "domain": 1004, "hostname": 2066, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c13ee010f81d3f9b3af", "name": "Malware hosting - hostrocket.com", "description": "", "modified": "2023-12-06T14:58:27.115000", "created": "2023-12-06T14:58:27.115000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 232, "hostname": 963, "domain": 412, "URL": 2337, "email": 3, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3949, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63dbbf6ae4f5433c2bab52e9", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "A guide to some of the key methods used by the web browser, jQuery, to create web pages and add links to the search engine and other parts of its web address system, as well as the address bar.", "modified": "2023-03-04T13:00:43.098000", "created": "2023-02-02T13:49:30.620000", "tags": [ "null", "copyright", "jan sorgalla", "built", "bill scott", "http", "error", "function", "title", "method", "play", "fast", "click", "return", "href", "target", "span", "pass", "linear", "timebuff", "block", "trigger", "nivoslider", "display", "width", "show", "next", "arrow", "restart", "stop", "iframe", "alpha", "factory", "type", "handle", "sizzle", "match", "check", "make sure", "elem", "name", "regexp", "hooks", "false", "date", "class", "internal", "done", "bind", "test", "body", "copy", "hold", "mozilla", "logic", "flash", "jquery", "fall", "bubble", "prop", "meta", "middle", "mark", "thus", "form", "script script", "a li", "div div", "mua bn", "link", "a div", "trang ch", "gii thiu", "tin tc", "header http2", "gmt cache", "gmt server", "litespeed", "443 ma2592000", "172.217.16.232", "http://lhr48s28-in-f8.1e100.net" ], "references": [ "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key", "https://m.bds247.vn//view/js/jquery6_1.js 443", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://m.bds247.vn/view/js/page.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "https://m.bds247.vn//view/js/jquery6_1.js", "https://m.bds247.vn/lib/nivo-slider/slider.js", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "FileHash-SHA256": 82, "domain": 134, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6280921bfbaf2aace62511f1", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "Alibaba", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T05:39:39.040000", "tags": [ "typeerror", "object", "typeof t", "symbol", "typeof e", "typeof self", "webpackrequire", "typeof n", "json", "math", "body", "copyright", "apoorv saxena", "typeof", "typeof define", "detect ie", "typeof document", "substring", "\u963f\u91cc\u5df4\u5df4\uff0c1688\uff0c\u5fae\u5546\uff0c\u5fae\u5e97\uff0c\u8d27\u6e90\uff0c\u5973\u88c5\u6279\u53d1\uff0c\u7537\u88c5\uff0cb2b\uff0c\u6279\u53d1\uff0c\u91c7\u8d2d", "typeof symbol", "promise", "error", "date", "createclass", "array", "this", "typeof lib", "null", "mozilla", "regexp", "typeof require", "xmlhttprequest", "license", "xdomainrequest", "aplusscore", "s1e4", "cfunction", "html5", "span", "button", "android", "jupdate", "void", "webview", "kraken", "nundefined", "xfunction", "zfunction", "chrome", "xuexi", "nullj", "area", "mtopwvplugin", "activexobject", "post", "options", "function", "head", "delete", "false", "trace", "patch", "unknown", "alipay", "ff6a00", "opacity100", "opacity0", "f2f3f7", "e6e7eb", "f7f8fa", "helvetica neue", "helvetica", "tahoma", "arial", "\u963f\u91cc\u5df4\u5df4\uff0c\u91c7\u8d2d\u6279\u53d1\uff0c1688\uff0c\u884c\u4e1a\u95e8\u6237\uff0c\u7f51\u4e0a\u8d38\u6613\uff0cb2b\uff0c\u7535\u5b50\u5546\u52a1\uff0c\u5185\u8d38\uff0c\u5916\u8d38\uff0c\u6279\u53d1\uff0c\u884c\u4e1a\u8d44\u8baf\uff0c\u7f51\u4e0a\u8d38\u6613\uff0c\u7f51\u4e0a\u4ea4\u6613\uff0c\u4ea4\u6613\u5e02\u573a\uff0c\u5728", "1688", "1000", "yunos", "lazada", "http response", "gmt contenttype", "vary" ], "references": [ "xfe-URL-1688.com-stix2-2.1-export.json", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "https://page.1688.com/shtml/static/wrongpage.html", "http://polyfill.alicdn.com/", "xfe-URL-Alijk.com-stix2-2.1-export.json", "http://i.alicdn.com/", "http://is.alicdn.com/", "http://1688.com/", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8598, "hostname": 2066, "domain": 1004, "FileHash-SHA256": 1645, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1447 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627967e42ba7034ecd1f3156", "name": "ioflood.com", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-08T00:03:25.734000", "created": "2022-05-09T19:13:40.111000", "tags": [ "regexp", "null", "width", "function", "array", "attr", "class", "css1compat", "string", "invalid json", "vd", "number", "copyright", "ienew ca", "date", "closure library", "error", "quota", "aafunction", "dafunction" ], "references": [ "xfe-URL-https___ioflood.com_-stix2-2.1-export 2.json", "https://www.googletagmanager.com/gtag/js?id=UA-131832170-1", "https://ioflood.com/jquery-1.6.4.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1249, "hostname": 462, "FileHash-SHA256": 96, "domain": 256 }, "indicator_count": 2063, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f492a0581b2eb202e47c9", "name": "Malware hosting - hostrocket.com", "description": "ChunkLoadError, a new type of error, failed to load a chunk of JavaScript, according to the web browser operator, E.noconflict.com, as well as the website itself.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T23:43:38.539000", "tags": [ "jxuiwidget", "null", "function", "jxuihtmldiv", "date", "jxuilabel", "zendesk chat", "regexp", "api update", "jxuihtmla", "window", "chat", "void", "error", "loader", "back", "click", "close", "agent", "hello", "form", "banned", "cookie", "small", "legacy", "direct", "colorbox core", "style", "user style", "colorbox", "html", "6deg", "e5e5e5", "dbdbdb", "d2d2d2", "eaedef", "michael farrell", "home", "helvetica", "ssd shared", "page", "formnum", "hidden", "current", "hostrocket", "dotblock", "fast", "href", "price slider", "tooltip", "dotblock popup", "callback", "rect", "cycle plugin", "number", "auto", "shuffle", "manual", "roll", "speed", "stop", "false", "first", "look", "copyright", "gpl version", "http", "document", "ui effects", "width", "left", "bottom", "this", "atom", "html id", "price", "timer", "value", "processor", "example", "storage", "string", "class", "thecookie", "create", "thevalue", "param", "type", "pluginscookie", "author", "jquery", "u00a0", "option", "body", "optgroup", "multiple", "selectboxhover", "selectbox", "label", "control", "slideshow", "jack moore", "mit license", "overlay", "wrapper", "content", "loadedcontent", "loadingoverlay", "next", "iframe", "array", "attr", "tools", "ui library", "no copyrights", "or licenses", "like", "media", "john resig", "dual", "gtmkw8b5l", "classes", "host", "path", "element", "trackpageview", "typeerror", "typeof symbol", "typeof e", "typeof t", "referenceerror", "promise", "script", "boolean", "typeof n" ], "references": [ "xfe-URL-hostrocket.com-stix2-2.1-export 2.json", "https://www.googletagmanager.com/gtm.js?id=GTM-KW8B5L", "https://www.hostrocket.com/js/jquery-1.6.1.min.js", "https://www.hostrocket.com/js/jquery.tools.min.js", "https://www.hostrocket.com/js/jquery.colorbox-min.js", "https://www.hostrocket.com/js/jquery.selectBox.min.js", "https://www.hostrocket.com/js/jquery.cookie.js", "https://www.hostrocket.com/js/jquery.price_slider.js", "https://www.hostrocket.com/js/jquery-ui-1.8.13.custom.min.js", "https://www.hostrocket.com/js/jquery.cycle.all.js", "https://www.hostrocket.com/js/jquery.behavior.js", "https://www.hostrocket.com/contact-files/contact-form.js", "https://www.hostrocket.com/css/style.css", "https://www.hostrocket.com/css/colorbox.css", "https://www.hostrocket.com/css/style-nophone.css", "https://v2.zopim.com/bin/v/widget_v2.329.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 963, "email": 3, "domain": 412, "URL": 2338, "FileHash-SHA256": 232, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3950, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "621fff12d2c54f70fea90576", "name": "Bexar.org", "description": "", "modified": "2022-04-01T00:01:54.852000", "created": "2022-03-02T23:34:42.531000", "tags": [], "references": [ "www.bexar.org - urlscan.io.pdf", "bexar api 4.pdf", "bexar api 8.pdf", "bexar 6.pdf", "bexar api 2.pdf", "bexar api 7.pdf", "bexar api 3.pdf", "bexar api 9.pdf", "bexar api 12.pdf", "bexar api 17.pdf", "bexar api 15.pdf", "bexar api 18.pdf", "bexar api 10.pdf", "bexar api 19.pdf", "bexar api 20.pdf", "bexar api 13.pdf", "bexar api 21.pdf", "bexar api 14.pdf", "bexar api 22.pdf", "bexar1.pdf", "bexar api5.pdf", "bexar2.pdf", "bexar3.pdf", "bexar.org 3.2.22.pdf", "bexar6.pdf", "bexar5.pdf", "bexar api_1.pdf", "bexar10.pdf", "bexar api.pdf", "bexar_v1df.pdf", "bexarv4df.pdf", "bexarv2df.pdf", "bexarv6df.pdf", "bexasv3df.pdf", "bexarv7df.pdf", "bear_v apidf.pdf" ], "public": 1, "adversary": "", "targeted_countries": [ "United States of America" ], "malware_families": [], "attack_ids": [], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Kailula4", "id": "131997", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 1833, "URL": 4669, "domain": 1025, "FileHash-SHA256": 1735, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9410, "is_author": false, "is_subscribing": null, "subscriber_count": 406, "modified_text": "1521 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://www.hostrocket.com/css/colorbox.css", "https://crt.sh/?id=647257375", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js", "bexar api 8.pdf", "bexar6.pdf", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "bexar api 22.pdf", "bexar api.pdf", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "bexar api 13.pdf", "https://crt.sh/?id=551852229", "bexar api 7.pdf", "http://i.alicdn.com/", "https://m.bds247.vn//view/js/jquery6_1.js 443", "https://v2.zopim.com/bin/v/widget_v2.329.js", "bexar3.pdf", "bexar api 15.pdf", "https://www.hostrocket.com/js/jquery.price_slider.js", "bexar_v1df.pdf", "bear_v apidf.pdf", "bexar api 9.pdf", "bexasv3df.pdf", "bexar api 14.pdf", "xfe-URL-https___ioflood.com_-stix2-2.1-export 2.json", "bexar2.pdf", "bexar 6.pdf", "bexar api 2.pdf", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "bexarv4df.pdf", "https://page.1688.com/shtml/static/wrongpage.html", "bexar10.pdf", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "https://crt.sh/?id=31915086", "https://www.mf.gov.pl/tutaj/a./p/body/html", "bexar api 12.pdf", "https://crt.sh/?id=479894151", "https://www.hostrocket.com/js/jquery.selectBox.min.js", "https://ioflood.com/jquery-1.6.4.min.js", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key", "bexarv2df.pdf", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "bexar1.pdf", "bexar api 4.pdf", "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "bexar api 18.pdf", "https://www.hostrocket.com/js/jquery.colorbox-min.js", "bexar.org 3.2.22.pdf", "https://www.hostrocket.com/js/jquery-1.6.1.min.js", "http://1688.com/", "https://www.hostrocket.com/js/jquery.behavior.js", "https://crt.sh/?id=479896285", "https://crt.sh/?d=49659844", "http://www.mf.gov.pl/tutaj/a./p/body/html", "bexar api_1.pdf", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js", "bexar api 17.pdf", "bexarv6df.pdf", "https://www.hostrocket.com/js/jquery-ui-1.8.13.custom.min.js", "xfe-URL-1688.com-stix2-2.1-export.json", "https://yaraify.abuse.ch/yarahub/rule/MALWARE_OneNote_Delivery_Jan23", "bexar api 21.pdf", "https://www.hostrocket.com/js/jquery.cycle.all.js", "xfe-URL-Alijk.com-stix2-2.1-export.json", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "bexar api 10.pdf", "bexar api 20.pdf", "https://mdec.nelreports.net/api/report?cat=mdocs", "bexar5.pdf", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "https://www.hostrocket.com/js/jquery.tools.min.js", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://m.bds247.vn//view/js/jquery6_1.js", "https://www.hostrocket.com/js/jquery.cookie.js", "bexar api5.pdf", "https://crt.sh/?id=647257567", "https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_safe-storage_safe-storage_ts-ui_-682c2c-2c0ad573fa49.js", "xfe-URL-hostrocket.com-stix2-2.1-export 2.json", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "https://m.bds247.vn/lib/nivo-slider/slider.js", "http://is.alicdn.com/", "https://www.googletagmanager.com/gtm.js?id=GTM-KW8B5L", "bexarv7df.pdf", "bexar api 19.pdf", "https://www.hostrocket.com/css/style.css", "https://www.googletagmanager.com/gtag/js?id=UA-131832170-1", "https://www.hostrocket.com/contact-files/contact-form.js", "https://www.hostrocket.com/css/style-nophone.css", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js", "https://m.bds247.vn/view/js/page.js 443 Script", "http://www.primopdf.com/", "http://polyfill.alicdn.com/", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "bexar api 3.pdf", "www.bexar.org - urlscan.io.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "rule MALWARE_OneNote_Delivery_Jan23 { meta: author = \"SECUINFRA Falcon Team (@SI_FalconTeam)\" descri" ], "malware_families": [ "Vd", "E74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 elf :mirai- malware gh\\ [trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "Mirai" ], "industries": [ "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 11, "pulses": [ { "id": "668bfcb0b48a387b9d2c8562", "name": "Ministerstwo Finans\u00f3w - Portal Gov.pl", "description": "Pliki cookie zosta\u0142y ju\u017c zapisane i wydrukowane.\n5852be629358e18160c5483bfc8c9f0023b974565f2d59ce7f4497cc734b4ecd 30 pa\u017a 2022 b8a2476b55132fdf0531d6cd48126b759dc08a8f5b019917b62373e536a0b8c9 26 pa\u017a 2022 2700fbe4001e27ba55d72841817b0b9454954b496f21e4259c88919027172694 6 wrze\u015bnia 2022 r. 91da570586b7c04e3012215469ed8b8c5aa036068cc48ba7a7ac0d8cce34290e 5 wrze\u015bnia 2022 r. 1757d8363e28b35b9e29c44d0bc87e2a03d90ca50dadd780924528e0a13d49e1 31 sierpnia 2022 r. fe5744ed48406b90eae1747aab5386645406ad61cdc629ebc7ded97aa099ae28 30 lipca 2022 r. c730bac7a1da3b6263e7672c85cb4deb229c45479bd64bc7194a9a8bb16b8cb6 16 lipca 2022 r. 177b428ac63ad3b6c606ed11b33c9fc4d79f6ff5e6b3ac3ee849f1e2d1f2c903 16 lipca 2022 r. a35121637b79b7d926b63afceae409fdb35c14ad5431ecd199179622e1711ca6", "modified": "2024-10-17T05:28:49.118000", "created": "2024-07-08T14:50:24.496000", "tags": [ "polskiej", "przejd", "usugi dla", "logowanie", "profil zaufany", "skarbowa", "zobacz", "ksef", "zastpca szefa", "stopka", "rada", "inquest labs", "vba project", "vbaproject", "kopiuj md5", "kopiuj sha1", "skopiuj sha256", "sha1", "sha256", "typ tekst", "opis tekst", "ascii md5", "rozmiar", "typ dane", "pdf c", "text c", "ounizeto", "validation ca", "sha2", "odigicert inc", "cusa", "authority", "rsa ca", "cncertum domain", "cngeotrust ev", "oglobalsign", "unicode", "z bom", "crlf", "rgba", "dane obrazu", "tekst utf8", "v2 dokument", "dane", "dokument html", "jpeg", "skrt", "opis", "poczenie", "wifi", "start", "nazwa typ", "md5 nazwa", "procesu plik", "pe32", "intel", "pejzasz", "ms windows", "plik dokumentu", "nie c", "win32 exe", "crt.sh", "ct", "certificate transparency", "certificate search", "ssl certificate", "sectigo", "comodo ca", "comodo", "tls web", "criteria id", "647257375", "timestamp entry", "log operator", "log url", "google https", "ca mechanism", "provider status", "error", "log id", "647257567", "summary leaf", "sectigo https", "expired", "certificate", "lets", "key usage", "identifier", "551852229", "digicert https", "479894151", "479896285", "tylne drzwi", "win32", "imphasz", "wirustotal", "emaile", "emaile pnewell", "emaile khunter", "emaile eooshea", "emaile regadmin", "microsoft excel", "wed jan", "submission", "vhash", "ssdeep", "file type", "ms excel", "xls magic", "file v2", "document", "number", "algorithm", "certum", "unizeto", "warszawa", "31915086", "nitro pro", "nitro sign", "nitro", "nitro pdf", "primopdf", "pdfs", "business nitro", "pdf nitro", "pdf pro", "desktop", "premium", "service", "ja3s", "mnie", "sysv", "lsb executable", "eabi4 version", "msb executable", "mips", "mipsi version", "trojan", "imphash", "pehash", "name type", "md5 process", "fault", "header", "bezterminowo", "adres url", "nazwa hosta", "ipv4", "ccie asnas8075", "nie mona", "trojandropper", "url skryptw", "domeny a", "kliknij", "prbka skrt", "uwzgldnij", "nieobecny", "procesu", "ascii z", "ascii bez", "mirai", "win32virut", "procesu zastpy", "tekst ascii", "z terminatorami" ], "references": [ "http://www.mf.gov.pl/tutaj/a./p/body/html", "https://www.mf.gov.pl/tutaj/a./p/body/html", "https://mdec.nelreports.net/api/report?cat=mdocs", "https://crt.sh/?id=647257375", "https://crt.sh/?id=647257567", "https://crt.sh/?id=551852229", "https://crt.sh/?id=479894151", "https://crt.sh/?id=479896285", "https://crt.sh/?d=49659844", "https://crt.sh/?id=31915086", "http://www.primopdf.com/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Mirai", "display_name": "Mirai", "target": null }, { "id": "e74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 ELF :Mirai- MALWARE GH\\ [Trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "display_name": "e74755ff8b4927e257566302296e17e5d28cef17a6daf287cda9e63ce6c6f575 ELF :Mirai- MALWARE GH\\ [Trj] 23 pa\u017a 2016 bf0f346f4a51732e31d88eb47dcac82c7f7ed973312926819f1e1023b9c51121 23 pa\u017a 2016 5a92b73f354d54b9", "target": null } ], "attack_ids": [ { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 127, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 627, "email": 41, "FileHash-SHA1": 1565, "FileHash-SHA256": 5520, "URL": 1821, "FileHash-MD5": 1861, "SSLCertFingerprint": 10, "domain": 167, "IPv4": 31, "YARA": 7, "CVE": 7 }, "indicator_count": 11657, "is_author": false, "is_subscribing": null, "subscriber_count": 128, "modified_text": "591 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "66831f04ad169d3b685c9645", "name": "Win.exe , Bootstrapper.exe , pl.microsoft.com , microsoft.com/pki/certs/MicRooCerAut_2010", "description": "rule UPX { meta: author = \"kevoreilly\" description = \"UPX dump on OEP (original entry point)\" cape_options = \"bp0=$upx32+9,bp0=$upx64+11,action0=step2oep\" strings: $upx32 = {6A 00 39 C4 75 FA 83 EC ?? rule Windows_Generic_Threat_5c18a7f9 { meta: author = \"Elastic Security\" id = \"5c18a7f9-01af-468b-9a63-cfecbeb739d7\" fingerprint = \"68c9114ac342d527cf6f0cea96b63dfeb8e5d80060572fad2bbc7d287c752d4a\" creation_date = \"2024-01-21\" last_modified = \"2024-02-08\" threat_name = \"Windows.\ndca60557a1f47948d7158ba9f56ad8656bd0b343488264e23037fd66174e3cd5\nb4f7ace176d0eeba828e7c03f39befb30355223860d14e6ca4422fdb81778df7\nPr\u00f3bka Cuckoo-843b85c493b8a9048b2ab73a9d1a8.cab - polecenie Microsoft Office.\nResearchers have decoded a new set of data on how to store data in a safe and easy-to-use digital format, as well as the results of a series of tests on the subject.", "modified": "2024-10-14T20:36:07.924000", "created": "2024-07-01T21:26:27.623000", "tags": [ "no expiration", "filehashsha256", "hacktool", "expiration", "win32autokms no", "filehashmd5", "filehashsha1", "virus", "sha1", "win32", "trojan", "ransom", "pejzasz", "vhash", "imphash", "ssdeep", "hash", "skrt", "y pkmsauto", "crlf", "dodaj", "hostsettings", "v wczono", "t regdword", "powershell", "nowy", "pe32", "intel", "ms windows", "nazwa typ", "md5 nazwa", "procesu", "vs2013", "rticon neutral", "compiler", "submission", "file version", "chi2", "contained", "authentihash", "pehash", "uacme akagi", "cobalt strike", "detects", "roth", "sliver stagers", "highvol", "detects imphash", "zero", "virustotal", "detection rule", "license", "arnim rupp", "whasz", "github", "postpuj zgodnie", "przegld", "danie id", "github og", "url https", "error", "toast", "clientrender", "date", "promise", "65536", "client env", "alloy", "rangeerror", "staff", "upx dump", "security", "license v2", "e8 ff", "fc ff", "ff ff", "e8 f7", "c3 e8", "e8 db", "f0 c9", "c8 ff", "c9 c3", "c4 a8", "a7 ff", "f1 e8", "ec c7", "f0 c0", "c1 e9", "ec e8", "ff e8", "a3 a4", "db e2", "b0 e9", "e8 ba", "b9 f3", "e4 f8", "ff e9", "eb ed", "b6 b3", "b6 bb", "c8 f7", "c6 a8", "f6 c1", "b0 d7", "df e0", "c4 f0", "fc e8", "cf e5", "f8 ff", "f7 ff", "cc cc", "c3 b8", "b9 ff", "ff f3", "ab aa", "f7 f9", "b8 c7", "be ad", "ef be", "ad de", "e9 cd", "c4 f4", "fe ff", "d1 fa", "fa fc", "f3 a6", "fb ff", "fc c6", "fc eb", "e8 ed", "fb d1", "b6 f8", "c7 c7", "ec d0", "b6 d2", "ff e1", "c0 ac", "c1 e3", "c3 aa", "c2 c1", "d3 f7", "fc c7", "win32 cabinet", "selfextractor", "pecompact", "yarahub", "yara", "repository", "hub", "repo", "malware_onenote_delivery_jan23", "yara rule", "team", "sifalconteam", "yarahub entry", "rule details", "malpedia family", "rule matching", "content copy", "download rule", "malware", "cc by", "vbscript", "sub autoopen", "getobject", "batch" ], "references": [ "https://github.githubassets.com/assets/ui_packages_react-core_create-browser-history_ts-ui_packages_safe-storage_safe-storage_ts-ui_-682c2c-2c0ad573fa49.js", "https://yaraify.abuse.ch/yarahub/rule/MALWARE_OneNote_Delivery_Jan23" ], "public": 1, "adversary": "rule MALWARE_OneNote_Delivery_Jan23 { meta: author = \"SECUINFRA Falcon Team (@SI_FalconTeam)\" descri", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 361, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "Arek-BTC", "id": "212764", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_212764/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 14732, "FileHash-MD5": 4316, "FileHash-SHA1": 3405, "YARA": 181, "URL": 4793, "domain": 1717, "hostname": 4354, "IPv4": 107, "IPv6": 845, "email": 26, "CVE": 13, "FilePath": 1 }, "indicator_count": 34490, "is_author": false, "is_subscribing": null, "subscriber_count": 145, "modified_text": "593 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "657096b22a51f1cc56dcfb53", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "", "modified": "2023-12-06T15:43:46.083000", "created": "2023-12-06T15:43:46.083000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "domain": 134, "FileHash-SHA256": 82, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708e254b734f1efd8bd0ad", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "", "modified": "2023-12-06T15:07:17.380000", "created": "2023-12-06T15:07:17.380000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 3, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1645, "URL": 8598, "domain": 1004, "hostname": 2066, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65708c13ee010f81d3f9b3af", "name": "Malware hosting - hostrocket.com", "description": "", "modified": "2023-12-06T14:58:27.115000", "created": "2023-12-06T14:58:27.115000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 232, "hostname": 963, "domain": 412, "URL": 2337, "email": 3, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3949, "is_author": false, "is_subscribing": null, "subscriber_count": 109, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "65707fe17dfdfe16066d16de", "name": "Bexar.org", "description": "", "modified": "2023-12-06T14:06:25.800000", "created": "2023-12-06T14:06:25.800000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "StreamMiningEx", "id": "262917", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-SHA256": 1735, "hostname": 1833, "domain": 1025, "URL": 4668, "email": 4, "FileHash-MD5": 133, "FileHash-SHA1": 6, "CIDR": 5 }, "indicator_count": 9409, "is_author": false, "is_subscribing": null, "subscriber_count": 110, "modified_text": "907 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63dbbf6ae4f5433c2bab52e9", "name": "172.217.16.232 BT home router network attack 10th May 2022 - those HTTP headers and JS scripts are taking over the world", "description": "A guide to some of the key methods used by the web browser, jQuery, to create web pages and add links to the search engine and other parts of its web address system, as well as the address bar.", "modified": "2023-03-04T13:00:43.098000", "created": "2023-02-02T13:49:30.620000", "tags": [ "null", "copyright", "jan sorgalla", "built", "bill scott", "http", "error", "function", "title", "method", "play", "fast", "click", "return", "href", "target", "span", "pass", "linear", "timebuff", "block", "trigger", "nivoslider", "display", "width", "show", "next", "arrow", "restart", "stop", "iframe", "alpha", "factory", "type", "handle", "sizzle", "match", "check", "make sure", "elem", "name", "regexp", "hooks", "false", "date", "class", "internal", "done", "bind", "test", "body", "copy", "hold", "mozilla", "logic", "flash", "jquery", "fall", "bubble", "prop", "meta", "middle", "mark", "thus", "form", "script script", "a li", "div div", "mua bn", "link", "a div", "trang ch", "gii thiu", "tin tc", "header http2", "gmt cache", "gmt server", "litespeed", "443 ma2592000", "172.217.16.232", "http://lhr48s28-in-f8.1e100.net" ], "references": [ "[object Object] is a string representation of an object instance. Take this example: When the alert runs, it returns [object Object] in the alert modal. It tries to return a string representation of what was passed into alert, but because the engine sees this as an object, and not a string, it tells us that its an instance of an Object instead.", "443 Header\tHTTP/2 200 x powered by: PHP/7.4.29 set cookie: PHPSESSID=9158e16820bdbb5be0d1faa520b7dc19 path=/ expires: Thu 19 Nov 1981 08:52:00 GMT cache control: no store no cache must revalidate pragma: no cache content type: text/html charset=UTF 8 date: Thu 02 Feb 2023 13:37:37 GMT server: LiteSpeed alt svc: quic= :443 ma=2592000 v= 35 39 43 44", "whitelists are really not the way forward unless you validate the integrity often Speedtest are also being screwed with ie allowing your neural controlled network out on a temp basis to prevent you from ousting the APT controlling your home broadband / wifi network", "xml version= 1.0 encoding= utf 8 DOCTYPE html PUBLIC //WAPFORUM//DTD XHTML Mobile 1.0//EN http://www.wapforum.org/DTD/xhtml mobile10.dtd html xmlns= http://www.w3.org/1999/xhtml head meta http equiv= Content Type content= text/html charset=utf 8 / title mua bn nh t cho thu nh t sang nhng sang nhng ca hng /title meta name= copyright content= 2010 2020 bds247.vn / meta name= google site verification content= suyiBYZARDnZ4zGeoAiF VajqMQ0pgLGnEm69aZ aIY / meta name= robots content= index follow / meta name= key", "https://m.bds247.vn//view/js/jquery6_1.js 443", "https://www.googletagmanager.com/gtag/js?id=G-56M7ZWVN9L", "https://m.bds247.vn/lib/nivo-slider/slider.js 443 Script", "https://m.bds247.vn/view/js/page.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js 443 Script", "https://m.bds247.vn/lib/pikachoose/lib/jquery.pikachoose.js", "This is the full text of the XHTML mobile10.dtd.xml, which is based on the code created by the developers of Google's search engine, iPlayer and other sites.", "https://m.bds247.vn//view/js/jquery6_1.js", "https://m.bds247.vn/lib/nivo-slider/slider.js", "https://m.bds247.vn/lib/pikachoose/lib/jquery.jcarousel.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1056", "name": "Input Capture", "display_name": "T1056 - Input Capture" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" }, { "id": "T1546", "name": "Event Triggered Execution", "display_name": "T1546 - Event Triggered Execution" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 802, "hostname": 392, "FileHash-SHA256": 82, "domain": 134, "FileHash-MD5": 1 }, "indicator_count": 1411, "is_author": false, "is_subscribing": null, "subscriber_count": 93, "modified_text": "1184 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6280921bfbaf2aace62511f1", "name": "1688.com .. 404-\u963f\u91cc\u5df4\u5df4", "description": "Alibaba", "modified": "2022-06-14T00:00:05.659000", "created": "2022-05-15T05:39:39.040000", "tags": [ "typeerror", "object", "typeof t", "symbol", "typeof e", "typeof self", "webpackrequire", "typeof n", "json", "math", "body", "copyright", "apoorv saxena", "typeof", "typeof define", "detect ie", "typeof document", "substring", "\u963f\u91cc\u5df4\u5df4\uff0c1688\uff0c\u5fae\u5546\uff0c\u5fae\u5e97\uff0c\u8d27\u6e90\uff0c\u5973\u88c5\u6279\u53d1\uff0c\u7537\u88c5\uff0cb2b\uff0c\u6279\u53d1\uff0c\u91c7\u8d2d", "typeof symbol", "promise", "error", "date", "createclass", "array", "this", "typeof lib", "null", "mozilla", "regexp", "typeof require", "xmlhttprequest", "license", "xdomainrequest", "aplusscore", "s1e4", "cfunction", "html5", "span", "button", "android", "jupdate", "void", "webview", "kraken", "nundefined", "xfunction", "zfunction", "chrome", "xuexi", "nullj", "area", "mtopwvplugin", "activexobject", "post", "options", "function", "head", "delete", "false", "trace", "patch", "unknown", "alipay", "ff6a00", "opacity100", "opacity0", "f2f3f7", "e6e7eb", "f7f8fa", "helvetica neue", "helvetica", "tahoma", "arial", "\u963f\u91cc\u5df4\u5df4\uff0c\u91c7\u8d2d\u6279\u53d1\uff0c1688\uff0c\u884c\u4e1a\u95e8\u6237\uff0c\u7f51\u4e0a\u8d38\u6613\uff0cb2b\uff0c\u7535\u5b50\u5546\u52a1\uff0c\u5185\u8d38\uff0c\u5916\u8d38\uff0c\u6279\u53d1\uff0c\u884c\u4e1a\u8d44\u8baf\uff0c\u7f51\u4e0a\u8d38\u6613\uff0c\u7f51\u4e0a\u4ea4\u6613\uff0c\u4ea4\u6613\u5e02\u573a\uff0c\u5728", "1688", "1000", "yunos", "lazada", "http response", "gmt contenttype", "vary" ], "references": [ "xfe-URL-1688.com-stix2-2.1-export.json", "xfe-IP-47.89.52.178-stix2-2.1-export.json", "https://page.1688.com/shtml/static/wrongpage.html", "http://polyfill.alicdn.com/", "xfe-URL-Alijk.com-stix2-2.1-export.json", "http://i.alicdn.com/", "http://is.alicdn.com/", "http://1688.com/", "https://mind.1688.com/wap/wapsy/dke4eosa0/index.html?no_cache=true&pageId=1150842&cms_id=1150842&src=desktop", "xfe-URL-mind.1688.com-stix2-2.1-export.json", "https://g.alicdn.com/secdev/sufei_data/3.9.9/index.js", "https://g.alicdn.com/alilog/mlog/aplus_wap.js", "https://mind.1688.com/zsh/zsh/d9my57ugj/index.html", "https://gw.alipayobjects.com/os/lib/lozad/1.16.0/dist/lozad.min.js", "http://g.alicdn.com/assets-group/croco/0.0.8/index.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 15, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 8598, "hostname": 2066, "domain": 1004, "FileHash-SHA256": 1645, "FileHash-MD5": 3 }, "indicator_count": 13316, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "1447 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "627967e42ba7034ecd1f3156", "name": "ioflood.com", "description": "var b[f, g.g, is a new addition to the list of characters that can be added to a singleElement, as well as a set of numbers, if they are new.", "modified": "2022-06-08T00:03:25.734000", "created": "2022-05-09T19:13:40.111000", "tags": [ "regexp", "null", "width", "function", "array", "attr", "class", "css1compat", "string", "invalid json", "vd", "number", "copyright", "ienew ca", "date", "closure library", "error", "quota", "aafunction", "dafunction" ], "references": [ "xfe-URL-https___ioflood.com_-stix2-2.1-export 2.json", "https://www.googletagmanager.com/gtag/js?id=UA-131832170-1", "https://ioflood.com/jquery-1.6.4.min.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [ { "id": "Vd", "display_name": "Vd", "target": null } ], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 1249, "hostname": 462, "FileHash-SHA256": 96, "domain": 256 }, "indicator_count": 2063, "is_author": false, "is_subscribing": null, "subscriber_count": 69, "modified_text": "1453 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "625f492a0581b2eb202e47c9", "name": "Malware hosting - hostrocket.com", "description": "ChunkLoadError, a new type of error, failed to load a chunk of JavaScript, according to the web browser operator, E.noconflict.com, as well as the website itself.", "modified": "2022-05-19T00:00:49.028000", "created": "2022-04-19T23:43:38.539000", "tags": [ "jxuiwidget", "null", "function", "jxuihtmldiv", "date", "jxuilabel", "zendesk chat", "regexp", "api update", "jxuihtmla", "window", "chat", "void", "error", "loader", "back", "click", "close", "agent", "hello", "form", "banned", "cookie", "small", "legacy", "direct", "colorbox core", "style", "user style", "colorbox", "html", "6deg", "e5e5e5", "dbdbdb", "d2d2d2", "eaedef", "michael farrell", "home", "helvetica", "ssd shared", "page", "formnum", "hidden", "current", "hostrocket", "dotblock", "fast", "href", "price slider", "tooltip", "dotblock popup", "callback", "rect", "cycle plugin", "number", "auto", "shuffle", "manual", "roll", "speed", "stop", "false", "first", "look", "copyright", "gpl version", "http", "document", "ui effects", "width", "left", "bottom", "this", "atom", "html id", "price", "timer", "value", "processor", "example", "storage", "string", "class", "thecookie", "create", "thevalue", "param", "type", "pluginscookie", "author", "jquery", "u00a0", "option", "body", "optgroup", "multiple", "selectboxhover", "selectbox", "label", "control", "slideshow", "jack moore", "mit license", "overlay", "wrapper", "content", "loadedcontent", "loadingoverlay", "next", "iframe", "array", "attr", "tools", "ui library", "no copyrights", "or licenses", "like", "media", "john resig", "dual", "gtmkw8b5l", "classes", "host", "path", "element", "trackpageview", "typeerror", "typeof symbol", "typeof e", "typeof t", "referenceerror", "promise", "script", "boolean", "typeof n" ], "references": [ "xfe-URL-hostrocket.com-stix2-2.1-export 2.json", "https://www.googletagmanager.com/gtm.js?id=GTM-KW8B5L", "https://www.hostrocket.com/js/jquery-1.6.1.min.js", "https://www.hostrocket.com/js/jquery.tools.min.js", "https://www.hostrocket.com/js/jquery.colorbox-min.js", "https://www.hostrocket.com/js/jquery.selectBox.min.js", "https://www.hostrocket.com/js/jquery.cookie.js", "https://www.hostrocket.com/js/jquery.price_slider.js", "https://www.hostrocket.com/js/jquery-ui-1.8.13.custom.min.js", "https://www.hostrocket.com/js/jquery.cycle.all.js", "https://www.hostrocket.com/js/jquery.behavior.js", "https://www.hostrocket.com/contact-files/contact-form.js", "https://www.hostrocket.com/css/style.css", "https://www.hostrocket.com/css/colorbox.css", "https://www.hostrocket.com/css/style-nophone.css", "https://v2.zopim.com/bin/v/widget_v2.329.js" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1547", "name": "Boot or Logon Autostart Execution", "display_name": "T1547 - Boot or Logon Autostart Execution" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "adjadex1@gmail.com", "id": "187163", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "hostname": 963, "email": 3, "domain": 412, "URL": 2338, "FileHash-SHA256": 232, "FileHash-MD5": 1, "FileHash-SHA1": 1 }, "indicator_count": 3950, "is_author": false, "is_subscribing": null, "subscriber_count": 68, "modified_text": "1473 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "default.call", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "default.call", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780246503.6085744 }